RE: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-25 Thread Craig Caughlin 
Thank you Erich  Ronny!

Ronny, Yes since you ask a question like that i guess you typed ip addr
add.etc.etc in shell instead of adding to interfaces file ???...that's
exactly what I did. I was concerned about what to back up, but Charles told
me to back up etc.lrp to save my changes.

Thank you both!

Best regards,
Craig



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-25 Thread Tom Eastep 
Craig Caughlin wrote:
Thank you Erich  Ronny!

Ronny, Yes since you ask a question like that i guess you typed ip addr
add.etc.etc in shell instead of adding to interfaces file ???...that's
exactly what I did. I was concerned about what to back up, but Charles told
me to back up etc.lrp to save my changes.
Then they weren't saved. You have to add those commands to the 
interfaces file eth0 definition (preceeded by 'up' as I described in my 
previous post).

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-24 Thread Craig Caughlin 
Hi everyone!

O.K. Per Charles  Tom's suggestions (thank you, gentlemen), I decided to
try and assign my additional IP addresses in the /etc/network/interfaces. I
tried to assign them in, at first, 2 different ways...neither one of which
worked. I tried:

auto eth0
iface eth0 inet static
address 66.60.172.201
netmask 255.255.255.0
broadcast 66.60.172.255
gateway 66.60.172.205
 
auto eth0:0
iface eth0 inet static
address 66.60.172.202
netmask 255.255.255.0
broadcast 66.60.172.255
 
auto eth0:1
iface eth0 inet static
address 66.60.172.203
netmask 255.255.255.0
broadcast 66.60.172.255

 Etc, etc...

And then a subtle variation:

auto eth0
iface eth0 inet static
address 66.60.172.201
netmask 255.255.255.0
broadcast 66.60.172.255
gateway 66.60.172.205
 
auto eth0
iface eth0:0 inet static
address 66.60.172.202
netmask 255.255.255.0
broadcast 66.60.172.255
 
auto eth0
iface eth0:1 inet static
address 66.60.172.203
netmask 255.255.255.0
broadcast 66.60.172.255

 Etc, etc...

But neither way worked. The good new is that Tom's suggestion of ip addr add
66.60.172.202/24 brd 66.60.172.255 \dev eth0 label eth0:0, etc works great.
I can immediately ping all addresses, and ip addr lists them all. Yippee!
But, I don't know what to back up (which .lrp package) to save my changes???
Also, what file(s) were modified by using this method(out of curiosity)?

Finally, I have a box on the local LAN that will host a web server, and has
MS Terminal Services running on that I want to be able to connect to, so my
guess is that I need to follow Tom's FAQ 1c and make entries like:

In /etc/shorewall/rules:

#ACTION   SOURCEDESTPROTO DEST PORT(S)
DNAT  net   loc:192.168.1.201   tcp   80
DNAT  net   loc:192.168.1.201   tcp   1494
DNAT  net   loc:192.168.1.201   tcp   3389

Does this look right? Thank you all for your help!

Craig



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-24 Thread Charles Steinkuehler 
Craig Caughlin wrote:
Hi everyone!

O.K. Per Charles  Tom's suggestions (thank you, gentlemen), I decided to
try and assign my additional IP addresses in the /etc/network/interfaces. I
tried to assign them in, at first, 2 different ways...neither one of which
worked. I tried:
snip /etc/network/interfaces examples

But neither way worked. The good new is that Tom's suggestion of ip addr add
66.60.172.202/24 brd 66.60.172.255 \dev eth0 label eth0:0, etc works great.
I can immediately ping all addresses, and ip addr lists them all. Yippee!
But, I don't know what to back up (which .lrp package) to save my changes???
Also, what file(s) were modified by using this method(out of curiosity)?
To save your changes, backup etc.lrp.

The file modified is /etc/network/interfaces which you edited.  No other 
files are dynamically modified when you make changes to this file.

--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Craig Caughlin 
Hi folks,
I'm trying (with no success) to assign multiple IP addresses to eth0 on my
Bering-uClibc 2.1-rc1 box. 

At Tom's suggestion, I have read (studied really) his instructions at:
http://www.shorewall.net/shorewall_setup_guide.htm.

