Topic: How to add an external ip adress to a computer behind the SME ?

[it0007]

Hi,

i have a SME 7.2 server a several computers in local area behind him

i have a range of ip adresses from ISP:
86.abc.abc.abc/29

i'm already using the external ip: 86.abc.bca.bca for the SME server

how can i add an external ip adress to to one computer behind the SME?

Thanx,

[CharlieBrady]

i have a range of ip adresses from ISP:
86.abc.abc.abc/29

SME server has no support for multiple Internet facing IPs, and does not route IP addresses. It operates as a NAT firewall, with only a single external IP.

[it0007]

Thanks CharlieBrady,

then I need to install another server between SME & Internet for this task ...?
something like ... Ipcop Firewall ?

[dgs]

What exactly are you trying to achieve. SME offer facility to map services from boxes behind the server.
(but please understand the security implications)

Possibly you can achieve what you require without using another IP?

[janet]

it0007

Depending what you are trying to achieve, you can use the one external IP and port forward or proxy pass to other local servers behind sme.
sme will support multiple domain names and resolve them correctly according to how you configure it all.

[it0007]

this server will only be connected to the external network
i know how to make port forwarding, but for this server i need an external IP not port forwarding

thanks

[Reinhold]

then I need to install another server between SME & Internet for this task ...?
something like ... Ipcop Firewall ?

 ... use a 2nd SME "connected in parallel" to your ISP-Supplied-Line (Switch/Router)
to run whatever you need to be on that IP
 

Regards
Reinhold

[it0007]

my internet connection is fiber optic
ca I install like this?

INTERNET > switch > SME 1
                           > SME 2

thanks

[dgs]

can I install like this?

INTERNET > switch > SME 1
                           > SME 2


Of course you can, however you have not provided sufficient detail for comment.

Do you propose the SME boxes to be server or server/gateway?

In either case your issues will be with your ISP (providing multiple IPs) and with whatever routing (and firewalling) hardware and software you use upstream of the SME boxes.

The SME boxes will perform the tasks in the role you configure them as.

Your issue is one of internet connection sharing not an SME specific issue.  The questions were asked because it may be possible you could achieve your objectives using the features of SME on a single box and external IP.     

[Reinhold]

it0007,

i have a range of ip adresses from ISP: 86.abc.abc.abc/29
...how can i add an external ip adress to to one computer behind the SME?

i'm already using the external ip: 86.abc.bca.bca for the SME server

Nope  -
...please reread what Charlie told you
(with your SME gateway) you are really using one single address 86.X.Y.z  for your SME 1
- where X and Y are completely fixed and z is a 3 bit range within 1-254
http://en.wikipedia.org/wiki/IP_address
http://en.wikipedia.org/wiki/Subnetwork

The problem we have here is a misconception regarding "having ip"s and "what's external"...
SME gateway NATs from a single external IP to a local network range...
http://en.wikipedia.org/wiki/Network_address_translation

my internet connection is fiber optic

 
-> Only your switch/NIC care about this ... if "the cable "fits" (into the socket)" you're OK.

ca I install like this?
INTERNET > switch > SME 1
                           > SME 2

NO  ... but YES

Code: [Select]

'INTERNET'> ISPs-ROUTER > YOUR-switch |> SME 1 (getting/using "86.X.Y.z1" from ISP )
                                      |> SME 2 (getting/using "86.X.Y.z2" from ISP )
so YOU now should know what to do - like:
...giving fixed "static" external IPs to your SME's is OK: Example 86.X.Y.1 , 86.X.Y.2 , 86.X.Y.3 , ... , 86.X.Y.8  maybe 86.X.Y.154 , 86.X.Y.155
...activating dhcp on SME's external IFs and you "get one of 86.abc.abc.abc/29 "/per SME assigned from your ISP
...giving MAC to your ISP and getting the assigned IP information back "this MAC will be assigned 86.X.Y.z3 from us"
    http://en.wikipedia.org/wiki/MAC_address
...other IDENTIFIER

READ THIS : http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter3    (please)

Regards
Reinhold
... who is going to grab a coffee now 

[Reinhold]

it0007,

With all the wild things out there...
...it seems like a GOOD IDEA to tell us WHAT you need to place on that additional external IP ...
Hopefully the stuff/software does run on a SME Gateway(!) and communicate on the EXTERNAL IF.
With a "lone, single, unprotected, naive(?)" "Server" <sigh> you WILL need to spend some thoughts on protection 

Regards
Reinhold

[it0007]

thanks for the replay guys
i will read the wikipedia & administration manual

i whant to install Yate - Yet Another Telephony Engine  http://yate.null.ro/

[arne]

But a SME 7.3 running in server-only mode has an enabled firewall as well. (Some earlier versions of the sme server did disable the firewall when running as server-only.) The firewall of the server-only installation is configured for a lan environment and not a wan (internet), but I guess it could be possible to harden the server-only firewall via shell commands if one want to do this.

