Re: [HS] iptables et ip aliasing
Le Mardi 9 Mai 2006 21:43, Pascal Hambourg a écrit : steve a écrit : je n'arrive pas à pinger depuis 192.168.20.2 sur 192.168.2.2. Ça veut dire quoi exactement je n'arrive pas ? Il y a un message d'erreur ? non. je pingue et il ne se passe rien, à part que si je pingue sur dolibarr.maison.mrs, il me trouve la bonne IP: ping dolibarr.maison.mrs PING dolibarr.maison.mrs (192.168.2.2) 56(84) bytes of data. et nada. ça ne passe pas. Et un traceroute ? un traceroute donne : traceroute to dolibarr.maison.mrs (192.168.2.2), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * etc... La machine ayant l'adresse 192.168.20.2 a-t-elle une route explicite ou par défaut pour joindre 192.168.2.2 ? non. la route par défaut passe par 192.168.20.1 puis par eth0 (192.168.1.34) puis vers le net via le modem en 192.168.1.1, mais rien vers le réseau 192.168.2.0. Pas besoin de route spécifique, la route par défaut via 192.168.20.1 est suffisante puisqu'elle conduit à la bonne machine (192.168.20.1 et 192.168.2.2, c'est la même machine). oui. Donc a priori j'écarte un problème de routage. Un petit tcpdump sur ath0 quand même pour vérifier que les paquets arrivent, et éventuellement si un réponse repart. #tcpdump -i ath0 port 80 listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 08:12:12.830823 IP portable.maison.mrs.54577 dolibarr.maison.mrs.www: S 511354364:511354364(0) win 5840 mss 1460,sackOK,timestamp 548769588 0,nop,wscale 2 08:12:15.830498 IP portable.maison.mrs.54577 dolibarr.maison.mrs.www: S 511354364:511354364(0) win 5840 mss 1460,sackOK,timestamp 548772588 0,nop,wscale 2 08:12:21.830050 IP portable.maison.mrs.54577 dolibarr.maison.mrs.www: S 511354364:511354364(0) win 5840 mss 1460,sackOK,timestamp 548778588 0,nop,wscale 2 08:12:33.829218 IP portable.maison.mrs.54577 dolibarr.maison.mrs.www: S 511354364:511354364(0) win 5840 mss 1460,sackOK,timestamp 548790588 0,nop,wscale 2 et rien d'autre Y a-t-il du filtrage IP sur les machines ? Il y a des règles iptables pour bloquer l'accès depuis le net, que j'ouvre au cas par cas si besoin est. Et aucun filtrage en INPUT ou OUTPUT sur ath0 ? si ! iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s $LAN_IP -d $LAN_NETWORK -p all -j ACCEPT iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_NETWORK -d $LAN_IP -p all -j ACCEPT iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s $LAN_IP -d $LAN_BROADCAST -p all -j ACCEPT iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_BROADCAST -d $LAN_IP -p all -j ACCEPT avec les variables remplacées par ce qu'on imagine ;-) [...] Tu n'as pas besoin de forwarder des paquets d'une interface à une autre. c'est bien ce qui se passe quand on fait echo 1 /proc/sys/net/ipv4/ip_forward Oui. Ou sysctl -w net.ipv4.ip_forward=1 (plus joli). jamais réussi à me souvenir de cette manière-là... alors pourquoi ça ne marche pas dans mon cas ? est-ce dû au virtualhosting par IP de Apache ? A priori non puisque l'accès aux deux sites fonctionne en local. A moins que tu aies mis des restrictions d'accès dans la configuration d'Apache sur le vhost dolibarr.maison.mrs. Mais dans ce cas tu aurais une réponse du genre 500 Forbidden. non, aucune réponse de ce style-là. des règles iptables mal foutues ? Possible, il faut éplucher les règles INPUT et OUTPUT qui concernent ath0 ou toutes les interfaces. c'est que j'ai fait hier, après avoir épluché la doc d'iptables sur le Net. Pour ce qui concerne aujourd'hui, je vais me remettre la config d'origine (une machine sur la branche 192.168.2.0) et foutre le tout en DMZ, avec port forwarding et tout. J'espère que ce sera plus clair ainsi. Si je résume, depuis 192.168.20.x : - accès internet possible oui - ping 192.168.20.1 obtient une réponse oui - ping 192.168.2.2 n'obtient pas de réponse ? oui, et quelques cheveux de moins pour moi.. merci encore ! -- steve jabber : [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
steve a écrit : [...] #tcpdump -i ath0 port 80 listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 08:12:12.830823 IP portable.maison.mrs.54577 dolibarr.maison.mrs.www: S 511354364:511354364(0) win 5840 mss 1460,sackOK,timestamp 548769588 0,nop,wscale 2 [...] Avec -n pour avoir les adresses et ports sous forme numérique c'est plus parlant. On voit quand même que les paquets SYN arrivent, mais pas de réponse. [...] Et aucun filtrage en INPUT ou OUTPUT sur ath0 ? si ! iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s $LAN_IP -d $LAN_NETWORK -p all -j ACCEPT iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_NETWORK -d $LAN_IP -p all -j ACCEPT Alors, j'imagine que : LAN_INTERFACE=ath0 LAN_IP=192.168.20.1 LAN_NETWORK=192.168.20.0/24 Bon ben voilà, je crois que c'est là. Trop restrictif : ces règles bloquent le trafic entrant et sortant par ath0 si on utilise l'adresse d'une autre interface. Or c'est justement ce qui se passe quand on veut accéder à 192.168.2.2 depuis 192.168.20.0/24. Donc soit tu supprimes la condition portant sur $LAN_IP, soit tu ajoutes des règles similaires pour les autres adresses locales auxquelles tu veux accéder par ath0 : iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s 192.168.2.2 \ -d $LAN_NETWORK -p all -j ACCEPT iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_NETWORK \ -d 192.168.2.2 -p all -j ACCEPT iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s $LAN_IP -d $LAN_BROADCAST -p all -j ACCEPT Ce cas n'est pas déjà inclus dans la première régle (normalement $LAN_BROADCAST=192.168.20.255 est inclus dans $LAN_NETWORK) ? iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_BROADCAST -d $LAN_IP -p all -j ACCEPT Inutile voire dangereux : une adresse de broadcast n'est pas valide comme adresse source. On doit répondre à un paquet broadcast par un paquet unicast (ce qui trompe le suivi de connexion de Netfilter, accessoirement). -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[RÉSOLU] Re: [HS] iptables et ip aliasing
Le Mercredi 10 Mai 2006 13:14, Pascal Hambourg a écrit : steve a écrit : [...] #tcpdump -i ath0 port 80 listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 08:12:12.830823 IP portable.maison.mrs.54577 dolibarr.maison.mrs.www: S 511354364:511354364(0) win 5840 mss 1460,sackOK,timestamp 548769588 0,nop,wscale 2 [...] Avec -n pour avoir les adresses et ports sous forme numérique c'est plus parlant. On voit quand même que les paquets SYN arrivent, mais pas de réponse. [...] Et aucun filtrage en INPUT ou OUTPUT sur ath0 ? si ! iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s $LAN_IP -d $LAN_NETWORK -p all -j ACCEPT iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_NETWORK -d $LAN_IP -p all -j ACCEPT Alors, j'imagine que : LAN_INTERFACE=ath0 LAN_IP=192.168.20.1 LAN_NETWORK=192.168.20.0/24 Bravo -;) Bon ben voilà, je crois que c'est là. Trop restrictif : ces règles bloquent le trafic entrant et sortant par ath0 si on utilise l'adresse d'une autre interface. Or c'est justement ce qui se passe quand on veut accéder à 192.168.2.2 depuis 192.168.20.0/24. Donc soit tu supprimes la condition portant sur $LAN_IP Bingo ! ça marche en virant le -d $LAN_IP de ces 2 conditions. , soit tu ajoutes des règles similaires pour les autres adresses locales auxquelles tu veux accéder par ath0 : iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s 192.168.2.2 \ -d $LAN_NETWORK -p all -j ACCEPT iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_NETWORK \ -d 192.168.2.2 -p all -j ACCEPT iptables -t filter -A OUTPUT -o $LAN_INTERFACE -s $LAN_IP -d $LAN_BROADCAST -p all -j ACCEPT Ce cas n'est pas déjà inclus dans la première régle (normalement $LAN_BROADCAST=192.168.20.255 est inclus dans $LAN_NETWORK) ? oui effectivement. J'ai viré ces 2 règles. iptables -t filter -A INPUT -i $LAN_INTERFACE -s $LAN_BROADCAST -d $LAN_IP -p all -j ACCEPT Inutile voire dangereux : une adresse de broadcast n'est pas valide comme adresse source. On doit répondre à un paquet broadcast par un paquet unicast (ce qui trompe le suivi de connexion de Netfilter, accessoirement). ok. Merci mille fois, j'ai pas mal appris d'iptables. J'avais piqué un scirpt sur le net en l'adaptant à ce que je croyais être mes besoins, mais ne pigeant pas le truc parfaitement, voilà ce qui arrive.. Très belle après-midi -- steve jabber : [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
Le Lundi 8 Mai 2006 21:59, Pascal Hambourg a écrit : Salut, Salut, steve a écrit : Ayant eu le besoin pour une ip de plus, j'en ai créé une, eth1:0, sur laquelle écoute un apache. Maintenant j'aimerai pourvoir accéder à ce serveur depuis n'importe où dans mon réseau local. J'ai donc écrit quelque règle iptables pour le permettre. Le problème se présente au moment où je relance mon script : Warning: weird character in interface `eth1:0' (No aliases, :, ! or *) Ce message n'est qu'un warning, et tu peux vérifier que la règle est quand même créée. Contrairement à ce qu'écrit Sylvain, on peut mettre à peu près ce qu'on veut comme nom d'interface dans les options -i et -o d'une règle iptables, même des interfaces qui n'existent pas | pas encore | plus. Mais il a raison dans le sens où elle ne se déclenchera pas, car l'interface eth1:0 n'existe pas. Les alias IP sont une imposture, tout comme ce qu'affiche ifconfig. En réalité ifconfig n'affiche pas des interfaces mais des labels. Un label est un identificateur optionnel associé à une adresse IPv4 attribuée à une interface. Par défaut le label est le nom de l'interface. Un alias IP est juste un autre label, pas une interface. Les labels ne servent guère qu'à ifconfig, et sont ignorés par le routage ou iptables pour qui seules les véritables interfaces et les adresses comptent. Merci pour cette présentation ! Toutefois, ça ne résout pas mon problème. Ce que j'essaie de faire, c'est d'avoir 2 sites web sur la même machine et accessible depuis mon réseau interne (en 192.168.20.0/24). J'ai trois interfaces sur le serveur : eth0 sur internet, eth1 (192.168.2.2) et ath0 (192.168.20.1). J'ai un serveur web auquel j'accède via www.maison.mrs et un autre sous dolibarr.maison.mrs. J'arrive accéder aux 2 sites depuis le serveur, au www.maison.mrs depuis le réseau local (wifi), mais pas au 2e site. D'ailleurs je n'arrive pas à pinger depuis 192.168.20.2 sur 192.168.2.2. J'ai essayé plusieurs règles iptables (un peu au bol il y est vrai...), mais je n'y parviens pas. J'ai pensé faire du port forwarding depuis 192.168.20.1:80 sur 192.168.2.2:80, ... pas marché ;-( Comment je fais pour faire passer les paquets de ath0 sur eth1 (ip_forward déjà est à 1) ? Merci ! -- steve jabber : [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
