Koozali.org: home of the SME Server

Extending the network

Bierken

Extending the network
« on: May 22, 2006, 11:43:45 AM »
Topic title should say: Add support for three NIC configuration

Hello,

4 weeks ago I made the jump from  SME 5.6 to SME 7 rc2.
Everything works perfectly. There is only 1 thing I would like to implement,
what I had implemented on SME 5.6 3 years ago.
But I seem to have forgotten something :-( in the process.
I had implemented a 2nd local network linked to a wireless adapter.
SME server is a server-gateway.
Up to now,
- I managed to get the wireless adapter up and running.
- The 2nd local network has been created in the server manager,
and entries have shown up in the host config files for certain services.
- ifconfig gives me eth2 with it's own ip on the 2nd local network.
- iwconfig gives a good output (ad hoc mode /essid/...) .
-> I just don't manage to get a laptop connected to the SME server via this new local network.
A ping from sme server to laptop or other way around isn't working.
The laptop has a tool for scanning for wireless networks
and finds the wireless network of the SME server.

* Has anyone some pointers what I could have forgotten?
Searching the web hasn't helped me uptonow.


* (Would be nice) Has anyone succeeded running dhcpd on 2 networks (eg. 192.168.100.1/192.168.101.1).
It would be nice if the wireless part could attribute IP addresses to clients.
Thanks

SOLUTION :  Missing/wrong setup in my case:
The router defined for the new local network(192.168.200.0) was pointing
 to the existing (192.168.100.1) gateway as router.
Using the server-manager and creating the new local network will only
 allow this (router = existing network).
As I'm using a 3rd NIC for my new local network, the router must
 point to 192.168.200.1 for the new local network 192.168.200.0

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Extending the network
« Reply #1 on: May 22, 2006, 12:38:29 PM »
Quote from: "Bierken"
Hello,

4 weeks ago I made the jump from  SME 5.6 to SME 7 rc2.
Everything works perfectly. There is only 1 thing I would like to implement, what I had implemented on SME 5.6 3 years ago.
But I seem to have forgotten something :-( in the process.
I had implemented a 2nd local network linked to a wireless adapter.
SME server is a server-gateway.
Up to now,
- I managed to get the wireless adapter up and running.
- The 2nd local network has been created in the server manager,
and entries have shown up in the host config files for certain services.
- ifconfig gives me eth2 with it's own ip on the 2nd local network.
- iwconfig gives a good output (ad hoc mode /essid/...) .
-> I just don't manage to get a laptop connected to the SME server via this new local network. A ping from sme server to laptop or other way around isn't working. The laptop has a tool for scanning for wireless networks and finds the wireless network of the SME server.

* Has anyone some pointers what I could have forgotten?
Searching the web hasn't helped me uptonow.


* (Would be nice) Has anyone succeeded running dhcpd on 2 networks (eg. 192.168.100.1/192.168.101.1). It would be nice if the wireless part could attribute IP addresses to clients.
Thanks

Did you specify the router ip-address under the local domain setting?
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Bierken

Re: Extending the network
« Reply #2 on: May 22, 2006, 06:13:23 PM »
Quote from: "cactus"

Did you specify the router ip-address under the local domain setting?

Yes

Code: [Select]

Local networks
Network        Subnet mask Number of hosts Router Action
192.168.100.0 255.255.255.0 256
192.168.200.0 255.255.255.0 256 192.168.100.1 Remove

(ifconfig)
eth1      Link encap:Ethernet  HWaddr 00:A0:DD:5C:52:58
          inet addr:192.168.1.64  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7588138 errors:1 dropped:0 overruns:0 frame:0
          TX packets:7604235 errors:5 dropped:0 overruns:4 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:528361060 (503.8 MiB)  TX bytes:1255584841 (1.1 GiB)
          Interrupt:177 Base address:0x4000

eth2      Link encap:Ethernet  HWaddr 00:02:2D:99:F3:68
          inet addr:192.168.200.1  Bcast:192.168.200.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:585 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:78801 (76.9 KiB)  TX bytes:570 (570.0 b)
          Interrupt:169 Base address:0x100

(iwconfig)
eth2      IEEE 802.11-DS  ESSID:"Gate01"  Nickname:"WireLessGate01"
          Mode:Ad-Hoc  Frequency:2.457GHz  Cell: 02:02:2D:99:F3:68
          Bit Rate:2Mb/s   Tx-Power=15 dBm   Sensitivity:1/3
          Retry limit:4   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:313
          Tx excessive retries:2539  Invalid misc:0   Missed beacon:0

(route)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   *               255.255.255.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.200.0   192.168.100.1   255.255.255.0   UG    0      0        0 eth0
192.168.200.0   *               255.255.255.0   U     0      0        0 eth2
default         192.168.1.254   0.0.0.0         UG    0      0        0 eth1

(hosts.allow)
slapd: 127.0.0.1 192.168.100.0/255.255.255.0 192.168.200.0/255.255.255.0
pop3s: 127.0.0.1 192.168.100.0/255.255.255.0 192.168.200.0/255.255.255.0
qmail-popup: 127.0.0.1 192.168.100.0/255.255.255.0 192.168.200.0/255.255.255.0
sshd: 127.0.0.1 192.168.100.0/255.255.255.0 192.168.200.0/255.255.255.0

(hosts.deny)
ALL: ALL

Is there an easy way to swap eth1 and eth2? So I can test the 2nd local network with the wired settings.
I don't see what I have done wrong uptonow.

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Extending the network
« Reply #3 on: May 22, 2006, 07:32:43 PM »
Quote from: "Bierken"
Quote from: "cactus"

Did you specify the router ip-address under the local domain setting?

