Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: michelpozio on July 12, 2017, 05:57:59 PM
-
Hello everybody,
My conf for now :
My SME-Server is in server-only mode,
and it accesses the internet through his local network.
It has one network card.
What I need to do :
I want my SME-Server to access an NFS share (for backup), this NFS share is on a NAS,
and this NAS is on a physicaly separate network.
So I added a second NIC in my SME-Server and connected it to this second physical network (private, 192.168.xx.xx).
Now,
I need to know how to do the sofware config for this second NIC :
SME-Server should access this private network, but without acting as gateway for this second network (in fact : not acting as gateway at all).
How can I do this ? Any help would be greatly appreciated :-)
(For information : for security reason, I don't want the NAS to be part of the first network, it should be isolated).
Thank you.
-
First step would be to define the interface, eg
db configuration set PrivateInterface interface Name eth1 IPAddress 192.168.18.1 Netmask 255.255.255.0 Configuration static
Then generate its conf
/etc/e-smith/events/actions/update-ifcfg
And see if it's working (not tested)
-
I forget to tell you that this SME is a SME Server 8.2, no plan to upgrade it soon unfortunately.
(I posted this here because forum for 8.x seems locked)
First step seems to work (command did not answered anything so it seems ok)
but second step answered a "file not found" like answer :
[root@www ~]# /etc/e-smith/events/actions/update-ifcfg
-bash: /etc/e-smith/events/actions/update-ifcfg: Aucun fichier ou répertoire de ce type
Probably due to this old 7 version ?
Directory /etc/e-smith/events/actions/ exists, but no update-ifcfg file in it :???:
Thank you for your answers.
-
Then, I'm afraid you'll be on your own. SME8 network stack was less flexible. You can try to manually configure your second NIC by creating the file /etc/sysconfig/network-scripts/ifcfg-eth1 (or eth2, not sure which interface it is).
-
michelpozio
.....this SME is a SME Server 8.2, no plan to upgrade it soon unfortunately.
Unfortunately then you are in for some extra work & hassles.
By the time you sort out how to do it on SME8.2 (if it is at all possible), you would have been able to upgrade to SME9.2 & run the command Daniel gave you, & have a server doing what you want, as well as being more reliable, secure & flexible (for future tweaks).
-
I subscribe 125% Janet's words
-
(I posted this here because forum for 8.x seems locked)
There's a reason for that: SME 8 is EOL and unsupported.
-
Thank you for your answers, upgrade will come soon ;-)
-
Thank you for your answers, upgrade will come soon ;-)
We can not blame you, SME is working, why upgrade unless we have a particular need ;)
Yes security and continuous support should be the primary motive ;)
-
Hello,
I have upgraded SME to last 9.2 version,
and now I'm trying to config the second NIC, eth1.
Doing :
# db configuration set PrivateInterface interface Name eth1 IPAddress 192.168.10.56 Netmask 255.255.255.0 Configuration static
# /etc/e-smith/events/actions/update-ifcfg
Verifying :
# ifconfig -a
dummy0 Link encap:Ethernet HWaddr 10:00:01:02:03:04
(...)
eth0 Link encap:Ethernet HWaddr 00:0C:29:95:3E:D0
inet adr:XX.XX.XX.XX Bcast:xx.xx.xx.xx Masque:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1527 errors:0 dropped:0 overruns:0 frame:0
TX packets:1537 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:152959 (149.3 KiB) TX bytes:181220 (176.9 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:95:3E:DA
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Boucle locale
(...)
... Not up.
Looking at : /etc/sysconfig/network-scripts/ifcfg-eth1
not configured :
xxxxxxxxx # more /etc/sysconfig/network-scripts/ifcfg-eth1
#------------------------------------------------------------
# !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
TYPE=Ethernet
DEVICE=eth1
USERCTL=no
ONBOOT=no
PEERDNS=no
IPV6INIT=no
IPADDR=1.1.1.1
Tried a reboot, same problem.
Do I missed something ?
Thanks.
-
More indepth (unsuccessfull) tries :
Whole config gives me :
# config show
(...)
EthernetDriver1=pcnet32
EthernetDriver2=unknown <--- ???