I have been assigned by our network admin the following addresses:
66.60.172.201-204, Gateway 205. In /etc/shorewall/masq I have made the
following entry:

#INTERFACE  SUBNET  ADDRESS
eth0:0  eth166.60.172.201-66.60.172.204

When I save the file, restart shorewall, and issue the ip addr command I'm
expecting to see the additional addresses but here's what I get:

1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:cc:d3:c2:14 brd ff:ff:ff:ff:ff:ff
inet 66.60.172.201/24 brd 66.60.172.255 scope global eth0
inet 66.60.172.204/24 brd 66.60.172.255 scope global secondary eth0:0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:cc:52:07:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 1000
link/ether 00:a0:cc:d3:cf:40 brd ff:ff:ff:ff:ff:ff

When I try to ping the addresses, I can ping only 66.60.172.201 but nothing
else. In the /etc/network/interfaces file, I have eth0 statically set to
66.60.172.201, and I use the dhcpd for assigning local addresses. I'm
stumped...any suggestions???

P.S. One thing I did gave me, what *I* think, was a really unusual result: I
had initially set eth0's static address as 66.60.172.204, and when I tried
to ping 66.60.172.201...here's what I got:

G:\WINNT\system32ping 66.60.172.201
Pinging 66.60.172.201 with 32 bytes of data:
Reply from 66.60.172.204: Destination host unreachable.
Reply from 66.60.172.204: Destination host unreachable.
Reply from 66.60.172.204: Destination host unreachable.
Reply from 66.60.172.204: Destination host unreachable.
Ping statistics for 66.60.172.201:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =  0ms, Average =  0ms

Is that really odd...or is it me??? :-) I see there's no packet loss...but I
also can't reach the box. H.


Thank you as always,
Craig



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Charles Steinkuehler 
Craig Caughlin wrote:
Hi folks,
I'm trying (with no success) to assign multiple IP addresses to eth0 on my
Bering-uClibc 2.1-rc1 box. 

At Tom's suggestion, I have read (studied really) his instructions at:
http://www.shorewall.net/shorewall_setup_guide.htm.
I have been assigned by our network admin the following addresses:
66.60.172.201-204, Gateway 205. In /etc/shorewall/masq I have made the
following entry:
#INTERFACE  SUBNET  ADDRESS
eth0:0  eth166.60.172.201-66.60.172.204
When I save the file, restart shorewall, and issue the ip addr command I'm
expecting to see the additional addresses but here's what I get:
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:cc:d3:c2:14 brd ff:ff:ff:ff:ff:ff
inet 66.60.172.201/24 brd 66.60.172.255 scope global eth0
inet 66.60.172.204/24 brd 66.60.172.255 scope global secondary eth0:0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:cc:52:07:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 1000
link/ether 00:a0:cc:d3:cf:40 brd ff:ff:ff:ff:ff:ff
When I try to ping the addresses, I can ping only 66.60.172.201 but nothing
else. In the /etc/network/interfaces file, I have eth0 statically set to
66.60.172.201, and I use the dhcpd for assigning local addresses. I'm
stumped...any suggestions???
P.S. One thing I did gave me, what *I* think, was a really unusual result: I
had initially set eth0's static address as 66.60.172.204, and when I tried
to ping 66.60.172.201...here's what I got:
G:\WINNT\system32ping 66.60.172.201
Pinging 66.60.172.201 with 32 bytes of data:
Reply from 66.60.172.204: Destination host unreachable.
Reply from 66.60.172.204: Destination host unreachable.
Reply from 66.60.172.204: Destination host unreachable.
Reply from 66.60.172.204: Destination host unreachable.
Ping statistics for 66.60.172.201:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =  0ms, Average =  0ms
Is that really odd...or is it me??? :-) I see there's no packet loss...but I
also can't reach the box. H.
Are you using the /etc/shorewall/masq file to try and *ASSIGN* the extra 
IP addresses?  With your setup, I'd simply assign all IP's in your 
/etc/network/interfaces file (add entries for eth0:0, eth0:1, etc., 
along with the entry for eth0).

With the masq entry you list above, you'll be round-robining through 
source IP's for outbound traffic, which I doubt is what you really want.

