Koozali.org: home of the SME Server

Multiple public IP's On 1 sme Box

Dave Brown

Multiple public IP's On 1 sme Box
« on: February 28, 2003, 11:00:45 PM »
Maybe I am stupid but I need some help, I have 1 SME box. I would like to have it hold all of my 13 Public IP address' and Route to the Unsage Windows Servers behind it, can this Be done?? and How, the goal is like this


eth 1 xxx.xxx.xxx.170-175 (public address)
SME 5.6
eth 0 192.168.0.1 (private)

Windows 192.168.0.2 IIS and FTP etc Public address is actually xxx.xxx.xxx.171 but forward any requests on that ip from the SME 5.6

Etc

Thanks

Dave

adrian

Re: Multiple public IP's On 1 sme Box
« Reply #1 on: March 02, 2003, 09:43:59 AM »
I need too. Please, send me a email if you have a solution.
I can forward port from ip public to ip private but i can't have multi ip public.

Regards.

Daley

Re: Multiple public IP's On 1 sme Box
« Reply #2 on: March 02, 2003, 04:12:35 PM »
check it out at http://www.tech-geeks.org/article.php?story=20020206234827402, Abe Loveless has a solution.

Regards,
Daley

Dave Brown

Re: Multiple public IP's On 1 sme Box
« Reply #3 on: March 03, 2003, 05:58:44 PM »
Abe's Solutions works like a champ with SME 5.5, but with SME 5.6 you are not able to do the solutions because of the change from ipchains (5.5) to iptables(5.6) and your basically hanging your windows (argh!) out for the hacking with the public ip even though it is nat'ed

Dave

Bill Talcott

Re: Multiple public IP's On 1 sme Box
« Reply #4 on: March 03, 2003, 06:09:40 PM »
http://www.chrouch.com/e-smith/extraip.html was made for ipchains as well, but it may point you in the right direction...

Abe Loveless

Re: Multiple public IP's On 1 sme Box
« Reply #5 on: March 04, 2003, 10:42:48 PM »
If anybody has a pointers of IPTables, I'd be happy to have some help with the 1 to 1 Nat contrib.

I haven't had a chance to study up on it yet.

Let me know.

Abe

Dave Brown

Re: Multiple public IP's On 1 sme Box
« Reply #6 on: March 08, 2003, 02:55:28 AM »
Just found a great utility and it is a web setup http://bifrost.heimdalls.com/ the instructions are a little vauge but the overall results are pleasing, Please becarefull with this utility you can lock your self completely out of the box if you are not familiar with the rules!!!

Dave

Abe Loveless

Re: Multiple public IP's On 1 sme Box
« Reply #7 on: March 08, 2003, 04:06:58 AM »
Looks neat.  I'd be interested in hearing how it works with the SME Server.  All of the firewall rules in SME are templated, so any changes made through Bifrost would be probably be wiped on reboot or if you do anything through the server-manager that would reset the firewall values.

If anybody gives this a try, I'd definitely want to hear the results.

Dave Brown

Re: Multiple public IP's On 1 sme Box
« Reply #8 on: March 08, 2003, 04:23:52 AM »
I have it working on an sme 5.6 it was easy to do
No problems to speak of

Dave Brown

Re: Multiple public IP's On 1 sme Box
« Reply #9 on: March 08, 2003, 04:24:42 AM »
Like I said though be very carefull as you can lock your self right out!!
this is from experience lol

Dave

Ben Morrisson

Re: Multiple public IP's On 1 sme Box
« Reply #10 on: May 03, 2003, 12:56:19 PM »
Hi Abe,
Am very interested in seeing the conversion of 1to1 to 5.6
Have been looking at your scripts and the iptable implementation and damn my head is spinning  . . .

The firewall incursion part of your script is pretty similar between ipchains and iptables so these should basically work with minor changes.
go here for differences
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-7.html

Here is a basic output for one ip on your script
ip rule add from 192.168.0.202 nat 200.200.200.201 table main
ip route add nat 200.200.200.201 via 192.168.0.202 table local
ipchains -b -I forward 2 -p all -d 192.168.0.202 -j ACCEPT
ipchains -b -I forward 2 -p all -s 200.200.200.201 -j ACCEPT
ipchains -I input 2 -p all -s 0/0 -d 200.200.200.201 -j ACCEPT

As I said the last three rules should work ok with iptables with minor changes.

The major difference is that it appears iptables uses a separate subsystem for NAT control or at least the how-to says this though I cant find it implemented that way in 5.6. Anyway my brain shut down somewhere around trying to get my head around the NAT used in 5.6.

Anyway here are the official how-tos for both systems
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html
http://www.linuxguruz.com/iptables/howto/ipnatctl-HOWTO.html

Was also thinking it would probably be useful to introduce basic port control here.
eg. -dport 80 as I expect most people are needing this module to support a DMZ and restricting ports at the SME makes it all the more useful.

Anyway please let me know if I can help i.e. maybe puting into an rpm or something  or panel?

hope this helps at all
Ben