steve a écrit : Ce que j'essaie de faire, c'est d'avoir 2 sites web sur la même machine et accessible depuis mon réseau interne (en 192.168.20.0/24). J'ai trois interfaces sur le serveur : eth0 sur internet, eth1 (192.168.2.2) et ath0 (192.168.20.1). J'ai un serveur web auquel j'accède via www.maison.mrs et un autre sous dolibarr.maison.mrs. A quelle(s) adresse(s) IP correspondent ces noms ? J'arrive accéder aux 2 sites depuis le serveur, au www.maison.mrs depuis le réseau local (wifi), Qui correspond à quelle interface ? mais pas au 2e site. D'ailleurs je n'arrive pas à pinger depuis 192.168.20.2 sur 192.168.2.2. Ça veut dire quoi exactement je n'arrive pas ? Il y a un message d'erreur ? La machine ayant l'adresse 192.168.20.2 a-t-elle une route explicite ou par défaut pour joindre 192.168.2.2 ? Y a-t-il du filtrage IP sur les machines ? J'ai essayé plusieurs règles iptables (un peu au bol il y est vrai...), mais je n'y parviens pas. Tu veux parvenir à *quoi* exactement ? J'ai pensé faire du port forwarding depuis 192.168.20.1:80 sur 192.168.2.2:80, ... pas marché ;-( Tu n'as pas besoin de faire du port forwarding (NAT destination). En fait tu n'as pas besoin d'iptables, sauf si tu bloques du trafic par défaut et que tu dois autoriser du trafic explicitement. Comment je fais pour faire passer les paquets de ath0 sur eth1 (ip_forward déjà est à 1) ? Tu n'as pas besoin de forwarder des paquets d'une interface à une autre. Les paquets forwardés sont uniquement ceux reçus et destinés à une autre machine. Les paquets reçus avec une adresse destination appartenant à la machine sont dirigés vers les processus locaux même si l'adresse ne correspond pas à l'interface d'arrivée. Les sockets TCP/UDP ne sont pas spécialement concernés par les interfaces. En fait le réseau c'est simple : - un paquet arrive sur n'importe quelle interface avec n'importe quelle adresse destination appartenant à la machine - je prends ; - un paquet arrive avec une adresse de destination n'appartenant pas à la machine - je forwarde (si forwarding activé). -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
comme ce sont 2 réseau différent ton masque est t'il prévu pour, par exemple: 255.255.0.0 et non 255.255.255.0 ? André ON4HU Le Mardi 9 Mai 2006 13:36, Pascal Hambourg a écrit : steve a écrit : Ce que j'essaie de faire, c'est d'avoir 2 sites web sur la même machine et accessible depuis mon réseau interne (en 192.168.20.0/24). J'ai trois interfaces sur le serveur : eth0 sur internet, eth1 (192.168.2.2) et ath0 (192.168.20.1). J'ai un serveur web auquel j'accède via www.maison.mrs et un autre sous dolibarr.maison.mrs. A quelle(s) adresse(s) IP correspondent ces noms ? J'arrive accéder aux 2 sites depuis le serveur, au www.maison.mrs depuis le réseau local (wifi), Qui correspond à quelle interface ? mais pas au 2e site. D'ailleurs je n'arrive pas à pinger depuis 192.168.20.2 sur 192.168.2.2. Ça veut dire quoi exactement je n'arrive pas ? Il y a un message d'erreur ? La machine ayant l'adresse 192.168.20.2 a-t-elle une route explicite ou par défaut pour joindre 192.168.2.2 ? Y a-t-il du filtrage IP sur les machines ? J'ai essayé plusieurs règles iptables (un peu au bol il y est vrai...), mais je n'y parviens pas. Tu veux parvenir à *quoi* exactement ? J'ai pensé faire du port forwarding depuis 192.168.20.1:80 sur 192.168.2.2:80, ... pas marché ;-( Tu n'as pas besoin de faire du port forwarding (NAT destination). En fait tu n'as pas besoin d'iptables, sauf si tu bloques du trafic par défaut et que tu dois autoriser du trafic explicitement. Comment je fais pour faire passer les paquets de ath0 sur eth1 (ip_forward déjà est à 1) ? Tu n'as pas besoin de forwarder des paquets d'une interface à une autre. Les paquets forwardés sont uniquement ceux reçus et destinés à une autre machine. Les paquets reçus avec une adresse destination appartenant à la machine sont dirigés vers les processus locaux même si l'adresse ne correspond pas à l'interface d'arrivée. Les sockets TCP/UDP ne sont pas spécialement concernés par les interfaces. En fait le réseau c'est simple : - un paquet arrive sur n'importe quelle interface avec n'importe quelle adresse destination appartenant à la machine - je prends ; - un paquet arrive avec une adresse de destination n'appartenant pas à la machine - je forwarde (si forwarding activé). -- WEB server: http://www.on4hu.be/ FTP server: ftp://ftp.on4hu.be/ COMPUTERS ARE LIKE AIR-CONDITIONERS THEY STOP WORKING PROPERLY AS SOON AS YOU OPEN WINDOWS
Re: [HS] iptables et ip aliasing
Le Mardi 9 Mai 2006 13:36, Pascal Hambourg a écrit : steve a écrit : Ce que j'essaie de faire, c'est d'avoir 2 sites web sur la même machine et accessible depuis mon réseau interne (en 192.168.20.0/24). J'ai trois interfaces sur le serveur : eth0 sur internet, eth1 (192.168.2.2) et ath0 (192.168.20.1). J'ai un serveur web auquel j'accède via www.maison.mrs et un autre sous dolibarr.maison.mrs. A quelle(s) adresse(s) IP correspondent ces noms ? www.maison.mrs : 192.168.20.1 dolibarr.maison.mrs : 192.168.2.2 J'ai défini deux VirtualHost dans httpd.conf . De plus, j'ai mis une entrée A pour chacun dans ma zone maison.mrs (bind). J'arrive accéder aux 2 sites depuis le serveur, au www.maison.mrs depuis le réseau local (wifi), Qui correspond à quelle interface ? 192.168.20.1. Ce que j'appelle le réseau local (en wifi) est en 192.168.20.0/24 mais pas au 2e site. D'ailleurs je n'arrive pas à pinger depuis 192.168.20.2 sur 192.168.2.2. Ça veut dire quoi exactement je n'arrive pas ? Il y a un message d'erreur ? non. je pingue et il ne se passe rien, à part que si je pingue sur dolibarr.maison.mrs, il me trouve la bonne IP: ping dolibarr.maison.mrs PING dolibarr.maison.mrs (192.168.2.2) 56(84) bytes of data. et nada. ça ne passe pas. La machine ayant l'adresse 192.168.20.2 a-t-elle une route explicite ou par défaut pour joindre 192.168.2.2 ? non. la route par défaut passe par 192.168.20.1 puis par eth0 (192.168.1.34) puis vers le net via le modem en 192.168.1.1, mais rien vers le réseau 192.168.2.0. Y a-t-il du filtrage IP sur les machines ? Il y a des règles iptables pour bloquer l'accès depuis le net, que j'ouvre au cas par cas si besoin est. J'ai essayé plusieurs règles iptables (un peu au bol il y est vrai...), mais je n'y parviens pas. Tu veux parvenir à *quoi* exactement ? je veux que les postes de mon réseau wifi soient capables d'aller sur les deux sites; pour le moment seul le www.maison.mrs est accessible. J'ai pensé faire du port forwarding depuis 192.168.20.1:80 sur 192.168.2.2:80, ... pas marché ;-( Tu n'as pas besoin de faire du port forwarding (NAT destination). En fait tu n'as pas besoin d'iptables, sauf si tu bloques du trafic par défaut et que tu dois autoriser du trafic explicitement. ce que je fais pour le net. Comment je fais pour faire passer les paquets de ath0 sur eth1 (ip_forward déjà est à 1) ? Tu n'as pas besoin de forwarder des paquets d'une interface à une autre. c'est bien ce qui se passe quand on fait echo 1 /proc/sys/net/ipv4/ip_forward n'est-ce pas ? Les paquets forwardés sont uniquement ceux reçus et destinés à une autre machine. Les paquets reçus avec une adresse destination appartenant à la machine sont dirigés vers les processus locaux même si l'adresse ne correspond pas à l'interface d'arrivée. Les sockets TCP/UDP ne sont pas spécialement concernés par les interfaces. En fait le réseau c'est simple : c'est toujours ce qu'on dit quand ça marche ;-) - un paquet arrive sur n'importe quelle interface avec n'importe quelle adresse destination appartenant à la machine - je prends ; - un paquet arrive avec une adresse de destination n'appartenant pas à la machine - je forwarde (si forwarding activé). alors pourquoi ça ne marche pas dans mon cas ? est-ce dû au virtualhosting par IP de Apache ? des règles iptables mal foutues ? le crachin qu'il fait aujourd'hui ? En tous cas merci Pascal pour ces très claires explications. Je vais de ce pas essayer de les mettre en applications. @ plouff -- steve jabber : [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
steve a écrit : je n'arrive pas à pinger depuis 192.168.20.2 sur 192.168.2.2. Ça veut dire quoi exactement je n'arrive pas ? Il y a un message d'erreur ? non. je pingue et il ne se passe rien, à part que si je pingue sur dolibarr.maison.mrs, il me trouve la bonne IP: ping dolibarr.maison.mrs PING dolibarr.maison.mrs (192.168.2.2) 56(84) bytes of data. et nada. ça ne passe pas. Et un traceroute ? La machine ayant l'adresse 192.168.20.2 a-t-elle une route explicite ou par défaut pour joindre 192.168.2.2 ? non. la route par défaut passe par 192.168.20.1 puis par eth0 (192.168.1.34) puis vers le net via le modem en 192.168.1.1, mais rien vers le réseau 192.168.2.0. Pas besoin de route spécifique, la route par défaut via 192.168.20.1 est suffisante puisqu'elle conduit à la bonne machine (192.168.20.1 et 192.168.2.2, c'est la même machine). Donc a priori j'écarte un problème de routage. Un petit tcpdump sur ath0 quand même pour vérifier que les paquets arrivent, et éventuellement si un réponse repart. Y a-t-il du filtrage IP sur les machines ? Il y a des règles iptables pour bloquer l'accès depuis le net, que j'ouvre au cas par cas si besoin est. Et aucun filtrage en INPUT ou OUTPUT sur ath0 ? [...] Tu n'as pas besoin de forwarder des paquets d'une interface à une autre. c'est bien ce qui se passe quand on fait echo 1 /proc/sys/net/ipv4/ip_forward Oui. Ou sysctl -w net.ipv4.ip_forward=1 (plus joli). alors pourquoi ça ne marche pas dans mon cas ? est-ce dû au virtualhosting par IP de Apache ? A priori non puisque l'accès aux deux sites fonctionne en local. A moins que tu aies mis des restrictions d'accès dans la configuration d'Apache sur le vhost dolibarr.maison.mrs. Mais dans ce cas tu aurais une réponse du genre 500 Forbidden. des règles iptables mal foutues ? Possible, il faut éplucher les règles INPUT et OUTPUT qui concernent ath0 ou toutes les interfaces. Si je résume, depuis 192.168.20.x : - accès internet possible - ping 192.168.20.1 obtient une réponse - ping 192.168.2.2 n'obtient pas de réponse ? -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[HS] iptables et ip aliasing
