Topic: Multiple IP Addresses on Single NIC - External

[shawnbishop]

Good Day

We have a block of IP addresses we want to assign to a single NIC, which would allow us to create rules for all these IP addresses, will the following work??

http://forums.contribs.org/index.php/topic,10783.0.html

As such

talking about ipAliasing (assigning multiple IP's to one NIC) just edit the files in /etc/sysconfig/network-scripts.  Copy ifcfg-ethX to ifcfg-ethXa and modify the device to ethX:1 where X is the interface number.  For each aliased device create a ifcfg-ethX where letter is the respective alphabetic letter corresponding to the device, etc etc to assign as many IP addresses as possible to the device.  Note that you must also modify the IP Address, Subnet, etc.  You can also add a GATEWAY=aaa.bbb.ccc.ddd if the default gateway has changed.  By doing this you shouldn't affect the templates because they are only concerned with the eth0 and eth1 interfaces, hence ifcfg-eth0 and ifcfg-eth1 respectively.

or should I use proxy_pass to do it??

[shawnbishop]

Nobody try this on any of their boxes???...

I might try it and see what happens, just wasnt sure how to write the templates for the multiple IP addresses..

[Elliott]

I've never tried but am interested in your methods and results.

[CharlieBrady]

or should I use proxy_pass to do it??

That depends on what problem you are trying to solve. Why do you have more than one IP address and what do you want to use the others for?

[shawnbishop]

Hi

What I have is a block of IP addresses..say from XXX.XXX.XXX.190 to XXX.XXX.XXX.195, I would like these all on the same NIC, so if I ssh to ....190, I can port forward to a server internally, but if I ssh to a .....194 , I can be port forwarded to another server...I know I can put another FW in front of the server, but was wondering if this can be done??, maybe run anothe

[Elliott]

I think your issue is easier solved by using the port forwarding feature built into SME and just use different external ports.

For example you could listen on the single external IP on ports 1125-1130 and redirect that to internal machines 192.168.1.5 - 192.168.1.10 on port 22.

The only other thing you would need to do is modify your ssh client so that you are adding the -p [port] modifier to hit the non-standard ports from the outside network.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Now my needs are a little different. I've got four different /24 networks in my building and I'd love to be able to multihome the external NIC to have an ip on more than one of them so that I could always tunnel in if the main line went down.

-E

[Stefano]

Now my needs are a little different. I've got four different /24 networks in my building and I'd love to be able to multihome the external NIC to have an ip on more than one of them so that I could always tunnel in if the main line went down.

so please open another topic, thank you

Stefano

[shawnbishop]

Hi Elliot

Not what I was looking for, I am aware of how to change ports and tunnel etc...

I want to bind 5 Static IP addresses to 1 NIC, so...eg

A record for www.test.com : XXX.XXX.XXX.XX1
A record for www.home.com : XXX.XXX.XXX.XX2

and so forth, so if you typed in a URL you would go to website on the SME...also you can then say SSH to that URL and get to a server behind the SME..and so forth...

Cheers, I guess it cant be done and I will have to put psense or ipCOP in front of it...in saying that is it possible to run ipcop in a VMware and make it the "front" firewall for the SME??, I will start another thread for it..

[Elliott]

so please open another topic, thank you

Stefano

Nah... not that important at this point. Don't want to bother anyone.

[CharlieBrady]

I want to bind 5 Static IP addresses to 1 NIC, so...eg

A record for www.test.com : XXX.XXX.XXX.XX1
A record for www.home.com : XXX.XXX.XXX.XX2

and so forth, so if you typed in a URL you would go to website on the SME...

You don't need separate A records to host multiple websites on SME.

also you can then say SSH to that URL and get to a server behind the SME..

You don't SSH to URLs. You ssh to a hostname or IP address, with an optional port number. You've already been told how you can SSH to different machines via a single IP address, using port forwarding and ssh client configuration.

Are there any *other* reasons you think you want multiple IP addresses?

[shawnbishop]

Charlie...I am aware of all the above...!

I know you dont need separate IP addresses to host multiple A records..

I think you just answer post to up your number of posts...( sorry to be so blunt)

To give you the long winded version...out Router has 5 Static IP addresses assigned to it., the firewall is disabled due to the fact SME will be the FW, so the following is the setup

Internet Cloud ---- Router ( XXX.XXX.XXX.XX1) ---- SME (XXX.XXX.XXX.XXX2) ---Internal NIC 10.0.0.1....

But as there are 5 static IP, I want the following

Internet Cloud ---- Router (XXX.XXX.XXX.XX1)----SME (XXX.XXX.XXX.XXX2)
                                                                           (XXX.XXX.XXX.XXX3)   ----Internal NIC
                                                                           (XXX.XXX.XXX.XXX4)
                                                                           (XXX.XXX.XXX.XXX5)

SO some developers SSH to a certain IP address, other SSH to another IP address ( URL ---was a typo error, but we have hostnames assigned to these IP addresses.), so SME will be all of these hostnames..etc..and these IP addresses are forwarded...

I see that SME cannot do it, and fully aware of it, was wondering if somebody had a hack ( yes---again aware of security issues)..

I will have to use ipCOP to do the above.,....

[CharlieBrady]

I know you dont need separate IP addresses to host multiple A records..

That's not what I said.

I think you just answer post to up your number of posts...( sorry to be so blunt)

That's both rude and incorrect.

As a developer I'm trying to understand what you need, or think you need. As a knowledgeable  fellow user I am trying to understand your needs in order to advise you. If you wish to host multiple websites, and have SSH access to multiple machines via SME server, it is possible without modifying SME server, using one IP address, but you will need to use different ports for SSH.

If you insist on using different IP addresses, and standard SSH port, rather than one IP address and different ports, then you are doing it the hard way, and will have to significantly modify the SME server network configuration and firewalling code.

[shawnbishop]

Hi Charlie

Wasnt meant to be rude, but you clearly say

You don't need separate A records to host multiple websites on SME.

I am aware of your knowledge and your participation in the SME project.

I will kill this thread as it isnt helping and look at putting an alternative FW in front of the SME.