Topic: adding extra gateway ip address

[neilh]

Hi all,

I've just installed the SME 7.4 for 15 email users and have found it easy to configure and use, thank you.

When installing it I decided to change the default gateway of the LAN for reasons that made sense at the time.

I have a corporate VPN that is configured to the old gateway and so can't connect any more. Is it feasible for me to add a temporary gateway IP address to the LAN side of the server to allow the VPN to connect and be reconfigured?

Thanks for any help,

Neil

[johnp]

I think you may need to provide more information regarding your setup.

[neilh]

I think you may need to provide more information regarding your setup.

Sorry, I'll try.

The previous network setup was a LAN with a gateway of 192.168.1.170 on an ADSL modem/router.

I have installed the SME with two NICs' one is gateway for the LAN (192.168.1.5) and the other (192.168.2.5) connects to the ADSL modem/router (192.168.2.1), the modem/router is currently setup to pass all traffic to the server.
We have a VPN box which is set to use the old gateway (192.168.1.170) I can't login to this VPN.
I want to try to add the old default gateway (192.168.1.170) temporarily to the SME whilst keeping the new gateway active so the VPN box can be updated with the new gateway (192.168.1.5). In effect the LAN NIC would have two IP addresses.

I hope that's a bit clearer, or maybe I need to do a diagram.
Thanks,
Neil

[johnp]

By all port open to the server, do you mean the SME? Are you adverse to using the built in PPTP VPN capability of the SME? You may be able to use it to gain access to your VPN box.

[neilh]

By all port open to the server, do you mean the SME? Are you adverse to using the built in PPTP VPN capability of the SME? You may be able to use it to gain access to your VPN box.

Yes, the adsl modem/router traffic passes everything to the SME. No I would like to use the PPTP VPN capability, however this may prove to be out of my control.

Thanks for taking the time to read my post,

[johnp]

Yes, the adsl modem/router traffic passes everything to the SME. No I would like to use the PPTP VPN capability, however this may prove to be out of my control.

Does the VPN box have 2 NICs?

You may have to do something like adsl ---> External Nic SME & VPN box ---> LAN
Open VPN ports to VPN box, all others to SME.
Then make a custom template for DCHP router to use VPN box as gateway

[neilh]

Does the VPN box have 2 NICs?

You may have to do something like adsl ---> External Nic SME & VPN box ---> LAN
Open VPN ports to VPN box, all others to SME.
Then make a custom template for DCHP router to use VPN box as gateway

No, the VPN has only one NIC and sits on the LAN.
 
Your comment did get me thinking though and after a bit of searching I came up with this. (I didn't want to trash the SME so I used another m/c on the LAN)

# ifconfig eth0:1 192.168.1.170 netmask 255.255.255.0
# ifconfig eth0:1 up

this added the ip address 192.168.1.170 to my current eth0 NIC and brought it up

# route add -net 192.168.1.170 netmask 255.255.255.255 gw 192.168.1.5

This, I think, will route everything on  192.168.1.170 to the gateway 192.168.1.5

It seems to have worked, the VPN can now be reconfigured remotely.

Thanks for your help johnp, after rereading my posts I'll work on asking better questions 

[CharlieBrady]

# ifconfig eth0:1 192.168.1.170 netmask 255.255.255.0
# ifconfig eth0:1 up

this added the ip address 192.168.1.170 to my current eth0 NIC and brought it up

The above should have been sufficient.

# route add -net 192.168.1.170 netmask 255.255.255.255 gw 192.168.1.5

This, I think, will route everything on  192.168.1.170 to the gateway 192.168.1.5

No, that is saying that all traffic for 192.168.1.170/255.255.255.255 should be sent via gateway 192.168.1.5. But traffic for 192.168.1.170 is local (internal) traffic, and doesn't need to be sent to a gateway,

Did you consider switching the SME server back to use 192.168.1.170? Wouldn't that have solved your problem?

[neilh]

No, that is saying that all traffic for 192.168.1.170/255.255.255.255 should be sent via gateway 192.168.1.5. But traffic for 192.168.1.170 is local (internal) traffic, and doesn't need to be sent to a gateway,

Thank you for clearing that up for me, I wasn't sure so probably shouldn't have mentioned it here.

Did you consider switching the SME server back to use 192.168.1.170? Wouldn't that have solved your problem?

It would, but the clients connection to the email server are still using the ip address (192.168.1.5) and not a hostname, I didn't want to disrupt people changing them over just yet.
When installing the server I had to decide whether to change the gateway or server IP, I decided to change the gateway. If I had been aware that our corporate VPN would need configuration I would probably gone the other way.