--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
Craig Caughlin wrote:
Hi folks,
I'm trying (with no success) to assign multiple IP addresses to eth0 on my
Bering-uClibc 2.1-rc1 box. 

At Tom's suggestion, I have read (studied really) his instructions at:
http://www.shorewall.net/shorewall_setup_guide.htm.
I have been assigned by our network admin the following addresses:
66.60.172.201-204, Gateway 205. In /etc/shorewall/masq I have made the
following entry:
#INTERFACE  SUBNET  ADDRESS
eth0:0  eth166.60.172.201-66.60.172.204
When I save the file, restart shorewall, and issue the ip addr command I'm
expecting to see the additional addresses but here's what I get:
And have you set ADD_SNAT_ALIASES=Yes in shorewall.conf?

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
Charles Steinkuehler wrote:

Are you using the /etc/shorewall/masq file to try and *ASSIGN* the extra 
IP addresses?  With your setup, I'd simply assign all IP's in your 
/etc/network/interfaces file (add entries for eth0:0, eth0:1, etc., 
along with the entry for eth0).

With the masq entry you list above, you'll be round-robining through 
source IP's for outbound traffic, which I doubt is what you really want.

Good catch -- I haven't a clue what Shorewall would do with that masq 
file entry and ADD_SNAT_ALIASES=Yes.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
Tom Eastep wrote:
Charles Steinkuehler wrote:

Are you using the /etc/shorewall/masq file to try and *ASSIGN* the 
extra IP addresses?  With your setup, I'd simply assign all IP's in 
your /etc/network/interfaces file (add entries for eth0:0, eth0:1, 
etc., along with the entry for eth0).

With the masq entry you list above, you'll be round-robining through 
source IP's for outbound traffic, which I doubt is what you really want.

Good catch -- I haven't a clue what Shorewall would do with that masq 
file entry and ADD_SNAT_ALIASES=Yes.

Hmmm -- I'm smarter than I thought :-)

...
Adding IP Addresses...
   IP Address 206.124.146.178 added to interface eth0 with label eth0:0
   IP Address 206.124.146.180 added to interface eth0 with label eth0:1
   IP Address 206.124.146.179 added to interface eth0 with label eth0:2
   IP Address 176.16.1.1 added to interface eth3 with label eth3:0
   IP Address 176.16.1.2 added to interface eth3 with label eth3:1
   IP Address 176.16.1.3 added to interface eth3 with label eth3:2
   IP Address 176.16.1.4 added to interface eth3 with label eth3:3
   IP Address 176.16.1.5 added to interface eth3 with label eth3:4
   IP Address 176.16.1.6 added to interface eth3 with label eth3:5
   IP Address 176.16.1.7 added to interface eth3 with label eth3:6
Processing /etc/shorewall/start ...
Shorewall Restarted
gateway:/etc/test#
So it assigns the addresses to sequential aliases.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Charles Steinkuehler 
Tom Eastep wrote:

Tom Eastep wrote:
Charles Steinkuehler wrote:

Are you using the /etc/shorewall/masq file to try and *ASSIGN* the 
extra IP addresses?  With your setup, I'd simply assign all IP's in 
your /etc/network/interfaces file (add entries for eth0:0, eth0:1, 
etc., along with the entry for eth0).

With the masq entry you list above, you'll be round-robining through 
source IP's for outbound traffic, which I doubt is what you really want.

Good catch -- I haven't a clue what Shorewall would do with that masq 
file entry and ADD_SNAT_ALIASES=Yes.

Hmmm -- I'm smarter than I thought :-)

...
Adding IP Addresses...
IP Address 206.124.146.178 added to interface eth0 with label eth0:0
IP Address 206.124.146.180 added to interface eth0 with label eth0:1
IP Address 206.124.146.179 added to interface eth0 with label eth0:2
IP Address 176.16.1.1 added to interface eth3 with label eth3:0
IP Address 176.16.1.2 added to interface eth3 with label eth3:1
IP Address 176.16.1.3 added to interface eth3 with label eth3:2
IP Address 176.16.1.4 added to interface eth3 with label eth3:3
IP Address 176.16.1.5 added to interface eth3 with label eth3:4
IP Address 176.16.1.6 added to interface eth3 with label eth3:5
IP Address 176.16.1.7 added to interface eth3 with label eth3:6
Processing /etc/shorewall/start ...
Shorewall Restarted
gateway:/etc/test#
So it assigns the addresses to sequential aliases.
...but do any of your alias IP's overlap the main IP for the interface? 
I think the setup Craig was commenting likely has overlapping IP's (kind 
of hard to tell, though, since there's not exactly complete debugging info).

