RE: [e-smith-devinfo] 3rd External IP development
Trevor, I take it that your statement "Done..." means this works on all standard ports? If I use Darrell's modifications below, will they work also for an Aliased IP on the same NIC? I am looking at setting up another server, or using a third nic to host a hobby domain for a friend on a second static IP. It would be better if I could just create it using the aliased IP. I can presently ping the second static IP from the internet, but port scanning on the second IP indicates the ports are not open or in service (21, 25, 80, 110 and 443). Any thoughts I can use to make this work? Thanks! Tom Quoting Trevor Ouellette > Done... I had to set the Ethernet Driver manually (/sbin/e-smith/db > configuration set EthernetDriver3=), and everything else is set as > well... > > The Ethernet Driver is not the issue here. It was really written for > External aliased IP addresses and not for a 3rd physical network card. But > I tried to make the code as flexible as I could to support eth2 (for > example). > > BTW, Aliased IP's share the same physical ethernet port, but have more than > one IP. > > I'm sure it how the routing tables are set up for eth2. > > See for yourself. > > http://www.greencomputer.com/temp/gc-extip-0.1-1.noarch.rpm > http://www.greencomputer.com/temp/gc-extip-0.1-1.src.rpm > > [Charlie, I would like these files added to my ftp directory.] > > Trev. > > > -Original Message- > From: Darrell May [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 26, 2002 12:14 PM > To: Trevor Ouellette; [EMAIL PROTECTED] > Subject: Re: [e-smith-devinfo] 3rd External IP development > > > > Trevor Ouellette <[EMAIL PROTECTED]> said: > > > The Ethernet is visable, loads properly, can be pinged from the inside > > network, but from the outside, it can't be located. > > Trevor, you may wish to define the second external ethernet card > properties > in the configuration file and the masq. Something 'like' this may get you > started: > > /home/e-smith/configuration > > EthernetDriver3= > ExternalIP2= > > /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/15Definitions > > OUTERIF2=eth2 > OUTERNET2=$(/sbin/e-smith/db configuration get ExternalIP2) > > Then for every templated instance of OUTERIF and OUTERNET, in every > template fragment, you would have to move the fragment into > templates-custom > and add similar lines for OUTERIF2 and OUTERNET2. As an example: > > /sbin/ipchains --append input -p TCP -s 0/0 :19 -i $OUTERIF -j denylog > /sbin/ipchains --append input -p UDP -s 0/0 :19 -i $OUTERIF -j denylog > /sbin/ipchains --append input -p TCP -s 0/0 :19 -i $OUTERIF2 -j denylog > /sbin/ipchains --append input -p UDP -s 0/0 :19 -i $OUTERIF2 -j denylog > > I'm not sure if it will accept '-i $OUTERIF $OUTERIF2' on the same line in > some fancy syntax? It will accept a new line. > > This should then open the card up for external access on the > standard ports > and services. Once you are permitted in then you can test if additional > route entries are needed. > > You may wish to become familiar with the remoteaccess-update event. > > Let me know if this helps. > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] 3rd External IP development
Done... I had to set the Ethernet Driver manually (/sbin/e-smith/db configuration set EthernetDriver3=), and everything else is set as well... The Ethernet Driver is not the issue here. It was really written for External aliased IP addresses and not for a 3rd physical network card. But I tried to make the code as flexible as I could to support eth2 (for example). BTW, Aliased IP's share the same physical ethernet port, but have more than one IP. I'm sure it how the routing tables are set up for eth2. See for yourself. http://www.greencomputer.com/temp/gc-extip-0.1-1.noarch.rpm http://www.greencomputer.com/temp/gc-extip-0.1-1.src.rpm [Charlie, I would like these files added to my ftp directory.] Trev. > -Original Message- > From: Darrell May [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 26, 2002 12:14 PM > To: Trevor Ouellette; [EMAIL PROTECTED] > Subject: Re: [e-smith-devinfo] 3rd External IP development > > > > Trevor Ouellette <[EMAIL PROTECTED]> said: > > > The Ethernet is visable, loads properly, can be pinged from the inside > > network, but from the outside, it can't be located. > > Trevor, you may wish to define the second external ethernet card > properties > in the configuration file and the masq. Something 'like' this may get you > started: > > /home/e-smith/configuration > > EthernetDriver3= > ExternalIP2= > > /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/15Definitions > > OUTERIF2=eth2 > OUTERNET2=$(/sbin/e-smith/db configuration get ExternalIP2) > > Then for every templated instance of OUTERIF and OUTERNET, in every > template fragment, you would have to move the fragment into > templates-custom > and add similar lines for OUTERIF2 and OUTERNET2. As an example: > > /sbin/ipchains --append input -p TCP -s 0/0 :19 -i $OUTERIF -j denylog > /sbin/ipchains --append input -p UDP -s 0/0 :19 -i $OUTERIF -j denylog > /sbin/ipchains --append input -p TCP -s 0/0 :19 -i $OUTERIF2 -j denylog > /sbin/ipchains --append input -p UDP -s 0/0 :19 -i $OUTERIF2 -j denylog > > I'm not sure if it will accept '-i $OUTERIF $OUTERIF2' on the same line in > some fancy syntax? It will accept a new line. > > This should then open the card up for external access on the > standard ports > and services. Once you are permitted in then you can test if additional > route entries are needed. > > You may wish to become familiar with the remoteaccess-update event. > > Let me know if this helps. > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] 3rd External IP development
Trevor Ouellette <[EMAIL PROTECTED]> said: > The Ethernet is visable, loads properly, can be pinged from the inside > network, but from the outside, it can't be located. Trevor, you may wish to define the second external ethernet card properties in the configuration file and the masq. Something 'like' this may get you started: /home/e-smith/configuration EthernetDriver3= ExternalIP2= /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/15Definitions OUTERIF2=eth2 OUTERNET2=$(/sbin/e-smith/db configuration get ExternalIP2) Then for every templated instance of OUTERIF and OUTERNET, in every template fragment, you would have to move the fragment into templates-custom and add similar lines for OUTERIF2 and OUTERNET2. As an example: /sbin/ipchains --append input -p TCP -s 0/0 :19 -i $OUTERIF -j denylog /sbin/ipchains --append input -p UDP -s 0/0 :19 -i $OUTERIF -j denylog /sbin/ipchains --append input -p TCP -s 0/0 :19 -i $OUTERIF2 -j denylog /sbin/ipchains --append input -p UDP -s 0/0 :19 -i $OUTERIF2 -j denylog I'm not sure if it will accept '-i $OUTERIF $OUTERIF2' on the same line in some fancy syntax? It will accept a new line. This should then open the card up for external access on the standard ports and services. Once you are permitted in then you can test if additional route entries are needed. You may wish to become familiar with the remoteaccess-update event. Let me know if this helps. Regards, -- Darrell May DMC Netsourced.com http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] 3rd External IP development
I've made headway with the External Aliased IP RPM that I'm developing but now I'm testing it for compatibility with a "real" third ethernet (or wireless) connection. Anybody running three interfaces (Ethernet) at the moment? I would prefer if you had one local area network connection and two external connections. I'm having a heck of a time getting the 3rd interface visable to the outside world (I'm pretty sure its my routes). The Ethernet is visable, loads properly, can be pinged from the inside network, but from the outside, it can't be located. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
