Topic: gateway with only 1 NIC - can this be done?

[SoftDux]

Hi all

Before you jump in & tell me to search the forums, I have, and I couldn't find anything constructive.

How do I use SME with only 1 NIC. The reason for this? I have an ADSL modem, with 4 10/100 ports, and built-in Wifi. All the clients will connect via Wifi, except for the SME server, a HP printer & 1 PC right next to the modem. So, I don't, and cannot add, have another switch / wireless AP on the network. Adding two NIC's with different IP's onto the same switch isn't going to work either.

So, how do I set SME to work in gateway mode, with only 1 NIC? I'm more than happy to work with network aliases (eth0 = 192.168.0.1 & eth0:0 = 192.168.1.1)

[byte]

How do I use SME with only 1 NIC.

Server only mode.

So, how do I set SME to work in gateway mode, with only 1 NIC?

You can't, you will have to use Server only mode.

[Elliott]

I would think vitualization should be an option for you.

Perhaps installing SME using VirtualBox with 2 NICs in Vbox... you could run this from a Windows machine that's setup to handle your DHCP serving and for any special case clients you could use reservations in the DHCP manager.

Just my suggestion.

-E

[SoftDux]

Server only mode.

You can't, you will have to use Server only mode.

So you want to tell me that SME can't handle network aliases / VLAN's ?

Elliott, I can't afford to purchase Windows just for this. Then I could just as well have purchased MS Exchange, which totally defeats the purpose of something linux SME

[Elliott]

Elliott, I can't afford to purchase Windows just for this. Then I could just as well have purchased MS Exchange, which totally defeats the purpose of something linux SME

VirtualBox is in almost every current linux repository. Install Debain or Ubuntu on what will be the SME box and use VirtualBox or whatever other free Virt package you like... Then setup a Virtual machine with 2 NICs and install SME.

-E

p.s. Of course you will be taxing this system so I'd choose a very lightweight gui like fluxbox or at the worst, Xfce.

[SoftDux]

The defeats the purpose of SME then. Why would I want to setup 2 instances of Linux on the same machine, just to have a nice to use interface, and use the same NIC for 2 VLAN's? I have already setup CentOS & Fedora Core servers, with DRBD & Hearbeat, Cacti, Zimbra, RAID, etc etc, but it takes a lot longer to get working, and involves a lot of manual work.

Sme automatically sets up RAID, installes & configures Samba, VPN, email, etc - much less work, but it's limited and for me it's really just a glorified file server with email capabilities. When you hear "SME server" - what do you think? What do you expect? I at least expected a few basic linux stuff to be present, stuff that I can do with a base CentOS / Slackware / Debian / FC / FreeBSD install, with the added bonus of less time spent to setup a mail  & file server.

[jameswilson]

Buy a modem and use the existing as a switch / ap?

[Elliott]

Sounds like you're familiar with hacking around so good luck with getting this working. Since it's not currently supported (and I doubt it will be) if you do get it working a HOWTO would certainly be in order.

Sorry I couldn't help.

-E

[SoftDux]

I'm sorry to say it like this, but you're clearly new to linux, or UNIX for that matter.

Setting up a network alias is not hacking. It's far from hacking. creating a network alias (ifconfig eth0:0 xxx.xxx.xxx.xxx) is standard networking.

[root@sme ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0F:EA:DA:B6:B0
          inet addr:192.168.10.5  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:583 errors:0 dropped:0 overruns:0 frame:0
          TX packets:460 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:136999 (133.7 KiB)  TX bytes:163832 (159.9 KiB)
          Interrupt:217 Base address:0xa800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:251 errors:0 dropped:0 overruns:0 frame:0
          TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:16904 (16.5 KiB)  TX bytes:16904 (16.5 KiB)

[root@sme ~]# ifconfig eth0:0 192.168.1.5
[root@sme ~]# ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5) 56(84) bytes of data.
64 bytes from 192.168.1.5: icmp_seq=0 ttl=64 time=0.113 ms

--- 192.168.1.5 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.113/0.113/0.113/0.000 ms, pipe 2
[root@sme ~]# ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50) 56(84) bytes of data.