Bonjour, Ayant eu le besoin pour une ip de plus, j'en ai créé une, eth1:0, sur laquelle écoute un apache. Maintenant j'aimerai pourvoir accéder à ce serveur depuis n'importe où dans mon réseau local. J'ai donc écrit quelque règle iptables pour le permettre. Le problème se présente au moment où je relance mon script : Warning: weird character in interface `eth1:0' (No aliases, :, ! or *) Dans le script, je l'ai définie ainsi : var=eth1:0. (j'ai essayé sans les , et ça ne change rien). Donc je suis allé demander à google ce qu'il en pensait, et il en pense beaucoup mais pas forcément toujours de la même manière. Certains disent qu'on ne peut pas faire de l'ip aliasing avec iptables, d'autres que c'est possible. Je m'en remets donc à vous. Merci -- steve jabber : [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
Lundi 8 mai 2006, 12:22:26 CEST, steve a écrit : Bonjour, 'jour, Ayant eu le besoin pour une ip de plus, j'en ai créé une, eth1:0, sur laquelle écoute un apache. Maintenant j'aimerai pourvoir accéder à ce serveur depuis n'importe où dans mon réseau local. J'ai donc écrit quelque règle iptables pour le permettre. Le problème se présente au moment où je relance mon script : Warning: weird character in interface `eth1:0' (No aliases, :, ! or *) Dans le script, je l'ai définie ainsi : var=eth1:0. (j'ai essayé sans les , et ça ne change rien). Donc je suis allé demander à google ce qu'il en pensait, et il en pense beaucoup mais pas forcément toujours de la même manière. Certains disent qu'on ne peut pas faire de l'ip aliasing avec iptables, d'autres que c'est possible. Je m'en remets donc à vous. Google a raison : on peut avoir plusieurs réseaux sur la même interface (donc des alias), mais iptables ne peut pas filtrer avec/par rapport à une interface alias (eth1:0 est, pour iptables, eth1) : les alias ne peuvent pas apparaître dans les options -i et -o. Il faut que tu filtres sur l'IP. -- Sylvain Sauvage -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HS] iptables et ip aliasing
Salut, steve a écrit : Ayant eu le besoin pour une ip de plus, j'en ai créé une, eth1:0, sur laquelle écoute un apache. Maintenant j'aimerai pourvoir accéder à ce serveur depuis n'importe où dans mon réseau local. J'ai donc écrit quelque règle iptables pour le permettre. Le problème se présente au moment où je relance mon script : Warning: weird character in interface `eth1:0' (No aliases, :, ! or *) Ce message n'est qu'un warning, et tu peux vérifier que la règle est quand même créée. Contrairement à ce qu'écrit Sylvain, on peut mettre à peu près ce qu'on veut comme nom d'interface dans les options -i et -o d'une règle iptables, même des interfaces qui n'existent pas | pas encore | plus. Mais il a raison dans le sens où elle ne se déclenchera pas, car l'interface eth1:0 n'existe pas. Les alias IP sont une imposture, tout comme ce qu'affiche ifconfig. En réalité ifconfig n'affiche pas des interfaces mais des labels. Un label est un identificateur optionnel associé à une adresse IPv4 attribuée à une interface. Par défaut le label est le nom de l'interface. Un alias IP est juste un autre label, pas une interface. Les labels ne servent guère qu'à ifconfig, et sont ignorés par le routage ou iptables pour qui seules les véritables interfaces et les adresses comptent. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
IP-Aliasing
Hello, I don't get IP-Aliasing to work. The machine has got one interface (eth0) working correctly with ip=192.168.1.1 Issuing the commands ifconfig eth0:1 192.168.1.100 route add -host 192.168.1.100 dev eth0:1 brings the interface eth0:1 up, but I can't ping it from the same machine or other ones. An odd thing I noticed is the ifconfig output: eth0 Protokoll:Ethernet Hardware Adresse 00:0B:6A:78:EB:25 inet Adresse:192.168.1.66 Bcast:192.168.1.255 Maske:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:27843 errors:0 dropped:0 overruns:0 frame:0 TX packets:28857 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:2944191 (2.8 MiB) TX bytes:17241905 (16.4 MiB) Interrupt:11 Basisadresse:0xd400 eth0:1Protokoll:Ethernet Hardware Adresse 00:0B:6A:78:EB:25 inet Adresse:192.168.1.100 Bcast:192.168.1.255 Maske:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Basisadresse:0xd400 loProtokoll:Lokale Schleife inet Adresse:127.0.0.1 Maske:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:339 errors:0 dropped:0 overruns:0 frame:0 TX packets:339 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:0 RX bytes:144621 (141.2 KiB) TX bytes:144621 (141.2 KiB) It doesnt show the RX/TX etc. lines for the eth0:1. Could someone give me a hint on how to do it right? Thanks, Frank. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IP-Aliasing
On 7/11/05, Frank Hempel [EMAIL PROTECTED] wrote: Hello, I don't get IP-Aliasing to work. The machine has got one interface (eth0) working correctly with ip=192.168.1.1 Issuing the commands ifconfig eth0:1 192.168.1.100 route add -host 192.168.1.100 dev eth0:1 brings the interface eth0:1 up, but I can't ping it from the same machine or other ones. An odd thing I noticed is the ifconfig output: eth0 Protokoll:Ethernet Hardware Adresse 00:0B:6A:78:EB:25 inet Adresse:192.168.1.66 Bcast:192.168.1.255 Maske:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:27843 errors:0 dropped:0 overruns:0 frame:0 TX packets:28857 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:2944191 (2.8 MiB) TX bytes:17241905 (16.4 MiB) Interrupt:11 Basisadresse:0xd400 eth0:1Protokoll:Ethernet Hardware Adresse 00:0B:6A:78:EB:25 inet Adresse:192.168.1.100 Bcast:192.168.1.255 Maske:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Basisadresse:0xd400 loProtokoll:Lokale Schleife inet Adresse:127.0.0.1 Maske:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:339 errors:0 dropped:0 overruns:0 frame:0 TX packets:339 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:0 RX bytes:144621 (141.2 KiB) TX bytes:144621 (141.2 KiB) It doesnt show the RX/TX etc. lines for the eth0:1. Could someone give me a hint on how to do it right? Thanks, Frank. Seems like you've done it properly. What's the output of 'route -n' and are you running any type of firewall who's rules need to be reset after you added the alias? As for the RX/TX, linux only tracks that on a physical interface, so eth0 is combined totals for any IPs aliased. If you want to actually track per-ip you'll probably need to investigate some iptables rules, and some other monitoring software like mrtg. -- ~ Darryl ~ [EMAIL PROTECTED] http://smartssa.com / http://darrylclarke.com
Re: IP aliasing
mais ça ne rajoute pas du tout les adresses tant convoitées. Le man est assez radin en explications. J'aimerai, tant que faire se peut, conserver la configuration de mes interfaces dans le fichier interfaces, et ne pas avoir à créer un script. Est-ce possible ? Oui c'est possible : auto eth1:0 iface eth1:0 inet static address 192.168.0.3 netmask 255.255.0.0 broadcast 192.168.0.255 Puis ensuite eth0:1 ; eth0:2 ... A+
Re: IP aliasing
* PII 233 [EMAIL PROTECTED] [2003-04-20 12:19] : Bonjour, j'aimerai ajouter des adresses IP à l'une de mes interfaces. Utiliser les commandes ifconfig et route fonctionne, mais j'ai vu dans un HOWTO (mais seulement un seul) qu'une modification de /etc/network/interfaces suffirait : du genre : iface eth0 inet static address 192.168.0.3 netmask 255.255.0.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 up route add -host 192.168.0.4 dev eth0:1 up route add -host 192.168.0.5 dev eth0:2 up route add -host 192.168.0.3 dev eth0:0 mais ça ne rajoute pas du tout les adresses tant convoitées. Le man est assez radin en explications. J'aimerai, tant que faire se peut, conserver la configuration de mes interfaces dans le fichier interfaces, et ne pas avoir à créer un script. Est-ce possible ? Je pense que oui, mais il faut que tu créées les interfaces eth0:1, etc. avant de les utiliser, par un ifconfig (ça doit également être possible avec la commande ip du paquet iproute). Cela donnerait quelque chose comme : up ifconfig eth0:1 192.168.0.4 route add -host 192.168.0.x dev eth0:1 Mais j'ai du mal à comprendre quelle route tu veux ajouter ? Une route vers lui-même pour eth0:0 ? Et pourquoi ajouter des routes vers des adresses pour lesquelles la machine devrait normalement passer par la passerelle ? Tu peux aussi regarder le IP-Alias mini-HOWTO (http://www.ibiblio.org/mdw/HOWTO/mini/IP-Alias/). Fred -- LA FAQ DUF ? http://savannah.nongnu.org/download/debfr-faq/html/
Re: IP aliasing
Le Sun, 20 Apr 2003 12:43:53 +0200, Couraud Régis écrivait : auto eth1:0 iface eth1:0 inet static address 192.168.0.3 netmask 255.255.0.0 broadcast 192.168.0.255 Puis ensuite eth0:1 ; eth0:2 ... merci ! la config suivante a fonctionné : === auto eth0 iface eth0 inet static address 192.168.0.3 netmask 255.255.0.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 auto eth0:1 iface eth0:1 inet static address 192.168.0.4 netmask 255.255.0.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 === Bizarrement, en mettant eth0:0 au lieu de eth0 tout court, aucune interface n'était prise en compte (heureusement, la machine est à côté de moi et a un clavier :). Il semble que eth0 et eth0:0 ne soient pas équivalents et que eth0 doive être déclarée avant d'utiliser les alias. Ça fonctionne exactement comme je le désirais :) -- pii233
Re: IP aliasing
Le Sun, 20 Apr 2003 13:04:20 +0200, Frédéric Bothamy écrivait : Tu peux aussi regarder le IP-Alias mini-HOWTO (http://www.ibiblio.org/mdw/HOWTO/mini/IP-Alias/). oui, j'ai fait plus que regarder : j'ai essayé et ça fonctionne, mais pas sans un script à ajouter à la mano dans la séquence d'init. Ni les howto (vieux) ni le man ne me paraissent très clair quant à l'utilisation de /etc/network/interfaces. J'ai peut-être loupé quelque chose... Enfin, maintenant, ça fonctionne très bien, donc moi content. Merci :) -- pii233
Re: IP aliasing
