The reason I am trying to configure these additional IP's is so that our clients can connect to our internal workstations using pcAnywhere. I've got 6 people here who use pcAnywhere to support clients. We need to take control of the client workstations, so we configure our PCA Remote to "Wait for a Connection". Then we have the client right-click on their PCA host and select "Call Remote". This brings up a dialog asking for the IP of the remote to which they want to connect. I would like the client to be able to type in 206.127.77.50 which would then get port forwarded in to my machine (192.168.10.50).
The only traffic I want to let through on those additional IP's is PCA traffic (TCP 5631 and UDP 5632). I don't think this qualifies as a DMZ setup because the machines I want to access are the same machines as my internal network. However, if it would work, I wouldn't mind putting another NIC in the Dach box and just connect it to my main switch. Do you think this is the best approach, or is there another solution? Thanks very much for your help Charles. Ken > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charles Steinkuehler > Sent: Thursday, March 13, 2003 9:36 AM > To: Ken Marshall > Cc: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Adding Extra Static IP's on External > Interface > > > Ken Marshall wrote: > > Hello! > > > > Thanks to the help provided by Ray Olszewski it has become obvious > > that my secondary IP addresses on my external interface are not > > working properly. > > > > I have a static IP of 206.127.76.231/27 for my primary IP on my > > Dachstein box. I have also been assigned the block of > > 206.127.77.48/28 (14 useable IP's). They are being routed > correctly > > by my ISP, but my Dach box does not reply to ping requests on that > > range of IP's. > > <massive snippage> > > > The only thing that I can think of is that I haven't specified a > > broadcast address for the secondary network. Is there any > way I can > > add that in the scripts? If not, could someone give me any help in > > getting it set up manually? > > First, let's back up a bit and try to clarify exactly what > you're trying > to setup. > > It sounds like you have a traditional setup with a block of > IP's being > routed to you by your ISP. With this sort of setup you would > normally > set up your firewall as a router, or choose a routed DMZ, rather than > trying to add multiple IP's to your external interface, ie: > > ISP > | > -------------- > 206.127.76.231 > Ext. interface > Dachstein Firewall/router > Int. interface DMZ interface > 192.168.0.254 206.127.77.49 > -------------- ------------- > | | > 192.168.0.0/24 206.127.77.48/28 > > NOTE: I arbitrarily picked 206.127.77.49 as the IP of the > firewall on > your DMZ network...you can assign IP's however you want. > > I suggest sticking with the above network architecture (or something > similar) unless you have a good reason or requirement to do something > different. If you need help getting this going, re-post to the list > with whatever you don't understand about configuring a DMZ. > > Back to your origional question: If you want to add a > broadcast address > to extra IP ranges, you'll need to modify the if_up > procedure, or do it > manually (handy for testing). > > Look for the interface case statement in the if_up () procedure in > /etc/network.conf, and modify it as follows: > > *) # default interface startup > brg_iface $1 up $BRIDGE > [ -n "$IPADDR" ] \ > && ip addr add $IPADDR/$MASKLEN > $IFCFG_BROADCAST dev $1 > for ADDR in $IP_EXTRA_ADDRS; do > ip addr add $ADDR $IFCFG_BROADCAST dev $1 > done > > The part you need to change is the line in the "for ADDR in > ..." loop. > Adding the $IFCFG_BROADCAST will use the broadcast specification from > the main interface configuration variables. This will break > if you have > different networks and specify the exact broadcast address, but will > work as expected if you use the shorthand "+" for the > broadcast address. > > -- > Charles Steinkuehler > [EMAIL PROTECTED] > > > > > ------------------------------------------------------- > This SF.net email is sponsored by:Crypto Challenge is now open! > Get cracking and register here for some mind boggling fun and > the chance of winning an Apple iPod: > http://ads.sourceforge.net/cgi-> bin/redirect.pl?thaw0031en > > > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/l> eaf-user > SR > FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
