Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: jasonv on May 03, 2006, 06:34:44 PM

Title: bind to multiple external IPs?
Post by: jasonv on May 03, 2006, 06:34:44 PM

I've been scanning the forums and documentation for this.. if it's been addressed I've missed it.

For the SME installation I'm considering, I need the SME box to answer for 4 external IPs and I need to be able to write firewall rules for all interfaces. Is this a relatively straightforward thing to do? I'm still working my way through templates.

Thanks.

Title: Re: bind to multiple external IPs?
Post by: Boris on May 03, 2006, 08:23:05 PM

Quote from: "jasonv"

IIs this a relatively straightforward thing to do?

Not really. SME server is not designed for this role. It would be easier to install a dedicated flexible firewall-only box in front of SME to handle this task.
IPCop, M0n0Wall, GB-Ware, Mikrotik or something else on this nature will serve you better. Leave SME server as your internal "everything else" box (filesharing, e-mail, web etc..)

Title: bind to multiple external IPs?
Post by: jfarschman on May 03, 2006, 09:25:43 PM

Jason,

  The only thing i have seen that is even close to what you want is called 1-1NAT or 1-to-1 NAT.  It allows you to add a second address, that point straight through to a single inside address.

  Probably easier, as Boris said, to use a second box for this complicated firewall/router functionality and leave the SME unmodified and happy... but the 1-1NAT stuff might get you pointed in the right(wrong) direction.

  Good luck.

Title: bind to multiple external IPs?
Post by: jasonv on May 03, 2006, 09:33:05 PM

Actually, I'm not looking for 1-1 NAT to internal machines. I'm just looking to map multiple IPs to the external interface and write redirect rules for various ports across those IPs internally. We've got an entry level firmware router (eSoft Instagate 305, which, we hate, so don't misunderstand me.. not comparing the two :-).

If that clarification help the prognosis at all...

Title: bind to multiple external IPs?
Post by: jfarschman on May 03, 2006, 10:12:01 PM

No,

  That doesn't really help the prognosis.  You may want to look at 1-to-1 NAT because it writes the IPTABLES information for you.  If you see how it's done, maybe you can do it yourself.

  Or better... use Boris's idea and build a m0n0wall.  Nice system, free and flexible.

  The problem with changing the IPTABLES is that lots of templates are going to interact in IPTABLES.  I'm not sure you could easily add the additional address in without breaking something.... if not today, then some time tomorrow.  SME is not really designed for the configuration your are talking about.  :roll: