Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: mark on August 26, 2006, 01:34:50 AM

Title: second external ip address
Post by: mark on August 26, 2006, 01:34:50 AM

I need to run 2 external ip addresses on a sme 7 box.

I have copied /etc/sysconfig/network-scripts/ifcfg-eth1 to ifcfg-eth1:0 and edited it and I can ping the address and I can bind the service I want to that IP (there seems to be nothing in the templates that will overwrite this unlss I am missing something).

I need to open a single port on the firewall for this ip address and this is causing me problems. I can see that the external ip is configuired in /etc/e-smith/templates/etc/rc.d/init.d/masq/00Definitions as OUTERNET and I could create a custom template that creates OUTERNET:0 that defines the second external ip address but I am not sure how to create a custom template for the actual rule (will use tcp port 443 on second ip).

I would like to do this the 'sme' way rather than some crude hack so any suggestions appreciated.

cheers

Mark

Title: Re: second external ip address
Post by: frond on August 26, 2006, 02:39:29 AM

mark

>.. I am not sure how to create a custom template...

cp /etc/e-smith/templates/etc/rc.d/init.d/masq/00Definitions /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/

pico /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/00Definitions
(make your required changes)

expand-template /etc/rc.d/init.d/masq

/etc/init.d/masq restart

See the Dev Guide for additional info
http://no.longer.valid/phpwiki/index.php?Development

Let us know if your 2nd external IP idea works.

Title: second external ip address
Post by: mark on August 26, 2006, 03:09:03 AM

Hi frond

thanks for the reply

I wasnt very clear in my explanation.

I know how to create/expand templates - what I dont know is the syntax that I should include in the custom template relating to generating the correct iptables rule to allow the 2nd ipaddress to allow all tcp connections for port 443.

thanks

Mark

Title: second external ip address
Post by: mark on August 26, 2006, 10:33:14 PM

heres how I did it
cp /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth1:0
pico /etc/sysconfig/network-scripts/ifcfg-eth1:0 #change IP and card reference
reboot

#change ssh port to second ext IP
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cp /etc/e-smith/templates/etc/rc.d/init.d/masq/00Definitions /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cp /etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cp /etc/e-smith/templates/etc/rc.d/init.d/masq/42SetupPortForwarding /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
pico /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/00Definitions # add OUTERNET2=XXXX
pico /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/91adjustPortForward #change OUTERNET to OUTERNET2
pico /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/42SetupPortForwarding #change OUTERNET to OUTERNET2

mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config #this is only neccesary if you dont want 22 open to internet
cp /etc/e-smith/templates/etc/ssh/sshd_config/10Port /etc/e-smith/templates-custom/etc/ssh/sshd_config
pico /etc/e-smith/templates-custom/etc/ssh/sshd_config/10Port #change port to 10022
/sbin/e-smith/expand-template /etc/ssh/sshd_config
/etc/init.d/sshd restart

now port forward 443 to 127.0.0.1 10022


cheers Mark