I have used multible ip's and the standard sme server server-only firewall since 7.3 was new, and I have never thought of that as a problem. (Is it ?)

When it comes to a standard linux 2.6.x kernel I thought it actually were able to handle multible external ip's on one external adapter. If it can not on the sme server, it must be because some conflict with the automated sme server configuration tools. The underlaying Linux kernel/technology should be able to handle multible external ip's. If I don't remember it incorrectely the free Smoothwall firewall does not support more than one external ip, but I think there is a module or a add on that makes it capable of handling more than one external IP.

As I am running my sme server just now, I run it as a virtual installation together with a virtual smoothwall gateway running on a Centos/Vmware host system.

If I have a reasonable fast PC with some memory, and multible external ip's that I wanted to use I think I would have tried to do it as an example like this:

First I would install Centos64/Vmware as the host system. Then I would install a virtual gateway that can handle more than one ip, a modified Smoothwall firewall as an excample and the suitable number of virtual sme servers "behind" that one.

One other option would be to use a number of virtual sme servers, where the firewall is hardened via shell commands to a "internet conectable standard" and then apply one external ip for each virtual sme server installation.

Logically this should work the same way as using a swith/hub and then multible servers with individual external IP configured to each virtual network adapter. The host system itself can be configured with zero ip adresses applied to each physical network interface.

Until now I have used this principle with only one external ip aplied to a virtual smoothwall, and then the free choice of any number of virtual sme servers, and also the number of local ip adresses applied to each virtual sme server. There has been really no bugs or problems with this installation at all. I guess that the principle can be extended to be used to handle multiple ip's as well, but I have actually not tried or tested this option. (And there would eventually be only the cost of one PC hardware only, as all software and "virtual servers" would be for free. I would have liked to try this (If I just got some more external ip's) )

(Actually there is an option of replacing the original sme server firewall configuration with a new one, but as this alternative use to be very unpopular on this forum, I will not mention it. Today I use the original sme server-only firewall "as is", but only with the ad on of some extra ip's, as I have never thought about that as a problem or a modification.)

By the way, when it comes to iptelephony servers, I have installed some virtual variants of Asterisk. The one I use on daily basis is actually the Asterisk RPM for the sme server, so the telephony server is actually integrated into the virtual sme server. Not a bug with that either, and it works quite well. (Astlinux http://www.astlinux.org/ is my favorite when running on it's own hardware, but it did not work to well (for me) when running it as a virtual server installation.)

See Smoothwall "full firewall control release note" of 26 of Feb 08:
http://community.smoothwall.org/forum/viewtopic.php?f=56&t=28255&p=215931&hilit=multiple+external+ip+s+multiple+IPs+mod#p215931
(For info about the "virtual multiple external ip gateway" option.)

Some more info about the Smoothwall mutiple external ip's option/modification:
http://community.smoothwall.org/forum/viewtopic.php?f=56&t=28244

About Yate .. I have never tried this software, but I can see that they have a Windows IAX client (?!). This should be intersting to test out. Personally I just use the SME Asterisk RPM together with the Zoiper IAX/SIP client running in IAX mode. http://www.zoiper.com/ This works just fantastic. During a month I was on the other side of the world, and I were still able to log on to the Asterisk/SME server at home, and everything woked just like beeing home. (No echoes, no delays, no problems at all. I don't understand it, but that's how it actually worked.)

[Reinhold]

i whant to install Yate - Yet Another Telephony Engine  http://yate.null.ro/

it0007,

I do not know yate.
...but from looking at their website I recommend you to look at:
http://wiki.contribs.org/Asterisk

Asterisk sure is among the top solutions in the field - IT WORKS   
... and things don't get much easier than:
To install this contrib download the rpms from selintra and install with
yum localinstall *.rpm
...and the best thing is - selintra is here (if you need some more help)

Regards
Reinhold


Regards
Reinhold