Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: jmbac on September 10, 2007, 06:24:41 AM
-
Install Network Card (eth2)
(Use Same Ethernet card recommended)
My Network Setup
Ethernet PCI Card 1-eth0; EthernetDriver1 pcnet32 192.168.0.1 (LAN)
Ethernet PCI Card 2-eth1; EthernetDriver2 pcnet32 INTERNET (WAN)
Ethernet PCI Card 3-eth2; EthernetDriver3 pcnet32 192.168.1.1 (WLAN/VOIP)
1. /sbin/e-smith/config set EthernetDriver3 pcnet32
(check your installed network device driver at driver-server setup console)
2 mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ ifcfg-eth2
3. cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-eth2
4. cd /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-eth2
5. Rename ifcfg-eth0 to ifcfg-eth2
6. mcedit ifcfg-eth2...
#(change IP Address)
DEVICE=eth2
USERCTL=no
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
5. /sbin/e-smith/expand-template /etc/sysconfig/network-scripts/ifcfg-eth2
6. /sbin/e-smith/signal-event console-save
7. add the local network using server manager
(change IP Address)
Network 192.168.1.0 (WLAN Segment)
netmask 255.255.255.0
router 192.168.0.1 (Eth0 IP Address)
8..reboot system
9. Client PC Setup
-Provide Static IP Address to client PC..
10. able to access the server resources..
11. able to browse internet only through VPN
Issues- To do list (Please feel free to modify)
1. Not tested on real network segment (tested only on virtual network (Vmware))
2. Not able to browse internet.
3. Not able to ping or browse PC client on other LAN Segment.
4. NO DHCP IP for Clients
John
-
This has been posted more often and there is one big disadvantage as SME Server lacks proper support for encrypting connections with the third NIC and I guess that it will also not implement MAC filtering and other features to secure your wireless AP. The easiest and safest setup is to attach a wireless capable router to your LAN NIC (they come relatively cheap these days) and configure SME Server to see the LAN provided by this router a s a local network.
-
In addition to my previous post, please also read the statement of the development team by means of Gordon about the 3rd NIC not being supported: http://bugs.contribs.org/show_bug.cgi?id=1478#c3
On top as is suggested there you might want to implement iptables firewall rules as well, a search on "third 3rd +nic" yields a lot of pages of which some might be worth reading as well.
-
This has been posted more often and there is one big disadvantage as SME Server lacks proper support for encrypting connections with the third NIC and I guess that it will also not implement MAC filtering and other features to secure your wireless AP. The easiest and safest setup is to attach a wireless capable router to your LAN NIC (they come relatively cheap these days) and configure SME Server to see the LAN provided by this router a s a local network.
By default the router will use NAT. The SME server therefore won't see the individual IP addresses of the clients attached to the router. In that case, there is no need (or point) in declaring the router's LAN addresses as "local". OTOH, you won't be able to distinguish via the SME server's logs which client machines are connecting to which services.
Some router's can be switched from NAT mode to routing mode, and in that case you will need to declare a local network, and you will be able to distinguish different client machines in the SME server's logs.
In both cases you need to be careful with security on the router. FOr instance, allowing unsecured wireless access to the router will create an open mail relay. Don't do that.