PII 233 wrote: Bonjour, j'aimerai ajouter des adresses IP à l'une de mes interfaces. Utiliser les commandes ifconfig et route fonctionne, mais j'ai vu dans un HOWTO (mais seulement un seul) qu'une modification de /etc/network/interfaces suffirait : du genre : iface eth0 inet static address 192.168.0.3 netmask 255.255.0.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 up route add -host 192.168.0.4 dev eth0:1 up route add -host 192.168.0.5 dev eth0:2 up route add -host 192.168.0.3 dev eth0:0 ^ Ici, vous rajoutez une route dans la table de routage, et pas une adresse IP à l'interface. Pour rajouter une @IP, rajoutez ce qui suit, dans le fichier /etc/network/interfaces : up ifconfig eth0:1 192.168.0.4 netmask 255.255.0.0 up ifconfig eth0:2 192.168.0.5 netmask 255.255.0.0 up ifconfig eth0:0 192.168.0.3 netmask 255.255.0.0 mais ça ne rajoute pas du tout les adresses tant convoitées. Le man est assez radin en explications. J'aimerai, tant que faire se peut, conserver la configuration de mes interfaces dans le fichier interfaces, et ne pas avoir à créer un script. Est-ce possible ? Je ne sais pas si ce que je viens de dire est déconseillé, mais en tout cas ça marche. Joyeuses Paques Guillaume LEHMANN
Re: IP aliasing
Le Sun, 20 Apr 2003 15:08:44 +0200, [EMAIL PROTECTED] écrivait : Juste une petite question : pourquoi ton masque de sous-réseau est-il 255.255.0.0 ? parce que :) Moi j'aurais mis 255.255.255.0, j'aurai pu, effectivement, vue la config de mon réseau, ça n'aurait rien changé. parque que le réseau est 192.168.0, non ? Merci de m'expliquer, parce que je n'ai visiblement pas tout compris... Voilà une bonne explication : http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html Extrait : « The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0- 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) » comme tu peux le constater, c'est une plage de 16 bits, donc un masque en 255.255.0.0 au plus. -- pii233
Re: IP aliasing
Le Sun, Apr 20, 2003 at 04:29:55PM +0200, PII 233 a écrit : Merci de m'expliquer, parce que je n'ai visiblement pas tout compris... Voilà une bonne explication : http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html Extrait : « The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0- 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) » comme tu peux le constater, c'est une plage de 16 bits, donc un masque en 255.255.0.0 au plus. Oui mais ça c'est pour l'attributions des plages d'adresses IPs. Quand tu à un réseau avec une plage d'adresse de ce type, il vaux mieux segmenter un peu ton réseau. Je ne pense pas que tu puisse avoir 254*254=64516 sur le même réseau physique, il va donc te faloir des sous réseaux donc des passerelles. -- Deux policiers arrêtés pour coups et blessures, trois policiers interpellés pour escroqueries ! Comme vous le voyez, les voleurs font ce qu'ils peuvent : malheureusement, la police court toujours... -- Coluche Nicolas Ledez
IP aliasing y red interna
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hola buenas noches desde aqui :-) Esta tarde he estado ayudando a un amigo a montar una red en su casa con un switch, bueno el caso es que los equipos cojen todos ip de inet y le asignamos una ip privada por medio de ip aiasing (kernel 2.4.19) bien el problema viene cuando instalamos samba para usar en la red interna, los equipos usan firewall (iptables) y ciertos servicios como samba solo son accesibles desde dentro, bueno pues no conseguimos hacer andar el invento, jugueteando con ethereal nos fijamos que los equipos realizan la peticion desde la ip de inet y no desde la ip asignada con ip aliasing. Bien despues de este rollo la pregunta es: ¿por que? no es capaz de hacer la peticion desde una ip por ip aliasing Gracias - -- _ Web Personal http://go.to/nuestra.web Debian Sarge GNU/Linux Kernel 2.4.20 (Reiserfs) Usuario Linux Registrado #255925 Maquina Registrada #159910 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+XnR1xFH1mjB3QRcRAspuAJ4sDhY6OUq5j/an1EXUFYeVmAR8/gCfcLvE C3RiNbyRuduz32tiEegxGcM= =aur6 -END PGP SIGNATURE-
[OT] Ip-aliasing + Ip- Masquerading: Es conveniente?
Hola a todos, Hace unos dias que me han puesto el ADSL, y por motivos que ya comente en otro correo a la lista, necesitaba que el servidor que tenemos funcionando utilizara dos redes: 192.168.0.0 129.100.1.100 La respuesta que se me dio a no utilizar dos tarjetas de red, fue utilizar ip-aliasing. Bien, despues de documentarme, he leido por algún lado que no es muy conveniente, concretamente en el ip-masquerading howto: [Ip-masquerade howto] ( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card? Yes and no. With the IP Alias kernel feature, users can setup multiple aliased interfaces such as eth0:1, eth0:2, etc but its is NOT recommended to use aliased interfaces for IP Masquerading. Why? Providing a secure firewall becomes very difficult with a single NIC card. In addition to this, you will experience an abnormal amount of errors on this link since incoming packets will almost simultaneously be sent out at the same time. Because of all this and NIC cards now costs less than $10, I highly recommend to just get a NIC card for each MASQed network segment. Users should also understand that IP Masquerading will only work with a physical interface such as eth0, eth1, etc. MASQing out an aliased interface such as eth0:1, eth1:1, etc will NOT work. In other words, the following WILL NOT WORK: * /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0 * /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ If you are still interested in using aliased interfaces, you need to enable the IP Alias feature in the kernel. You will then need to re-compile and reboot. Once running the new kernel, you need to configure Linux to use the new interface (i.e. /dev/eth0:1, etc.). After that, you can treat it as a normal Ethernet interface with some restrictions like the one above. [/Ip-masquerade howto] El caso, es que aparte de los errores que me tira las reglas del cortafuegos, que es otro cantar, me gustaría preguntar, si no me conviene mas comprar otra segunda tarjeta de red, que total vale cuatro duros, o por el contrario puede funcionar bien el asunto con una sola tarjeta de red. Si se puede hacer funcionar bien el asunto con una sola tarjeta de red, ¿donde puedo encontrar información para configurarla? ¿Algún howto o tutorial? Me he encontrado que el asunto no es tan trivial como podia parecer al principio. Aunque, vuelvo a hacer hincapie en esto, me resulta mas interesante saber que solución es mas conveniente. Muchas gracias por vuestra atención, y por las respuestas que seguro que dais. Salud y Revolución. Lobo. Pd.: Releyendo el «adjunto» me parece que me autocontestare, el masquerading no funciona con una sola tarjeta de red. De todas formas, os lo mando a ver que os parece. -- Libertad es poder elegir en cualquier momento. Ahora yo eligo GNU/Linux, para no atar mis manos con las cadenas del soft propietario. - Desde El Ejido, en Almeria, usuario registrado linux #294013 http://www.counter.li.org
Re: [OT] Ip-aliasing + Ip- Masquerading: Es conveniente?
l024: -i 192.168.0.100 -j DENY # Enmascaramos las conexiones de forward desde direcciones IP de la red local # hacia el exterior (o sea, salientes por el interfaz eth0) /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ --- Otra cosa si querés dar entrada a la gente de la LAN interna para descargar el correo, supongo que tendrás que habilitar un conexión al puerto por ejemplo 110 del pop, no sé anda probando vale, es lo mejor... mucha suerte andrés =?ISO-8859-15?Q?Rub=E9n_G=F3mez_Antol=ED?= ha escrito: Hola a todos, Hace unos dias que me han puesto el ADSL, y por motivos que ya comente en otro correo a la lista, necesitaba que el servidor que tenemos funcionando utilizara dos redes: 192.168.0.0 129.100.1.100 La respuesta que se me dio a no utilizar dos tarjetas de red, fue utilizar ip-aliasing. Bien, despues de documentarme, he leido por algún lado que no es muy conveniente, concretamente en el ip-masquerading howto: [Ip-masquerade howto] ( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card? Yes and no. With the IP Alias kernel feature, users can setup multiple aliased interfaces such as eth0:1, eth0:2, etc but its is NOT recommended to use aliased interfaces for IP Masquerading. Why? Providing a secure firewall becomes very difficult with a single NIC card. In addition to this, you will experience an abnormal amount of errors on this link since incoming packets will almost simultaneously be sent out at the same time. Because of all this and NIC cards now costs less than $10, I highly recommend to just get a NIC card for each MASQed network segment. Users should also understand that IP Masquerading will only work with a physical interface such as eth0, eth1, etc. MASQing out an aliased interface such as eth0:1, eth1:1, etc will NOT work. In other words, the following WILL NOT WORK: * /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0 * /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ If you are still interested in using aliased interfaces, you need to enable the IP Alias feature in the kernel. You will then need to re-compile and reboot. Once running the new kernel, you need to configure Linux to use the new interface (i.e. /dev/eth0:1, etc.). After that, you can treat it as a normal Ethernet interface with some restrictions like the one above. [/Ip-masquerade howto] El caso, es que aparte de los errores que me tira las reglas del cortafuegos, que es otro cantar, me gustaría preguntar, si no me conviene mas comprar otra segunda tarjeta de red, que total vale cuatro duros, o por el contrario puede funcionar bien el asunto con una sola tarjeta de red. Si se puede hacer funcionar bien el asunto con una sola tarjeta de red, ¿donde puedo encontrar información para configurarla? ¿Algún howto o tutorial? Me he encontrado que el asunto no es tan trivial como podia parecer al principio. Aunque, vuelvo a hacer hincapie en esto, me resulta mas interesante saber que solución es mas conveniente. Muchas gracias por vuestra atención, y por las respuestas que seguro que dais. Salud y Revolución. Lobo. Pd.: Releyendo el «adjunto» me parece que me autocontestare, el masquerading no funciona con una sola tarjeta de red. De todas formas, os lo mando a ver que os parece. -- Libertad es poder elegir en cualquier momento. Ahora yo eligo GNU/Linux, para no atar mis manos con las cadenas del soft propietario. - Desde El Ejido, en Almeria, usuario registrado linux #294013 http://www.counter.li.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Ip-aliasing + Ip- Masquerading: ¿Es conveniente?
