Topic: E-Smith Server & 2 networks

[Kenny W.]

I posted this message earlier, but nobody replied so I am posting it again.  Hope you can help me.

We actually run 2 separate networks where our admin server is separate from
our service/operations servers. We would like both sets of users to be able
to access a single DSL connection while maintaining independence on the
admin server from the rest of the users for security purposes. Thus the
requirement of having 2 separate secure connections. We are also concerned
about security over the DSL connection and what firewall/protection is
offered.

If we looked at your server software, would we still need a Nortel networks type
proxy server?

Ken

[Steve Brock]

You can do this with three ethernet cards in the e-smith machine.
I actually run my e-smith server on a laptop in a dock with 2 ethernet cards and a PCMCIA WaveLan card.  the local flat network is totally seperate from the WaveLan network. I had to do some tweaking to my e-smith box, but it works flawlessly. No additional hardware is needed.
You should be able to put three ethernet cards into your box and have two seperate networks, all from one box.

Kenny W. wrote:

> I posted this message earlier, but nobody replied so I am
> posting it again.  Hope you can help me.
>
> We actually run 2 separate networks where our admin server is
> separate from our service/operations servers. We would like
> both sets of users to be able to access a single DSL connection
> while maintaining independence on the admin server from the
> rest of the users for security purposes. Thus the requirement
> of having 2 separate secure connections. We are also concerned
> about security over the DSL connection and what
> firewall/protection is offered.
>
> If we looked at your server software, would we still need a
> Nortel networks type proxy server?
>
> Ken

[Kenny Watkins]

Steve,

How much "tweaking" was required?

Ken


Steve Brock wrote:

> You can do this with three ethernet cards in the e-smith
> machine. I actually run my e-smith server on a laptop in a dock
> with 2 ethernet cards and a PCMCIA WaveLan card.  the local
> flat network is totally seperate from the WaveLan network. I
> had to do some tweaking to my e-smith box, but it works
> flawlessly. No additional hardware is needed. You should be
> able to put three ethernet cards into your box and have two
> seperate networks, all from one box.
>
> Kenny W. wrote:
>
> > I posted this message earlier, but nobody replied so I am
> > posting it again.  Hope you can help me. > > We
> actually run 2 separate networks where our admin server is >
> separate from our service/operations servers. We would like
> > both sets of users to be able to access a single DSL
> connection > while maintaining independence on the admin
> server from the > rest of the users for security purposes.
> Thus the requirement > of having 2 separate secure
> connections. We are also concerned > about security over
> th....

[Steve Brock]

Not too much..  i had to install the pcmcia support, of course, but in your case you won't need to do that.
I actually just edited rc.local to bring up the second ethernet card, but e-smith probably will sense all three cards upon install.
I'm going to test that out now, since i'm curious too. i'll give you a full status report on what needs to be done
-steve

Kenny Watkins wrote:

> Steve,
>
> How much "tweaking" was required?
>
> Ken
>

[Steve Brock]

ok..  e-smith only sets up two cards, so here's what i did:
i didn't modify the templates to save time. you can go back in later and do that if you like.   i didn't bother.

first, you have to setup the third card...
cd /etc/sysconfig/network-scripts
cp ifcfg-eth0 ifcfg-eth2
pico ifcfg-eth2
(change the settings here to reflect the third network setup. you'll need to change: DEVICE=eth0 to DEVICE=eth2 and IPADDRESS,etc..etc..)

then, you need to setup masquerading for the new network...
cd /etc/rc.d/init.d/
pico masq
(take the last /sbin/ipchains line, the one that has --forward -J MASQ in it, and copy it right below itself. change the network after --source to eth2's network)

yup. quick and dirty.

Steve Brock wrote:

> Not too much..  i had to install the pcmcia support, of course,
> but in your case you won't need to do that. I actually just
> edited rc.local to bring up the second ethernet card, but
> e-smith probably will sense all three cards upon install. I'm
> going to test that out now, since i'm curious too. i'll give
> you a full status report on what needs to be done -steve
>
> Kenny Watkins wrote:
>
> > Steve, > > How much "tweaking" was
> required? > > Ken >
>