ExternalDHCP=off
ExternalInterface=interface
Configuration=disabled
Name=none
ExternalNetmask=255.255.255.0
GatewayIP=109.x.x.x
InternalInterface=interface
Broadcast=109.x.x.x
Configuration=static
Driver=pcnet32
IPAddress=109.x.x.x
NICBondingOptions=miimon=200 mode=active-backup
Name=eth0
Netmask=255.255.255.224
Network=109.x.x.x
LocalIP=109.x.x.x
LocalNetmask=255.255.255.224
MinUid=5172
PasswordSet=yes
PrivateInterface=interface <--- ???
Configuration=static
IPAddress=192.168.10.56
Name=eth1
Netmask=255.255.255.0
SMTPSmartHost=
(...)
It seem "EthernetDriver2" and "PrivateInterface / Driver" are missing,
so I tried adding them :
# db configuration set EthernetDriver2 pcnet32
# db configuration set PrivateInterface interface Name eth1 IPAddress 192.168.10.56 Netmask 255.255.255.0 Configuration static Driver pcnet32
# /etc/e-smith/events/actions/update-ifcfg
At this point "driver" info appear when doing a "config show".
ETH1 still not up, so rebooting : no change.
Tried one more thing : manual up ETH1 :
[root@www ~]# ifup eth1
Determining if ip address 1.1.1.1 is already in use for device eth1...
What ??? This is not my IP.
SME seems to not using my IP configuration for eth1... :-(
And it seems to not making eth1 up automatically, too.
# ifconfig -a
(..)
eth1 Link encap:Ethernet HWaddr 00:0C:29:95:3E:DA
inet adr:1.1.1.1 Bcast:1.255.255.255 Masque:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:1240 (1.2 KiB) TX bytes:360 (360.0 b)
(..)
So going back :
[root@www ~]# ifdown eth1
[root@www ~]# ifconfig -a
(..)
eth1 Link encap:Ethernet HWaddr 00:0C:29:95:3E:DA
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:2480 (2.4 KiB) TX bytes:360 (360.0 b)
(..)
Any idea to make it work ?
Do I need an extra command to apply conf to the system ?
Thanks.
-
looking at /etc/e-smith/templates/etc/sysconfig/network-scripts/ifcfg-ethX/00setup
die "Need to pass THIS_DEVICE in MORE_DATA\n" unless (defined $THIS_DEVICE);
$is_internal = (exists $InternalInterface{Name} and
$InternalInterface{Name} eq $THIS_DEVICE );
$is_external = (exists $ExternalInterface{Name} and
$ExternalInterface{Name} eq $THIS_DEVICE );
$ifup_this_device = "no";
if ($is_internal || ($is_external && $ExternalInterface{Configuration} eq "static"))
{
$ifup_this_device = "yes";
}
and /etc/e-smith/templates/etc/sysconfig/network-scripts/ifcfg-ethX/30ONBOOT
will not be up on boot
and then at : /etc/e-smith/templates/etc/sysconfig/network-scripts/ifcfg-ethX/90otherparams
if ($ifup_this_device eq "no")
{
# Need syntactically valid IP address to avoid complaints
# from init.d/network script
return "IPADDR=1.1.1.1";
}
it will not set your IP; ther will need some changes or at least a custom template for your need
-
Wow, I didn't notice SME-server was that complicated to sysadmin :shock:
I tried several changes and addings in :
/etc/e-smith/templates/etc/sysconfig/network-scripts/ifcfg-ethX/
in files : 00setup, 10ETHTOOL, 90otherparams
and then reboot,
with no success and no changes (even no errors :grin: )
Does anybody has any clue for making it work ?
I'm confused as adding and configuring a new NIC is rather easy and well documented on any other linux distro or even on freebsd.
-
Wow, I didn't notice SME-server was that complicated to sysadmin :shock:
well, it is simple to sysadmin for its intended use, when you want to tweak it fo a non supported use, it can become a challenge unless you take the time to read the documentation:
https://wiki.contribs.org/Template_Tutorial
I tried several changes and addings in :
/etc/e-smith/templates/etc/sysconfig/network-scripts/ifcfg-ethX/
you should not modify a template file, or might break your server.
to reverse this please do :
yum reinstall e-smith-base -y
config set UnsavedChanges no
/etc/e-smith/events/actions/update-ifcfg
then to modify a template, create a template-custom as explained here: https://wiki.contribs.org/Template_Tutorial#Specific_practical_examples
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/
then you should create 2 files a with your favorite editor ( mcedit, vi, pico ...)
vim /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/00setup-moreIntfce
{
$is_private = (exists $PrivateInterface{Name} and
$PrivateInterface{Name} eq $THIS_DEVICE );
if ($is_private || ($is_external && $PrivateInterface{Configuration} eq "static"))
{
$ifup_this_device = "yes";
}
"";
}
vim /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/90otherparams-moreIntfce
{
if ($is_private)
{
# We are now running a supervised dhcpcd - setting the BOOTPROTO to "none"
# allows the supervised dhcpcd to do the work without fighting with ifup
return "BOOTPROTO=none" if ($PrivateInterface{Configuration} eq "dhcp");
my ($network, $broadcast) = esmith::util::computeNetworkAndBroadcast ($PrivateInterface{IPAddress}, $PrivateInterface{Netmask});
return "BOOTPROTO=none\n" .