Hola, andres wrote: Hola: Este mirate este mail que te pego aquí, se lo pase a otro compañero de la lista... supongo que te servirá en algo. Leélo y luego me contás. Si no podés despegar con el. Te contáctas nuevamente y vemos que pasa. El correo esta genial, y explica muy bien las reglas del cortafuegos, de hecho le voy a echar un vistazo detenidamente a ver si me voy aclarando un poco, que estoy muy verde en este asunto. Pero, la principal pregunta es si ¿es o no posible utilizar ip-aliasing con ip-masquerading? La respuesta negativa no dejaria mas opcion que comprar una segunda tarjeta de red para este equipo. El problema con el ip-masquerade parece ser que es que no admite redes del tipo eth0:0, o sea redes «virtuales», solo acepta redes fisicas. No se, supongo que tu mismo, o cualquier otro con mas amplios conocimientos sobre este tema puede aclararnos el asunto. Por cierto, yo tenia el enmascaramiento funcionando sin problemas con conexión a modem, y me funcionaba toda la red. El tema es con que esto de hacer funcionar el servidor con la red eth0:0, para hacer de pasarela a internet. Gracias por lo de las reglas de ipchains, de verdad, esta genial, aunque uso ip-tables, las extrapolare ^_^ Suerte Eso espero, que me encuentre. ^_^ andrés Nos vemos, o nos leemos, como gustes. Salud y Revolución. Lobo. -- Libertad es poder elegir en cualquier momento. Ahora yo eligo GNU/Linux, para no atar mis manos con las cadenas del soft propietario. - Desde El Ejido, en Almeria, usuario registrado linux #294013 http://www.counter.li.org
IP aliasing and PCMCIA network cards
What is the official way to set up extra IP addresses on a single PCMICA card? I can obviously add a line like: ifconfig eth0:1 10.2.3.4 netmask 255.0.0.0 up to /etc/pcmcia/network.opts but: (a) it would be invoked even in the case of a network stop (b) doesn't remove the interface when the card is removed Or, I could add ifconfig ... up and ifconfig ... down lines to /etc/pcmcia/network, but: (a) editing the program file is inelegant (b) it will be executed for every PCMCIA network card if I have more than one -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IP aliasing and PCMCIA network cards
On Sun, May 12, 2002 at 09:02:43AM +0100, Niall Mansfield wrote: What is the official way to set up extra IP addresses on a single PCMICA card? I use this in /etc/network/interfaces: iface eth0 inet static address 192.168.124.34 network 192.168.124.0 netmask 255.255.255.0 broadcast 192.168.124.255 up /sbin/ifup --force eth0:1 down /sbin/ifdown --force eth0:1 iface eth0:1 inet static address 192.168.124.100 network 192.168.124.0 netmask 255.255.255.0 broadcast 192.168.124.255 It may not be perfect - I'm not convinced about the --force above, but it seemed to be necessary to stop ifup/ifdown getting confused about which interfaces had been configured in certain situations. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
KDM and ip aliasing
Hi, does anyone know how to configure KDM to run on an aliased IP? I do have a machine running 2 IPs on one network card. For some network reasons I need KDM to run on the aliased one and not the original one. The clients try to connect via chooser broadcast and only see the original IP address. Is there a way to correct this? I tried setting DisplayManager.sourceAddress but this does not seem to change anything. Thanks in advance for any hint Michael P.S.: Please CC me on replies as I'm not subscribed here. -- Michael Meskes Michael@Fam-Meskes.De Go SF 49ers! Go Rhein Fire! Use Debian GNU/Linux! Use PostgreSQL!
Re: KDM and ip aliasing
I tried setting DisplayManager.sourceAddress but this does not seem to change anything. which version of kde/kdm are you using? if it's = 2.2alpha2, the setting is in kdmrc, section [Xdmcp], key SourceAddress=true/false. otherwise i can only ask, if it works with plain xdm - if not, then i obviously have something more to code ... greetings -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- Nothing is fool-proof to a sufficiently talented fool.
Re: KDM and ip aliasing
On Thu, Sep 20, 2001 at 12:15:32PM +0200, Oswald Buddenhagen wrote: which version of kde/kdm are you using? if it's = 2.2alpha2, the Sorry, forgot that. It's 2.1.1. otherwise i can only ask, if it works with plain xdm - if not, then i obviously have something more to code ... I have to try that. More later. Michael -- Michael Meskes Michael@Fam-Meskes.De Go SF 49ers! Go Rhein Fire! Use Debian GNU/Linux! Use PostgreSQL!
IP aliasing
Bonjour, Mon problème: je souhaite utiliser l'IP aliasing. Mon reseau est fonctionnel, le kernel 2.2.16 est configuré pour l'IP aliasing. Si je charge mon interface de cette facon: ifconfig eth0:0 192.168.46.26 aucun problème Par contre si je renseigne directement le fichier /etc/network/interfaces (voir ci dessous) j'ai plus que lo qui se charge au démarrage. Il faut que je fasse un ifup eth0 et ifup eth0:0 An idea? # The loopback interface # automatically added when upgrading auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) # automatically added when upgrading iface eth0 inet static address 192.168.46.25 netmask 255.255.255.0 broadcast 192.168.46.255 network 192.168.46.0 gateway 192.168.46.1 iface eth0:0 inet static address 192.168.46.26 netmask 255.255.255.0 broadcast 192.168.46.255 network 192.168.46.0 Fabrice Cartron APM-online www.apm-online.fr
Re: IP aliasing
On mar, 2001-09-18 at 14:15, Fabrice Cartron wrote: Bonjour, Bonjour, [...] # The loopback interface # automatically added when upgrading auto lo Ici (dans la ligne auto) rajoute eth0 et eth0:0 iface lo inet loopback # The first network card - this entry was created during the Debian installation Je me suis déjà fait eu par cette subtilité !! J'espère que ce n'était que ça ... Didier LINK -- + \\\// --[Didier Link - [EMAIL PROTECTED] | (0 -) | +-oOO--(_)--OOo - Use Debian GNU/LinuX - ---+ -+
Re: IP aliasing
# The loopback interface # automatically added when upgrading auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) # automatically added when upgrading Il faut ajouter auto. Démarre avec eth0:1. auto eth0 iface eth0 inet static address 192.168.46.25 netmask 255.255.255.0 broadcast 192.168.46.255 network 192.168.46.0 gateway 192.168.46.1 auto eth0:1 iface eth0:1 inet static address 192.168.46.26 netmask 255.255.255.0 Broadcast, network et netmask ne sont pas obligatoire pour les ip aliasées. Stef... .. . Linux - Debian - php4 - Apache - MySQL - Infogerance . . email: [EMAIL PROTECTED] - http://www.actionweb.fr . . Tel: (0)141 906 100-Fax: (0)141 906 101. ..
Re: IP aliasing
On Tue, Sep 18, 2001 at 02:15:35PM +0200, Fabrice Cartron wrote: Bonjour, Mon probl?me: je souhaite utiliser l'IP aliasing. Mon reseau est fonctionnel, le kernel 2.2.16 est configuré pour l'IP aliasing. Si je charge mon interface de cette facon: ifconfig eth0:0 192.168.46.26 aucun probl?me Par contre si je renseigne directement le fichier /etc/network/interfaces (voir ci dessous) j'ai plus que lo qui se charge au démarrage. Il faut que je fasse un ifup eth0 et ifup eth0:0 An idea? # The loopback interface # automatically added when upgrading auto lo changez cette ligne au auto lo eth0 eth0:0 [strip] Fabrice Cartron APM-online www.apm-online.fr -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- --- Only dead fish swims with a stream Malcolm Muggeridge gpg_key_available: http://globales.cz/~mman/martin.man.gpg gpg_key_fingerprint: 2CC0 4AF6 92DA 5CBF 5F09 7BCB 6202 7024 6E06 0223
iptables, masquerading and ip-aliasing
Hi Is it possible, with iptables, to do masquerading or NAT from an ethernet-aliased ip-address? Or will the returning traffic originate from the physical address of the nic? As I understand this was not possible with ipchains and earlier tools. I'm asking because I have two real ip-addresses :) (assigned by my ADSL-provider) and would like to manage with only one NIC connected to the incoming cable. by the way, any recommendations for multiport nics on a Debian woody system? cheers, Anders
IP Aliasing with /etc/network/interfaces
Hi does anyone know how I can using ip aliasing with the /etc/network/interfaces (debian method). I could easily add another startup script with ifconfigs and routes, but that would be messy and uncalled for and I'm sure someone must have done it before and got it right. Nomatter what I've tried neither my pcmcia eth0 device is configured, (although the module for it loads fine) nor are any of the aliases configured. I've tried the following lines : auto lo eth0 eth0:1 eth0:2// Didn't work auto lo eth0// Didn't work Also I tried changing the order of execution for the networking script, but to no avail : i.e. # mv /etc/rc2.d/S40networking /etc/rc2.d/S99networking and # mv /etc/rc2.d/S40networking /etc/rc2.d/S04networking I've attached my /etc/network/interfaces if anyone wants to take a look, and feel free to ask me to post any more files. They're all pretty small i.e. 10k PS : Bg info on my system : Running Woody Testing / 2.4.7 kernel / xirc_2pcs driver for pcmcia NIC. Sony VAIO laptop (don't think that'll be of much use though :-) ) Thanks George network.opts Description: Binary data interfaces Description: Binary data
Re: IP Aliasing with /etc/network/interfaces
On Wed, 25 Jul 2001, George wrote: Hi does anyone know how I can using ip aliasing with the /etc/network/interfaces (debian method). I could easily add another startup script with ifconfigs and routes, but that would be messy and uncalled for and I'm sure someone must have done it before and got it right. Nomatter what I've tried neither my pcmcia eth0 device is configured, (although the /etc/network/interfaces gets processed before /etc/init.d/pcmcia. Basically, your aliases never get configured because eth0 is not recognized until after the configuration script is done. Welcome to the upside-down world of pcmcia and linux! I can't be of much help, as I've never used PCMCIA myself, only helped friends and found out the ugly truth. Perhaps debian-laptop may have some better help WRT PCMCIA. module for it loads fine) nor are any of the aliases configured. I've tried the following lines : auto lo eth0 eth0:1 eth0:2// Didn't work auto lo eth0// Didn't work Also I tried changing the order of execution for the networking script, but to no avail : i.e. # mv /etc/rc2.d/S40networking /etc/rc2.d/S99networking and # mv /etc/rc2.d/S40networking /etc/rc2.d/S04networking I've attached my /etc/network/interfaces if anyone wants to take a look, and feel free to ask me to post any more files. They're all pretty small i.e. 10k PS : Bg info on my system : Running Woody Testing / 2.4.7 kernel / xirc_2pcs driver for pcmcia NIC. Sony VAIO laptop (don't think that'll be of much use though :-) ) Thanks George -- A computer without windoze is like a fish without a bicycle. Who is John galt? [EMAIL PROTECTED], that's who. Finger me for PGP public key.
Re: named y ip aliasing
Hola Hue-Bond! At 21:20 20/02/01 +0100, you wrote: El lunes 19 de febrero de 2001 a la(s) 17:04:25 +0100, Jaume Sabater contaba: visto que puedes dar servicio a un rango de ips, pero no me sirve, pues las ips que tengo son todas del mismo rango. ¿Cómo se especifica el rango? Si se hace así: Prueba esto: 192.168.1.1/255.255.255.0192.168.1.1/255.255.255.255 192.168.1.1/24 192.168.1.1/32 Okis, ya lo entiendo (supongo...). Ahorita veo que named está escuchando por las tres ips, pero yo quiero que escuche solo por la 192.168.1.1. ¿Alguna ayudita? Puedes hacerlo tambien por firewall... named escuchará igual pero nadie podrá contactar a través de lo que tapes. Ya lo tengo en un firewall, pero como dice un amigo mio (y supongo que mucha gente mas), nunca debemos confiar plenamente en un firewall. No está de más tener protecciones duplicadas. -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 Attachment Converted: \\servidor\mail\jaume-sabater\attach\Renamedy -- Jaume Sabater i Lleal Administrador de sistemes mailto:[EMAIL PROTECTED] -- ARGUS Serveis Telemàtics http://www.argus.es mailto:[EMAIL PROTECTED] Tel: 93 292 41 00 Fax: 93 292 42 25 Avgda. Marquès de Comillas s/n 08038 Recinte Poble Espanyol Barcelona - Catalunya ---
named y ip aliasing
Enas... Tengo named rulando sobre una máquina que tiene una ethernet con varias ips (ip aliasing). Lo que yo quiero es que named solo responda a una de esas ips, pero mirando la documentacion no he encontrado lo que busco... He visto que puedes dar servicio a un rango de ips, pero no me sirve, pues las ips que tengo son todas del mismo rango. Tengo: eth0192.168.1.1 eth0:0 192.168.1.2 eth0:1 192.168.1.3 Ahorita veo que named está escuchando por las tres ips, pero yo quiero que escuche solo por la 192.168.1.1. ¿Alguna ayudita? -- Jaume Sabater i Lleal Administrador de sistemes mailto:[EMAIL PROTECTED] -- ARGUS Serveis Telemàtics http://www.argus.es mailto:[EMAIL PROTECTED] Tel: 93 292 41 00 Fax: 93 292 42 25 Avgda. Marquès de Comillas s/n 08038 Recinte Poble Espanyol Barcelona - Catalunya ---
Re: named y ip aliasing
Hola Jaume. ¿Cómo haces para dar varias direcciones a un mismo dispositivo? Yo he hecho 'ifconfig eth0:0 add 712.16.8.3 netmask 255.255.252.0' y parece que no ha hecho nada. Además, ahora woody no tiene los comandos ifconfig en '/etc/init.d/network'. Ahora por lo visto tiene la configuración en /etc/network. ¿Tendré que añadir ahí (a '/etc/network/interfaces') las interfaces? He añadido lo siguiente: iface eth0:0 inet static address 172.16.8.3 netmask 255.255.252.0 gateway 172.16.11.253 y tampoco funciona. Tengo el 'ip aliasing' como módulo en el kernel. ¿Me falta algo? Saludos y gracias: Juan Carlos Muro Jaume Sabater wrote: Enas... Tengo named rulando sobre una máquina que tiene una ethernet con varias ips (ip aliasing). Lo que yo quiero es que named solo responda a una de esas ips, pero mirando la documentacion no he encontrado lo que busco... He visto que puedes dar servicio a un rango de ips, pero no me sirve, pues las ips que tengo son todas del mismo rango. Tengo: eth0192.168.1.1 eth0:0 192.168.1.2 eth0:1 192.168.1.3 Ahorita veo que named está escuchando por las tres ips, pero yo quiero que escuche solo por la 192.168.1.1. ¿Alguna ayudita?
