Hello!
Thanks to the help provided by Ray Olszewski it has become obvious that my secondary IP addresses on my external interface are not working properly.
I have a static IP of 206.127.76.231/27 for my primary IP on my Dachstein box. I have also been assigned the block of 206.127.77.48/28 (14 useable IP's). They are being routed correctly by my ISP, but my Dach box does not reply to ping requests on that range of IP's.
<massive snippage>
The only thing that I can think of is that I haven't specified a broadcast address for the secondary network. Is there any way I can add that in the scripts? If not, could someone give me any help in getting it set up manually?
First, let's back up a bit and try to clarify exactly what you're trying to setup.
It sounds like you have a traditional setup with a block of IP's being routed to you by your ISP. With this sort of setup you would normally set up your firewall as a router, or choose a routed DMZ, rather than trying to add multiple IP's to your external interface, ie:
ISP | -------------- 206.127.76.231 Ext. interface Dachstein Firewall/router Int. interface DMZ interface 192.168.0.254 206.127.77.49 -------------- ------------- | | 192.168.0.0/24 206.127.77.48/28
NOTE: I arbitrarily picked 206.127.77.49 as the IP of the firewall on your DMZ network...you can assign IP's however you want.
I suggest sticking with the above network architecture (or something similar) unless you have a good reason or requirement to do something different. If you need help getting this going, re-post to the list with whatever you don't understand about configuring a DMZ.
Back to your origional question: If you want to add a broadcast address to extra IP ranges, you'll need to modify the if_up procedure, or do it manually (handy for testing).
Look for the interface case statement in the if_up () procedure in /etc/network.conf, and modify it as follows:
*) # default interface startup
brg_iface $1 up $BRIDGE
[ -n "$IPADDR" ] \
&& ip addr add $IPADDR/$MASKLEN $IFCFG_BROADCAST dev $1
for ADDR in $IP_EXTRA_ADDRS; do
ip addr add $ADDR $IFCFG_BROADCAST dev $1
doneThe part you need to change is the line in the "for ADDR in ..." loop. Adding the $IFCFG_BROADCAST will use the broadcast specification from the main interface configuration variables. This will break if you have different networks and specify the exact broadcast address, but will work as expected if you use the shorthand "+" for the broadcast address.
-- Charles Steinkuehler [EMAIL PROTECTED]
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