As you can see, this is done on the SME machine, so it's not something that needs to be hacked into the system.

The problem is that SME won't put the machine into gateway mode with just one nic. And to tell a client that the hardware he has is inferior isn't logical, especially not since the existing CentOS server does exactly what I'd like SME todo. I connects via 1 LAN cable to a Netgear DG834GT ADSL modem, which has Wifi & 4 network ports. Then there's a printer & a PC on the modem as well, leaving 1 LAN port open. They have 5 laptops connecting to the network, all getting their IP's / routing / DNS info from the Linux server, which also initiates the PPPoE connection & maintains the firewall.

[Elliott]

I'm not here to start a pissing match. The reason that I referred to this as hacking around is because you are going to have to take a packaged system and figure out a hack to get around the issue you're dealing with.

I'm plenty familiar with linux/unix and aliasing on NICs. I was simply wishing you luck HACKing around the system to get what you want.

Once again, good luck and if you get it working consider sharing a HOWTO with the rest of the community.

-E

[SoftDux]

I'm not trying to upset you, sorry about that.

It's just strange to me that something that works on every Linux distro doesn't work on SME, and it doesn't seem like it's being planned to implement it either.....

[shell]

The sme database uses key words such as ExternalIP in its templating system.  You pretty much have to use two network cards if you want to come out of server only mode.  There is extensive use of these keys to create the templating and automation which is what is attracting you to SME.  Unfortuantely you can't have one without the other.  My 2c would be to buy a cheap adsl modem, turn the adsl functionality off your existing wap / switch and put a second nic in.  Leave the existing modem/switch/wap in place for internal and use the new adsl modem as external.  Nice, simple and inside the SME framework.

Alternatively you can customise your SME however you see fit, but expect changes to the SME functionality that are not as you would expect, that will most likely be altered each time you update or perform other functions such as adding a virtual domain that call the SME events that utilise the SME database....

Just out of curiousity - if you did 'hack' the changes to make sme server - gateway mode off one nic how can you ensure a rogue client on the network traffic is going through the server and then out the adsl (ie using the server as a gateway) as opposed to being able to get the router as its gateway manually and be off?

Cheers,
Shell

[CharlieBrady]

The sme database uses key words such as ExternalIP in its templating system.  You pretty much have to use two network cards if you want to come out of server only mode.

There's simply no point in using Server Gateway mode unless you have two network cards. The whole point of Server Gateway mode is that the SME server acts as the gateway/firewall between the Internet and a protected LAN. If you don't have separate interfaces, SME server can't act in the firewall role, and you don't need Server Gateway mode - it's just a server, which may or may not be reachable from the Internet, depending on the rest of your network, and SME server's default gateway setting.

[SoftDux]

I'm sorry, but I don't agree with your point of view on this. Dissalowing anyone to setup a VLAN on Linux is, almost wrong. What's the point of using Linux for SME if you limit the usage of Linux itself?

I honestly don't see why a machine needs to NIC's to be in server mode. Why can't it run server mode with 2 virtual local area networks (VLAN's) on the same NIC? Why can it be so difficult to understand this request?

[thomasch]

I'm sorry, but I don't agree with your point of view on this. Dissalowing anyone to setup a VLAN on Linux is, almost wrong. What's the point of using Linux for SME if you limit the usage of Linux itself?

I honestly don't see why a machine needs to NIC's to be in server mode. Why can't it run server mode with 2 virtual local area networks (VLAN's) on the same NIC? Why can it be so difficult to understand this request?

SME not an ordinary linux distro.. the way it configures things, the way it handle installations is very special to SME, SME is linux flavoured distro, but most linux distro does not flavoured like SME.. just don't compare it with other distro.. SME is not CentOS although it's based on centOS.. and vice versa

I am sure now the developers understand what you want...
In SME, I think it is a new point of view of using gateway with just one NIC and VLAN/IP Aliasing...
thanks to bring it in..

All you have to do now is to admit that SME not configured to do what you want..
Put a NFR in bugzilla and pray hard... because I don't think it is as easy as to put a "Enable server-gateway mode with one NIC" button in server-manager

OR : do the customisation by yourself, and if it works, would you mind write a HOWTO for all of us ?