Re: ip-aliasing + kernel 2.4
hi, oops, i missed the subject, sorry about that. here's the original question: On 12 Feb 2001 21:29:37 CET, VarnYu said: Hi, Can someone tell me please, how can I use ip-aliasing in kernel v2.4? I've tried the old stuff in /etc/interfaces (eth0:0, eth0:1, etc) but it doesn't worked. Actually I haven't found any options in the kernel about ip-aliasing. Thanks for the help. Gergely Bodnar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ip-aliasing + kernel 2.4
On Tue, Feb 13, 2001 at 09:41:50AM +0100, VarnYu wrote: Can someone tell me please, how can I use ip-aliasing in kernel v2.4? I've tried the old stuff in /etc/interfaces (eth0:0, eth0:1, etc) but it doesn't worked. Actually I haven't found any options in the kernel about ip-aliasing. are you sure you have it installed? i think it's a module (lsmod / modconf)... maybe... -- It is always hazardous to ask Why? in science, but it is often interesting to do so just the same. -- Isaac Asimov, 'The Genetic Code' [EMAIL PROTECTED]***http://www.dontUthink.com/ http://groups.yahoo.com/group/newbieDoc -- next week's newbie needs your brain: document your experience today!
Re: Ip Aliasing the Debian Way...
On Wed, Jan 24, 2001 at 04:36:14PM -0800, Willy Lee wrote:
Nathan E Norman wrote:
2) You're missing the network line from your iface stanza. Since it
looks to me like you're adding a different subnet this is kinda
important.
Ok, I thought (from man interfaces) that the network line was only
needed
for 2.0.x series kernels, I can add this.
You could be right there :) It never hurts to add information
(especially in this case as you'll see).
You're running 2.2, right? I assume you have aliasing compiled into
the kernel since you're able to bind an ip address to eth0:0
3) It doesn't look like you added any routes. This might not be
necessary depending which kernel you're using.
I tried several combinations of route commands. This is the latest one
I tried:
route add -host 205.178.55.110 dev eth0:0
I also tried 'route add -net 205.178.55.0 netmask 255.255.255.192 dev
eth0:0'.
[ snip ]
iface eth0:0 inet static
address 205.178.55.110
netmask 255.255.255.192
gateway 205.178.55.65
broadcast 205.178.55.255
network 205.178.55.0
I see a problem. 205.178.55.110 is not in the network 205.178.55.0/26
(255.255.255.192 is a 26 bit network mask). You want the network
205.178.55.64/26. Replace 205.178.55.0 with 205.178.55.64 in your
iface stanza and that route statement, and see what happens.
I'm trying to think of a good reference for classless routing (aka
variable-length subnet). It's not hard to learn, but it can be
daunting to the newcomer.
I'm also not sure that having two gateway lines is a good thing.
Usually a router knows about one default gateway unless it wants to do
some sort of round-robin load balancing, and I'm quite sure you have
to choose extra bits in teh kernel config to do that. Perhaps comment
out one or the other. Are 205.178.55.65 and 10.0.0.41 the same
router?
trs80:/etc/network# route -n
love the hostname :)
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
205.178.55.64 0.0.0.0 255.255.255.192 U 0 00
This is the route that the kernel added automatically, I guess. Note
the network is 205.178.55.64 rather than 205.178.55.0. Hmm, perhaps
the problem here is that the route is bound to eth0 rather than
eth0:0, but I'm not so sure about that.
Thanks for all the help.
I am kinda struggling here, since I've been forced into a sysadmin role
without
any experience or training (company can't afford a real sysadmin, I'm
the only
person with *any* kind of linux experience, since I run debian at home.)
Well, you've got a good start imo; I learned everything I needed to
know about routing from running Linux :)
(Ok, most everything).
Good luck,
--
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Inc. | than a perfect plan tomorrow.
mailto:[EMAIL PROTECTED] | -- Patton
pgpezrZY0giC1.pgp
Description: PGP signature
Re: Ip Aliasing the Debian Way...
On Wed, 17 Jan 2001, Ethan Benson wrote: just add something like this to /etc/network/interfaces: iface eth0:0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.10 then run either /etc/init.d/networking restart or ifup eth0:0 Hm. This doesn't work for me (latest potato i386). Here's the stanza I add to /etc/network/interfaces (all values given to me by an admin): iface eth0:0 inet static address the.new.ip.adr netmask 255.255.255.192 gateway the.new.ip.gw broadcast the.new.ip.255 After running /etc/init.d/networking restart, I get this from ifconfig: [EMAIL PROTECTED]:~$ /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:10:5A:9C:8B:BF inet addr:10.0.0.102 Bcast:10.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:279 errors:0 dropped:0 overruns:0 frame:0 TX packets:107 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xd000 eth0:0Link encap:Ethernet HWaddr 00:10:5A:9C:8B:BF inet addr:the.new.ip.adr Bcast:the.new.ip.255 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0xd000 Note that the :0 alias doesn't have lines beginning with RX packets or TX packets. I can't ping the.new.ip.adr either, from anywhere. I recompiled the kernel to turn on IP_ALIAS support. Is there another feature I need to turn on, that I perhaps missed? Is the feature limited to certain hardware? Is it limited to certain subnet masks? It's like magic, this *just* came up out of the blue at work! :) Please cc me, so I can get the email at work, where I need it :) =wl
Re: Ip Aliasing the Debian Way...
On Wed, Jan 24, 2001 at 03:24:16PM -0800, Willy Lee wrote: just add something like this to /etc/network/interfaces: iface eth0:0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.10 then run either /etc/init.d/networking restart or ifup eth0:0 Hm. This doesn't work for me (latest potato i386). Here's the stanza I add to /etc/network/interfaces (all values given to me by an admin): iface eth0:0 inet static address the.new.ip.adr netmask 255.255.255.192 gateway the.new.ip.gw broadcast the.new.ip.255 After running /etc/init.d/networking restart, I get this from ifconfig: [EMAIL PROTECTED]:~$ /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:10:5A:9C:8B:BF inet addr:10.0.0.102 Bcast:10.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:279 errors:0 dropped:0 overruns:0 frame:0 TX packets:107 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xd000 eth0:0Link encap:Ethernet HWaddr 00:10:5A:9C:8B:BF inet addr:the.new.ip.adr Bcast:the.new.ip.255 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0xd000 Note that the :0 alias doesn't have lines beginning with RX packets or TX packets. I can't ping the.new.ip.adr either, from anywhere. Well. Several things: 1) There's no point in tracking RX or TX packets for a virtual interface (think about the word virtual for a while ...) 2) You're missing the network line from your iface stanza. Since it looks to me like you're adding a different subnet this is kinda important. 3) It doesn't look like you added any routes. This might not be necessary depending which kernel you're using. I recompiled the kernel to turn on IP_ALIAS support. Is there another feature I need to turn on, that I perhaps missed? Is the feature limited to certain hardware? Is it limited to certain subnet masks? Fixd #2. Post the output of netstat -rn. Consider whether you're helping us solve your problem by blocking out the IPs. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Inc. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpXd0zq4MApm.pgp Description: PGP signature
Re: Ip Aliasing the Debian Way...
Nathan E Norman wrote: On Wed, Jan 24, 2001 at 03:24:16PM -0800, Willy Lee wrote: Hm. This doesn't work for me (latest potato i386). Here's the stanza I *snip* Well. Several things: 1) There's no point in tracking RX or TX packets for a virtual interface (think about the word virtual for a while ...) Ok, but the output of ifconfig in the IP-aliasing mini-HOWTO *does* have those lines, which confused me. 2) You're missing the network line from your iface stanza. Since it looks to me like you're adding a different subnet this is kinda important. Ok, I thought (from man interfaces) that the network line was only needed for 2.0.x series kernels, I can add this. 3) It doesn't look like you added any routes. This might not be necessary depending which kernel you're using. I tried several combinations of route commands. This is the latest one I tried: route add -host 205.178.55.110 dev eth0:0 I also tried 'route add -net 205.178.55.0 netmask 255.255.255.192 dev eth0:0'. I recompiled the kernel to turn on IP_ALIAS support. Is there another feature I need to turn on, that I perhaps missed? Is the feature limited to certain hardware? Is it limited to certain subnet masks? Fixd #2. Post the output of netstat -rn. Consider whether you're helping us solve your problem by blocking out the IPs. Ok. I thought blocking out the IPs was kinda traditional :) Perhaps more people pinging the machine would help. New stanza in /etc/network/interfaces: iface eth0:0 inet static address 205.178.55.110 netmask 255.255.255.192 gateway 205.178.55.65 broadcast 205.178.55.255 network 205.178.55.0 This is right after doing a /etc/init.d/networking restart, before any route commands. trs80:/etc/network# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 205.178.55.64 0.0.0.0 255.255.255.192 U 0 00 eth0 10.0.0.00.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 205.178.55.65 0.0.0.0 UG0 00 eth0 0.0.0.0 10.0.0.41 0.0.0.0 UG0 00 eth0 trs80:/etc/network# ifconfig eth0 Link encap:Ethernet HWaddr 00:10:5A:9C:8B:BF inet addr:10.0.0.102 Bcast:10.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5656 errors:0 dropped:0 overruns:0 frame:0 TX packets:2998 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xd000 eth0:0Link encap:Ethernet HWaddr 00:10:5A:9C:8B:BF inet addr:205.178.55.110 Bcast:205.178.55.255 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0xd000 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:27 errors:0 dropped:0 overruns:0 frame:0 TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Thanks for all the help. I am kinda struggling here, since I've been forced into a sysadmin role without any experience or training (company can't afford a real sysadmin, I'm the only person with *any* kind of linux experience, since I run debian at home.) =wl
Ip Aliasing the Debian Way...