Regardless, if I'm reading the docs correctly, having multiple IP's 
after a masq entry will round-robin through all the IP's listed, which 
seems like a pretty wierd way to setup an external link.

--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
Charles Steinkuehler wrote:

So it assigns the addresses to sequential aliases.


...but do any of your alias IP's overlap the main IP for the interface? 
I think the setup Craig was commenting likely has overlapping IP's (kind 
of hard to tell, though, since there's not exactly complete debugging 
info).
Shorewall is smart enough to not try to add an IP address to an 
interface if the address is already configured on that interface.

Regardless, if I'm reading the docs correctly, having multiple IP's 
after a masq entry will round-robin through all the IP's listed, which 
seems like a pretty wierd way to setup an external link.

Yes --

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
Craig Caughlin wrote:
Hey...thank you Charles  Tom for the expeditious response! Let me see if I
can address you both...
O.K., so I gather that I need to do 2 things:

1.) Take Charles suggestion and add entries for eth0:0, eth0:1, etc., along
with the entry for eth0, and 2.) Tom's suggestion ADD_SNAT_ALIASES=Yes in
shorewall.conf. Is that right?
No, you want to do one or the other. And you want to consider whether 
round-robining your SNAT is what you really want.

Charles, how do I add entries as you suggest (I don't know how to do that
:-( )? Here's what I have:
This is a LEAF FAQ. You add one line to the eth0 interface description 
for each address. Example (folded to fit my mailer's default line width):

up /sbin/ip addr add 66.60.172.202/24 brd 66.60.172.255 \
dev eth0 label eth0:0
The label eth0:N part is strictly window-dressing for compatibility 
with ifconfig; IIRC, Bering doesn't even have ifconfig so you can leave 
that off.

Tom:
If I ADD_SNAT_ALIASES=Yes in shorewall.conf, do I need to change
ADD_IP_ALIASES to No or should I leave it to it's default Yes?
If you add your IP addresses to your /etc/network/interfaces file then 
there is no point to set ADD_SNAT_ALIASES=Yes. You want to do one or the 
other.

ADD_IP_ALIASES is completely independent of ADD_SNAT_ALIASES. You really 
should read http://shorewall.net/Shorewall_and_Aliased_Interfaces.html.

Once I have made the correct modifications, ip addr should show all of the
addresses, and I should be able to ping them all, shouldn't I???
Yes.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread M Lu 
I just use the normal setup with Bering, e.g.

iface eth0 inet static
address 24.81.144.90
masklen 24
broadcast 24.81.144.255
gateway 24.81.144.1
#
# secondary IP is defined here
#
up ip addr add 24.81.144.91/24 dev eth0


BTW, is there anyway I can specify my 'eth0:0' in Shorewall black-list or is
there any other way to achieve blacklisting on that interface?

Thank you.


- Original Message - 
From: Tom Eastep [EMAIL PROTECTED]
To: Tom Eastep [EMAIL PROTECTED]
Cc: Charles Steinkuehler [EMAIL PROTECTED]; Craig Caughlin
[EMAIL PROTECTED]; LEAF [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:44 PM
Subject: Re: [leaf-user] Difficulty assigning multiple IP addresses


 Tom Eastep wrote:
  Charles Steinkuehler wrote:
 
 
  Are you using the /etc/shorewall/masq file to try and *ASSIGN* the
  extra IP addresses?  With your setup, I'd simply assign all IP's in
  your /etc/network/interfaces file (add entries for eth0:0, eth0:1,
  etc., along with the entry for eth0).
 
  With the masq entry you list above, you'll be round-robining through
  source IP's for outbound traffic, which I doubt is what you really
want.
 
 
  Good catch -- I haven't a clue what Shorewall would do with that masq
  file entry and ADD_SNAT_ALIASES=Yes.
 