"IPADDR=".$PrivateInterface{IPAddress}."\n" .
"NETMASK=".$PrivateInterface{Netmask}."\n" .
"NETWORK=$network\n" .
"BROADCAST=$broadcast";
}
}
after a
/etc/e-smith/events/actions/update-ifcfg
should do the trick ( not tested).
NOTE:
- I have planned ' return "BOOTPROTO=none" if ($PrivateInterface{Configuration} eq "dhcp");' but surely will not work as SME is not configured to listen and act as dhcp client on this interface; would need more work on this side...
- the interface should be up, but you will then need to configure the firewall to have a service to be able to be reached.
Here some reading :
https://wiki.contribs.org/Firewall
To be short, you will need to rewrite a part of the SME firewall called "masq", which is templated. Could be easy or long depending on your needs.. Reading your needs it should be easy as sme will act as a client to the NAS.
in files : 00setup, 10ETHTOOL, 90otherparams
and then reboot,
with no success and no changes (even no errors :grin: )
Does anybody has any clue for making it work ?
I'm confused as adding and configuring a new NIC is rather easy and well documented on any other linux distro or even on freebsd.
it is easier to hack your way on such system, but it is also easier to make them a brick without any easy chance to go back to normal. SME is intended to enhance stability : https://wiki.contribs.org/Template_Tutorial#Why_do_all_this_by_design_.3F
-
It works !
Thank you very much for you help, I really appreciate it.
Reading the template tutorial also helps.
I just made 1 change in this file :
/etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/00setup-moreIntfce
Following line :
if ($is_private || ($is_external && $PrivateInterface{Configuration} eq "static"))should be :
if (($is_private && $PrivateInterface{Configuration} eq "static"))
No need firewall mods as it's only for an NFS client.
Here is the overall process that works for me :
1) Adding "PrivateInterface" DB config data :
# db configuration set PrivateInterface interface Name eth1 IPAddress 192.168.10.56 Netmask 255.255.255.0 Configuration staticI also added this one (not sure if needed, else its value is "unknown", so I put the same value as for EthernetDriver1)
# db configuration set EthernetDriver2 pcnet32Verifying :
# db configuration show
2) Adding custom templates :
# mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/
# vi /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/00setup-moreIntfcewith content :
{
$is_private = (exists $PrivateInterface{Name} and
$PrivateInterface{Name} eq $THIS_DEVICE );
#if ($is_private || ($is_external && $PrivateInterface{Configuration} eq "static"))
if (($is_private && $PrivateInterface{Configuration} eq "static"))
{
$ifup_this_device = "yes";
}
"";
}
plus
vi /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/90otherparams-moreIntfcewith content :
{
if ($is_private)
{
# We are now running a supervised dhcpcd - setting the BOOTPROTO to "none"
# allows the supervised dhcpcd to do the work without fighting with ifup
return "BOOTPROTO=none" if ($PrivateInterface{Configuration} eq "dhcp");
my ($network, $broadcast) = esmith::util::computeNetworkAndBroadcast ($PrivateInterface{IPAddress}, $PrivateInterface{Netmask});
return "BOOTPROTO=none\n" .
"IPADDR=".$PrivateInterface{IPAddress}."\n" .
"NETMASK=".$PrivateInterface{Netmask}."\n" .
"NETWORK=$network\n" .
"BROADCAST=$broadcast";
}
}
3) Applying it to the SME :
# /etc/e-smith/events/actions/update-ifcfgAt this time we need to manually make this NIC "up", or reboot :
# ifup eth1Verifying :
# ping NFS_SERVER_IP
# showmount -e NFS_SERVER_IPAlso checked all remains ok after a reboot.
-
Congrats! good achievement. Maybe you want to add your efforts to the wiki.
-
Good, next step would be to work on service network i would guess to have it up.