I want eth0 to listen on two ip addresses. The first is normally set up with /etc/networking/interfaces however, neither, man interfaces or man ifup have any information on this. Also, even though I got it working with ifconfig eth0:0 xxx.xxx.xxx.xxx It would be ugly (imo) to add to the start up scripts. -Jeff
Re: Ip Aliasing the Debian Way...
On Wed, Jan 17, 2001 at 06:40:22PM -0500, Jeffrey C. Albro wrote: I want eth0 to listen on two ip addresses. The first is normally set up with /etc/networking/interfaces however, neither, man interfaces or man ifup have any information on this. Also, even though I got it working with ifconfig eth0:0 xxx.xxx.xxx.xxx It would be ugly (imo) to add to the start up scripts. just add something like this to /etc/network/interfaces: iface eth0:0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.10 then run either /etc/init.d/networking restart or ifup eth0:0 -- Ethan Benson http://www.alaska.net/~erbenson/ pgp3vjAhZeYGu.pgp Description: PGP signature
Re: Ip Aliasing the Debian Way...
boinks head I didn't think I could treat eth0:0 as just another interface, but it worked great : ) -Jeff On Wed, 17 Jan 2001, Ethan Benson wrote: just add something like this to /etc/network/interfaces: iface eth0:0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.10 then run either /etc/init.d/networking restart or ifup eth0:0
Setting up IP aliasing, cannot find kernel modules
I need to set up IP aliasing and per the (aging but probably still sound) IP-Alias-Mini-HOWTO, I need the .../ipv4/ip_alias.o module. It's not on my system. It doesn't appear to be in kernel-source-2.2.15--I downloaded but did not untar it, just peeked inside with 'tar -t'. I can't find it at the debian site. That probably just means I don't know where to look, since I'm still new to debian. I run potato, installed entirely from packages, so no custom kernel installed on this machine as yet, but I shouldn't need to in order to use a module, AFAIK. Or is aliasing handled differently in 2.2 than earlier kernels? Thanks for any help. Gordon Gordon Pedersen [EMAIL PROTECTED]
Re: Setting up IP aliasing, cannot find kernel modules
At 08:25 2000/08/10 -0500, you wrote: I can't find it at the debian site. That probably just means I don't know where to look, since I'm still new to debian. It's a standard module in the kernel, AFAIK, so that's why there's no entry on the debian site, cause it's always part of the kernel source. I run potato, installed entirely from packages, so no custom kernel installed on this machine as yet, but I shouldn't need to in order to use a module, AFAIK. Or is aliasing handled differently in 2.2 than earlier kernels? I don't know about it being available out of the box, without a custom kernel, but it is available for kernel recompile. make menuconfig - look under Network (Sorry, I forget the exact name) - It's in there, IP Aliasing. I'm by far not an expert, I just happened to do this the other day (turns out I didn't need to, so I didn't finish the procedure, but it was there, and I'm running Potato). HTH. Adam Toronto, Ontario, Canada
Re: Setting up IP aliasing, cannot find kernel modules
On Thu, Aug 10, 2000 at 08:25:09AM -0500, Gordon Pedersen wrote: I need to set up IP aliasing and per the (aging but probably still sound) IP-Alias-Mini-HOWTO, I need the .../ipv4/ip_alias.o module. I'm running potato with customized 2.2.17pre6 or something like that. And here cannot be compiled as a module but compiled into the kernel. It's not on my system. It doesn't appear to be in kernel-source-2.2.15--I downloaded but did not untar it, just peeked inside with 'tar -t'. You need to unpack those sources, configure and compile them I suggest you use the kernel-package to build a customized kernel. There is a good documentation to it. the kernel configure option is IP aliasing support under Networking options. Or is aliasing handled differently in 2.2 than earlier kernels? I don't know how it is handled in earlier kernels, but afaik in 2.2.x it is as said above compiled into the kernel and not a module. -- Florian Friesdorf [EMAIL PROTECTED] OpenPGP key available on public key servers -- Save the future of Open Source -- - Online-Petition against Software Patents - -- http://petition.eurolinux.org --- pgpBeO7oO6cQy.pgp Description: PGP signature
IP aliasing on loopback ( Slink )
Guys, Please help me. I am trying to do IP aliasing on loopback, i,e create lo:0, lo:1 etc. The steps outlined in IP Aliasing mini-howto don't seem to work for me. Step 1 : I do /sbin/ifconfig lo:0 192.168.0.1 Now 192.168.0.1 appears as lo:0 in ifconfig Step 2 : Then I do route add -net 192.168.0.0 dev lo OR route add -net 192.168.0.0 dev lo:0 No problems reported on stderr in either case Step 3 : Then I do either route add -host 192.168.0.1 dev lo OR route add -host 192.168.0.1 dev lo:1 Still no problems on command line Step 4 : Then I add route add default gw 192.168.0.1 Still no problems reported Step 5 : Lastly ping 192.168.0.1 Ping starts up and send packets but recieves NONE back ! What am I doing wrong ? Oh, I forgot to mention, I am using Slink. Thanks in advance. PAI
IP Aliasing on slink/2.2.12
Hi gang, I've got a pretty base slink install with a few additions (all the proposed updates, and some stuff from netgod), for which I have compiled a cusom 2.2.12 kernel. I have IP alias support compiled into the kernel: callisto% grep ALIAS /usr/src/linux/.config CONFIG_IP_ALIAS=y However, when I try and create an alias, according to the ifconfig output, it has been created, but it wont respond to a ping or any sort of connection attempt expect from itself. I can create an IP alias in exactly the same way on the RedHat 5.2 box with a 2.2.x kernel sitting next to it and ping it immediately from anywhere on the network. The same thing doesn't work on the Debian box, however. The pings do not even show up in the iplog syslog entries. There are no firewall rules, IPChains rules, or anything unusual like that running on the box. dpkg -l netbase gives the following: ii netbase 3.12-2 Basic TCP/IP networking binaries I should note that this machine's primary eth0 IP address works file (I'm using SSH to connect to it as I speak). This has got me stumped! We want to replace our RedHat server with a Debian one, as it's a lot easier for me to admin a Debian box. But unless I can work this out, I'm up sh*t creek! Any thoughts would be appreciated! cheers, damon -- Damon Muller ([EMAIL PROTECTED]) / It's not a sense of humor. * Criminologist / It's a sense of irony * Webmeister / disguised as one. * Linux Geek / - Bruce Sterling
Re: IP Aliasing on slink/2.2.12
im sure youve done this but have you updated the routing table for the new alias ? i use a perl script to add aliases, i just enter the domains into a file and it detects what can be added and adds them (it automatically ignores hosts that are already bound to another machine/network) if you want it let me know. (email directly [EMAIL PROTECTED] or i may miss it) nate On Sat, 6 Nov 1999, Damon Muller wrote: dm-deb Hi gang, dm-deb dm-deb I've got a pretty base slink install with a few additions (all the dm-deb proposed updates, and some stuff from netgod), for which I have compiled dm-deb a cusom 2.2.12 kernel. dm-deb dm-deb I have IP alias support compiled into the kernel: dm-deb dm-deb callisto% grep ALIAS /usr/src/linux/.config dm-deb CONFIG_IP_ALIAS=y dm-deb dm-deb However, when I try and create an alias, according to the ifconfig dm-deb output, it has been created, but it wont respond to a ping or any sort dm-deb of connection attempt expect from itself. I can create an IP alias in dm-deb exactly the same way on the RedHat 5.2 box with a 2.2.x kernel sitting dm-deb next to it and ping it immediately from anywhere on the network. The dm-deb same thing doesn't work on the Debian box, however. The pings do not dm-deb even show up in the iplog syslog entries. dm-deb dm-deb There are no firewall rules, IPChains rules, or anything unusual like dm-deb that running on the box. dm-deb dm-deb dpkg -l netbase gives the following: dm-deb dm-deb ii netbase 3.12-2 Basic TCP/IP networking binaries dm-deb dm-deb I should note that this machine's primary eth0 IP address works file (I'm dm-deb using SSH to connect to it as I speak). dm-deb dm-deb This has got me stumped! We want to replace our RedHat server with a dm-deb Debian one, as it's a lot easier for me to admin a Debian box. But dm-deb unless I can work this out, I'm up sh*t creek! dm-deb dm-deb Any thoughts would be appreciated! dm-deb dm-deb cheers, dm-deb dm-deb damon dm-deb dm-deb -- dm-deb Damon Muller ([EMAIL PROTECTED]) / It's not a sense of humor. dm-deb * Criminologist / It's a sense of irony dm-deb * Webmeister / disguised as one. dm-deb * Linux Geek / - Bruce Sterling dm-deb dm-deb dm-deb -- dm-deb Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null dm-deb [mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336http://www.linuxpowered.net/ Powered By:http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ -[mailto:[EMAIL PROTECTED] ]-- 8:51am up 78 days, 20:19, 1 user, load average: 0.71, 0.41, 0.36
lost IP aliasing
Hi all, Recently I was installing slink on machine with 4 network cards. On of them is recognized as 3c905B (100mps). As it was put to 10mps mode at boot time I switched to kernels 2.2.5-7 and now it works fine in 100mps, but at the same time I am unable to use IP-alias which was working without any problem under old 2.0.36 kernel. What is going wrong? TIA, for any tips, Eugene Sevinian CRD, YerPhI, 375036, Armenia URL: http://crdlx5.yerphi.am/ Phone: 374-2-344873
IP-aliasing scripts - in /etc/rc.boot?
I have a little custom script set up to ipalias. I need to make it auto-run on bootup (I'm leaving the machine in a cupboard a long way from home). Can I just place it in /etc/rc.boot/ip_alias_fudge ? or do I need to do anything else. Will it be run last of all (and if not, where should I put it in order to do this?) Thanks, Matthew -- Elen sila lumenn' omentielvo Steward of the Cambridge Tolkien Society Selwyn College Computer Support http://www.cam.ac.uk/CambUniv/Societies/tolkien/ http://pick.sel.cam.ac.uk/ Debian GNU/Hurd - love at first byte
Re: IP-aliasing scripts - in /etc/rc.boot?
*- On 10 Mar, M.C. Vernon wrote about IP-aliasing scripts - in /etc/rc.boot? I have a little custom script set up to ipalias. I need to make it auto-run on bootup (I'm leaving the machine in a cupboard a long way from home). Can I just place it in /etc/rc.boot/ip_alias_fudge ? or do I need to do anything else. Will it be run last of all (and if not, where should I put it in order to do this?) No. First, rc.boot is obsolete. Second, rc.boot gets run first before any networking or anything is setup. You should put your ip_alias_fudge script in /etc/init.d and use update-rc.d to add links from rc?.d to the file. See the man page for update-rc.d. Something like this should work: update-rc.d ip_alias_fudge start 55 2 3 4 5 . stop 55 0 1 6 . The script will get called with the option of start or stop so you can ignore it or use it to bring up or down the aliases. Look at the other non .sh scripts in /etc/init.d for examples. -- Brian - Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes. - unknown Mechanical Engineering[EMAIL PROTECTED] Purdue University http://www.ecn.purdue.edu/~servis -
Re: IP-aliasing scripts - in /etc/rc.boot?
