Koozali.org formerly Contribs.org

(Announce) Adding third network card for WLAN/VoIP

Offline jmbac

(Announce) Adding third network card for WLAN/VoIP
« on: September 10, 2007, 06:24:41 AM »
Install Network Card (eth2)
(Use Same Ethernet card recommended)

    My Network Setup   
Ethernet PCI Card 1-eth0;  EthernetDriver1  pcnet32   192.168.0.1  (LAN)
Ethernet PCI Card 2-eth1;  EthernetDriver2  pcnet32   INTERNET     (WAN)
Ethernet PCI Card 3-eth2;  EthernetDriver3  pcnet32   192.168.1.1  (WLAN/VOIP)


1.  /sbin/e-smith/config set EthernetDriver3 pcnet32
     (check your installed network device driver at driver-server setup console)

2   mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ ifcfg-eth2

3.  cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-eth2

4.  cd /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-eth2

5.  Rename ifcfg-eth0 to ifcfg-eth2

6.  mcedit ifcfg-eth2...
   
    #(change IP Address)

DEVICE=eth2 
USERCTL=no
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.1.1 
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255

5.  /sbin/e-smith/expand-template /etc/sysconfig/network-scripts/ifcfg-eth2

6.  /sbin/e-smith/signal-event console-save

7.  add the local network using server manager
     (change IP Address)

Network 192.168.1.0  (WLAN Segment)
netmask 255.255.255.0
router 192.168.0.1  (Eth0 IP Address)

8..reboot system

9. Client PC Setup
   -Provide Static IP Address to client PC..

10. able to access the server resources..

11. able to browse internet only through VPN

Issues- To do list (Please feel free to modify)

1. Not tested on real network segment  (tested only on virtual network (Vmware))
2. Not able to browse internet. 
3. Not able to ping or browse PC client on other LAN Segment.
4. NO DHCP IP for Clients

John


« Last Edit: September 10, 2007, 06:27:58 AM by jmbac »

Offline cactus

  • *
  • 4,880
    • http://www.snetram.nl
Re: (Announce) Adding third network card for WLAN/VoIP
« Reply #1 on: September 10, 2007, 06:50:37 PM »
This has been posted more often and there is one big disadvantage as SME Server lacks proper support for encrypting connections with the third NIC and I guess that it will also not implement MAC filtering and other features to secure your wireless AP. The easiest and safest setup is to attach a wireless capable router to your LAN NIC (they come relatively cheap these days) and configure SME Server to see the LAN provided by this router a s a local network.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline cactus

  • *
  • 4,880
    • http://www.snetram.nl
Re: (Announce) Adding third network card for WLAN/VoIP
« Reply #2 on: September 10, 2007, 06:59:52 PM »
In addition to my previous post, please also read the statement of the development team by means of Gordon about the 3rd NIC not being supported: http://bugs.contribs.org/show_bug.cgi?id=1478#c3

On top as is suggested there you might want to implement iptables firewall rules as well, a search on "third 3rd +nic" yields a lot of pages of which some might be worth reading as well.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Re: (Announce) Adding third network card for WLAN/VoIP
« Reply #3 on: September 10, 2007, 10:10:08 PM »
This has been posted more often and there is one big disadvantage as SME Server lacks proper support for encrypting connections with the third NIC and I guess that it will also not implement MAC filtering and other features to secure your wireless AP. The easiest and safest setup is to attach a wireless capable router to your LAN NIC (they come relatively cheap these days) and configure SME Server to see the LAN provided by this router a s a local network.

By default the router will use NAT. The SME server therefore won't see the individual IP addresses of the clients attached to the router. In that case, there is no need (or point) in declaring the router's LAN addresses as "local". OTOH, you won't be able to distinguish via the SME server's logs which client machines are connecting to which services.

Some router's can be switched from NAT mode to routing mode, and in that case you will need to declare a local network, and you will be able to distinguish different client machines in the SME server's logs.

In both cases you need to be careful with security on the router. FOr instance, allowing unsecured wireless access to the router will create an open mail relay. Don't do that.