 Hmmm -- I'm smarter than I thought :-)

 ...
 Adding IP Addresses...
 IP Address 206.124.146.178 added to interface eth0 with label eth0:0
 IP Address 206.124.146.180 added to interface eth0 with label eth0:1
 IP Address 206.124.146.179 added to interface eth0 with label eth0:2
 IP Address 176.16.1.1 added to interface eth3 with label eth3:0
 IP Address 176.16.1.2 added to interface eth3 with label eth3:1
 IP Address 176.16.1.3 added to interface eth3 with label eth3:2
 IP Address 176.16.1.4 added to interface eth3 with label eth3:3
 IP Address 176.16.1.5 added to interface eth3 with label eth3:4
 IP Address 176.16.1.6 added to interface eth3 with label eth3:5
 IP Address 176.16.1.7 added to interface eth3 with label eth3:6
 Processing /etc/shorewall/start ...
 Shorewall Restarted
 gateway:/etc/test#

 So it assigns the addresses to sequential aliases.

 -Tom
 -- 
 Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
 Shoreline, \ http://shorewall.net
 Washington USA  \ [EMAIL PROTECTED]




 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
M Lu wrote:
I just use the normal setup with Bering, e.g.

iface eth0 inet static
address 24.81.144.90
masklen 24
broadcast 24.81.144.255
gateway 24.81.144.1
#
# secondary IP is defined here
#
up ip addr add 24.81.144.91/24 dev eth0
BTW, is there anyway I can specify my 'eth0:0' in Shorewall black-list or is
there any other way to achieve blacklisting on that interface?
No.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Tom Eastep 
Tom Eastep wrote:

BTW, is there anyway I can specify my 'eth0:0' in Shorewall black-list 
or is
there any other way to achieve blacklisting on that interface?

No.

The real point is that eth0:0 is *not* an interface. It is a label for 
an ip address on an interface. See the introductory section of 
http://shorewall.net/Shorewall_and_Aliased_Interfaces.html

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Difficulty assigning multiple IP addresses

2004-03-23 Thread Charles Steinkuehler 
Craig Caughlin wrote:
Hey...thank you Charles  Tom for the expeditious response! Let me see if I
can address you both...
O.K., so I gather that I need to do 2 things:

1.) Take Charles suggestion and add entries for eth0:0, eth0:1, etc., along
with the entry for eth0, and 2.) Tom's suggestion ADD_SNAT_ALIASES=Yes in
shorewall.conf. Is that right?
Charles, how do I add entries as you suggest (I don't know how to do that
:-( )? Here's what I have:
auto eth0
iface eth0 inet static
address 66.60.172.201
netmask 255.255.255.0
braodcast 66.60.172.255
gateway 66.60.172.205
Do I then add this for the next address...

auto eth0:0
iface eth0 inet static
address 66.60.172.202
netmask 255.255.255.0
braodcast 66.60.172.255
gateway 66.60.172.205
	auto eth0:1
	iface eth0 inet static
		address 66.60.172.203
		netmask 255.255.255.0
		braodcast 66.60.172.255
		gateway 66.60.172.205
Etc, etc...
Is this right? 
Yes, although you don't need to duplicate the gateway entry on any but 
the main eth0 entry.

You can also do it the way Tom mentioned (adding an 'up' clause to your 
eth0 definition...there's almost always more than one way to do 
something in linux!).

Also, just out of curiosity, what do you mean when you said,
With the masq entry you list above, you'll be round-robining through source
IP's for outbound traffic, which I doubt is what you really want.? What's
wrong with that???
It means the source IP of the traffic you send to the internet (or 
anything else on the 'upstream' side of your firewall) will dynamically 
rotate between the various IP's you have assigned.  You will have to be 
*VERY* careful that your firewall rules take this into account, and you 
may have problems with some applications that open multiple connections, 
or anything that expects your IP to be constant.

Tom:
If I ADD_SNAT_ALIASES=Yes in shorewall.conf, do I need to change
ADD_IP_ALIASES to No or should I leave it to it's default Yes?
Once I have made the correct modifications, ip addr should show all of the
addresses, and I should be able to ping them all, shouldn't I???
You should be able to ping all assigned IP's, assuming the firewall 
rules allow it (you can allow/prevent just about anything with iptables).

--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html