Yes

Code: [Select]

Local networks
Network        Subnet mask Number of hosts Router Action
192.168.100.0 255.255.255.0 256
192.168.200.0 255.255.255.0 256 192.168.100.1 Remove

(ifconfig)

[...]

eth2      Link encap:Ethernet  HWaddr 00:02:2D:99:F3:68
          inet addr:192.168.200.1  Bcast:192.168.200.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:585 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:78801 (76.9 KiB)  TX bytes:570 (570.0 b)
          Interrupt:169 Base address:0x100



I don't see what I have done wrong uptonow.


If I am coorrect the server-manager screen says the following about the router:
Quote
"Router" should be the IP address of the router on your local network via which the additional network is reached.


So shouldn't the router ip address read 192.168.200.1 instead of 192.168.100.1?

I guess the wireless network is meant here with additional network and the router through which you reach your additional (wireless) network has ip address 192.168.200.1.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Bierken

Re: Extending the network
« Reply #4 on: May 22, 2006, 07:57:22 PM »
Quote from: "cactus"
So shouldn't the router ip address read 192.168.200.1 instead of 192.168.100.1?

I guess the wireless network is meant here with additional network and the router through which you reach your additional (wireless) network has ip address 192.168.200.1.


Start situation in server-manager:
Network   Subnet mask   Number of hosts   Router   Action   
192.168.100.0   255.255.255.0   256       

Adding a local network:
Network address 192.168.200.0
Subnet mask    255.255.255.0
Router      192.168.200.1

Result:
Operation status report
Error: router address is not accessible from local network. Did not add network.

But cactus, you're 100% right, changing /home/e-smith/db/networks manually
to
192.168.200.0=network|Mask|255.255.255.0|Router|192.168.200.1
or
192.168.200.0=network|Mask|255.255.255.0|SystemLocalNetwork|yes
gets my wireless network up and running.
And if I remember well ... this is wat I did 3 year ago too :-)

Now, can some1 verify the same action, because I think getting an error is a bug, but I had already thelocal network and removed it.

Thanks :pint:

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Extending the network
« Reply #5 on: May 22, 2006, 08:04:46 PM »
Quote from: "Bierken"

Now, can some1 verify the same action, because I think getting an error is a bug, but I had already thelocal network and removed it.

Thanks :pint:
Just add it to the bugtracker it seems like a bug to me. The only place to report issues like this is the bugtracker. This way there is one place where all problems and flaws and theire solutions are documented.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Bierken

Extending the network
« Reply #6 on: May 22, 2006, 08:26:48 PM »
Bug 1478 has been added to the database

Bierken

Extending the network
« Reply #7 on: May 23, 2006, 08:24:26 AM »
------- Comment #1 From Charlie Brady 2006-05-22 14:10 [reply] -------

> I was't able to to put 192.168.200.1 as rout IP.
> Only 192.168.100.1 was allowed.

No, that's not correct - any address on the 192.168.100.x network would have
been allowed.

192.168.200.1 is not a valid address - you need to enter an address on your
local network *by which* you reach the 192.168.200.x network. For instance, if
your wireless router has a "WAN" interface of 192.168.100.5, and its bridged
network is 192.168.200.x, then the router address for the 192.168.200.x network
is 192.168.100.5.

Resolving as INVALID. This isn't a bug - you've just misunderstood how separate
networks can be connected via a router.

Bierken

Extending the network
« Reply #8 on: May 23, 2006, 08:24:57 AM »
I admit that I don't really get this local network stuff, BUT the fact remains
that when I added a 3rd NIC (wireless adapter) and added a new local network to
serve the wireless clients, I couldn't get connected to SME server if I added
192.168.100.1 as router for the new local network 192.168.200.0
Moreover, changing manually the router in /home/e-smith/db/networks from
192.168.100.1 to 192.168.200.1, I could connect with a client to the new
created local network.
Is my setup wrong or am I missing something here?

Thanks

Bierken

Extending the network
« Reply #9 on: May 23, 2006, 10:12:10 AM »
------- Comment #3 from gordonr-bugzilla@gormand.com.au  2006-05-23 00:47 -------
(In reply to comment #2)
> I admit that I don't really get this local network stuff, BUT the fact remains
> that when I added a 3rd NIC (wireless adapter)

That was the missing part of the bug report :-) I read this as you adding a
wireless gateway on your LAN, not a third NIC (and I suspect Charlie did too).

> and added a new local network to
> serve the wireless clients, I couldn't get connected to SME server if I added
> 192.168.100.1 as router for the new local network 192.168.200.0

That would be correct. The correct router is 192.168.200.1 (assuming your third
NIC is 192.168.200.1). They are all local interfaces, but they will have separate
rules applied to them - in particular the anti-spoofing rules, which drop packets
coming in on the "wrong" interface.

> Moreover, changing manually the router in /home/e-smith/db/networks

Please don't - use the 'db' command to modify the databases - see the
Developer's Guide linked at http://wiki.contribs.org/development/

> from
> 192.168.100.1 to 192.168.200.1, I could connect with a client to the new
> created local network.
> Is my setup wrong or am I missing something here?

No, you are correct. The problem here is that we don't have any support for a
third NIC, and so you will have to manually modify the networks db. Since we
don't have the support for the third NIC under the covers, we don't support it
in the server manager.

This is really a New Feature Request, and so I am marking it as such. Note that
if third NIC support were to be added, it would almost certainly want its own
firewalling rules.

Adjusting summary
WAS: Unable to attribute right router IP for new local network
IS: Add support for three NIC configuration

(BTW: I'm not sure that a wireless NIC is the way to go. The MAC filtering,
security profiles and similar of the wireless access points are probably not
worth reinventing.)