Matthew, I have just added an aliased interface to my system. What I did, (anyone, correct me if I am wrong), was to add another section to the bottom of the /etc/init.d/network script. I just followed the syntax used for the two real interfaces but gave the aliased interface the name- ADPT=eth1:0 Works for me with slink and a 2.2.1 kernel -Bill Quoting M.C. Vernon [EMAIL PROTECTED]: I have a little custom script set up to ipalias. I need to make it auto-run on bootup (I'm leaving the machine in a cupboard a long way from home). Can I just place it in /etc/rc.boot/ip_alias_fudge ? or do I need to do anything else. Will it be run last of all (and if not, where should I put it in order to do this?) Thanks, Matthew -- Elen sila lumenn' omentielvo Steward of the Cambridge Tolkien Society Selwyn College Computer Support http://www.cam.ac.uk/CambUniv/Societies/tolkien/ http://pick.sel.cam.ac.uk/ Debian GNU/Hurd - love at first byte -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: IP-aliasing scripts - in /etc/rc.boot?
Quoting M.C. Vernon ([EMAIL PROTECTED]): I have a little custom script set up to ipalias. I need to make it auto-run on bootup (I'm leaving the machine in a cupboard a long way from home). Can I just place it in /etc/rc.boot/ip_alias_fudge ? or do I need to do anything else. Will it be run last of all (and if not, where should I put it in order to do this?) This was being discussed last night while we were sound asleep. The threads are setup.sh and rc.local - What is the Debian Eqivalent. The quick answer is no, /etc/init.d and man update-rc.d in roughly that order. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.
IP-aliasing
I have a one gateway with a 3c905b (Boomerang) running 2.2.2 just fine. When I use ifconfig to alias an ip it works no problem. On a different machine, an HP Vectra, with a 3c905b? (Cyclone) and the IP-aliasing works only with 2.0 kernels. Weird. I have compiled 2.2.2 for this Vectra 6 times with variuos kernel configs to try and narrow the problem. No luck. Then I copied my .config from the Gateway and compiled, no go. I also just copied the kernel image to the Vectra, no go. Anyone have an idea why it would work on one machine and not another? I haven't swapped the NIC's because my box is the Gateway and I don't want to lose my stability. Selfish I guess. Anyways, does anyone have a suggestion? Thanks in advance! -Ian __ Ian Setford [EMAIL PROTECTED] PGP = F2 92 50 E3 CD D7 A2 D9 C4 CE 08 A6 98 E0 0F 58
Re: IP-aliasing
Subject: IP-aliasing Date: Mon, Mar 01, 1999 at 06:05:07PM -0600 In reply to:Ian Keith Setford Quoting Ian Keith Setford([EMAIL PROTECTED]): I have a one gateway with a 3c905b (Boomerang) running 2.2.2 just fine. When I use ifconfig to alias an ip it works no problem. On a different machine, an HP Vectra, with a 3c905b? (Cyclone) and the IP-aliasing works only with 2.0 kernels. Weird. I have compiled 2.2.2 for this Vectra 6 times with variuos kernel configs to try and narrow the problem. No luck. Then I copied my .config from the Gateway and compiled, no go. I also just copied the kernel image to the Vectra, no go. Kernel 2.2.x no longer uses ipfwadm. It now uses ipchains. Check http://rlz.ne.mediaone.net/linux/firewall/ for some great info and also an interactive pgm to help you set up your filewall forwarding. the ipchains homesite is, IIRC rustcorp.com.au. Anyone have an idea why it would work on one machine and not another? I haven't swapped the NIC's because my box is the Gateway and I don't want to lose my stability. Selfish I guess. Anyways, does anyone have a suggestion? Thanks in advance! -Ian HTH -- Weinberg's Second Law: If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization. ___ Wayne T. Topa [EMAIL PROTECTED]
Re: ip aliasing
Babs wrote: error on boot is: no dependancy information ip_alias.o and then mod-prob error on each eth0:1, eth0:2, eth0:3 Any ideas??? try looking at your /lib/modules/2.0.34/modules.dep look for the section where your ip_alias module is and follow the general format and add ip_alias.o to your dependency files. MAKE SURE you add the entry in with the rest of that class of modules!!! otherwise this won't work Jeff
Re: ip aliasing
i think that problem is with kernel - try to recompile it and be sure,
that every options according to ip_aliasing is included
and use _latest_ kernel
do not compile ip networking options as modules
greetz,
Piotr Wachowiak
[EMAIL PROTECTED]
On Mon, 23 Nov 1998, Babs wrote:
I am running kernel 2.0.34, a ne2000 either, ip aliasing built into the kernel
i have already had the system admin check my network file and all is
configured properly
ie.
temptress:/# cat /etc/init.d/network
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
ifconfig eth0 000.000.000.000 netmask 000.000.000.000 broadcast
000.000.000.000
route add -net 000.000.000.000
route add default gw 000.000.000.000 dev eth0
ifconfig eth0:1 000.000.000.000 netmask 000.000.000.000
route add 000.000.000.000 dev eth0:1
ifconfig eth0:2 000.000.000.000 netmask 000.000.000.000
route add 000.000.000.000 dev eth0:2
ifconfig eth0:3 000.000.000.000 netmask 000.000.000.000
route add 000.000.000.000 dev eth0:3
{actual ip addresses removed for security reasons}
error on boot is: no dependancy information ip_alias.o
and then mod-prob error on each eth0:1, eth0:2, eth0:3
Any ideas???
--
~
Your Got.Net PC Tech...
The Internet Connection, Inc.
http://we.got.net
~
--
Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
ip aliasing
I am running kernel 2.0.34, a ne2000 either, ip aliasing built into the kernel
i have already had the system admin check my network file and all is
configured properly
ie.
temptress:/# cat /etc/init.d/network
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
ifconfig eth0 000.000.000.000 netmask 000.000.000.000 broadcast
000.000.000.000
route add -net 000.000.000.000
route add default gw 000.000.000.000 dev eth0
ifconfig eth0:1 000.000.000.000 netmask 000.000.000.000
route add 000.000.000.000 dev eth0:1
ifconfig eth0:2 000.000.000.000 netmask 000.000.000.000
route add 000.000.000.000 dev eth0:2
ifconfig eth0:3 000.000.000.000 netmask 000.000.000.000
route add 000.000.000.000 dev eth0:3
{actual ip addresses removed for security reasons}
error on boot is: no dependancy information ip_alias.o
and then mod-prob error on each eth0:1, eth0:2, eth0:3
Any ideas???
--
~
Your Got.Net PC Tech...
The Internet Connection, Inc.
http://we.got.net
~
Re: Please help with IP Aliasing
On Thu, Jul 02, 1998 at 11:53:32AM +1000, Craig Sanders wrote:
firstly, replace all those ifconfig route commands with something like
this:
i=1
while [ $i -le 254 ] ; do
ifconfig eth0:$i XXX.231.206.$i netmask 255.255.255.0
route add -host XXX.231.206.$i eth0:$i
$i=$(( $i + 1 ))
done
i=1
for j in $( grep -v ^$\|^# /etc/virtual-hosts | awk '{print $1}' ) ; do
ifconfig eth0:$i $j netmask 255.255.255.0
route add -host $j eth0:$i
$i=$(( $i + 1 ))
done
alternatively, stick another ethernet card in the machine and start using
eth1:0 - eth1:255 aliases.the limit is per interface.
andy,
as noted in the last line, the first virtual device number should
start with zero, eth0:0, so if you use one of the cool scripts above
remember that! ( this is noted in the NET3 HOWTO ) furthermore, while
i'll admit i don't use 'make' to manage my virtual hosts on my web
server ( yet :P ) it is relatively easy to set up a Makefile as
craig has suggested and that would most certainly be the elegant
way to help you manage your 200+ virtual hosts.
good luck!
m*
--
Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
On Thu, Jul 02, 1998 at 11:33:13PM +0800, Jieyao wrote: I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got a whole package of 256 IP addresses that I want to assign to this server. In the NET-3-HOWTO I read that I have to set it up like this: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. Correct me if I'm wrong, I believe that even for apache you still need IP for each virtualhost since each is going to be a diffenent domain. I think there are some way to do non-IP virtualhost but you would be handicapped in other services. Sorry I didn't get back to this, I've been away for a while. AFAIK the only problem with non-ip virtual web hosting is that on some very old browsers (netscape 1, mosaic etc) you just get the main page for the machine, because they don't send the full address of the page they're trying to get. But, no browser software currently shipping has that problem. There should be no reason not to use non-ip vhosting. -- __ | ian eure, network admin, freelance security consultant, and | | manically depressed paranoid schizophrenic, at your service. | ; [EMAIL PROTECTED] - http://minion.org ; : raw speed = 105.6 wpm with 4.5% errors : . . . . . . . . . . . . . . . . . . . . . . -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
First of all thanks a lot for your fast help, especially to Craig! firstly, replace all those ifconfig route commands with something like this: i=1 while [ $i -le 254 ] ; do ifconfig eth0:$i XXX.231.206.$i netmask 255.255.255.0 route add -host XXX.231.206.$i eth0:$i $i=$(( $i + 1 )) done Good idea! A lot easier to read that way. From your answers I assume that I really have to setup a virtual interface for every IP address. Isn't there a possibility to map a whole subnet XXX.231.206.everything? I thought I saw that on a system a while ago. It had even more IP addresses assigned to. But it might have been a FreeBSD system. secondly, the route command is optional. How come that I can't reach my own address(es) without a route? Shouldn't it be routed to the gateway, which would send it back to my machine? third: do you *really* need all those aliases configured right now? Nope, but soon. if not, then only configure the ones you actually need, *when* you need them. Why? Does it have any negative effects to have that many interfaces and routes configured? fourth: for a virtual hosting system, it's not terribly difficult to set things up so that the configurations for virtual web, ftp, mail, dns, and ip_aliasing are all controlled from one file. e.g. make a file called /etc/virtual-hosts which contains the following info: I like that idea. I'll probably set things up this way as soon as I have more time again. you can increase this limit by modifying the kernel sources. or start using 2.1 series kernels. Are you saying that 2.1 kernels have this limit set higher or are they using a completely different way of handling this situation? if you've got more than 255 virtual hosts then you probably want another machine to host them on anyway. don't try to make one machine do too much. I am sure linux can handle it. :-) No, seriously, more IP addresses doesn't necessary mean more traffic. It's just that some customers want their own domain which has to be mapped to a separate IP number. Thanks again for your help! Andy. -- Andy Spiegl, University of Technology, Muenchen, Germany E-Mail: [EMAIL PROTECTED] URL: http://www.spiegl.de PGP fingerprint: B8 48 24 7B DB 96 6F 1C D9 6D 8E 6C DB C2 E7 E9 o _ _ _ - __o __o /\_ _ \\o (_)\__/o (_) --- _`\,__`\,__(_) (_)/_\_| \ _|/' \/ -- (_)/ (_) (_)/ (_) (_)(_) (_)(_)' _\o_ ~~~ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
On Wed, Jul 01, 1998 at 10:30:46AM -0700, Ian Eure wrote: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. You can't do virtual FTP domains without IPs, and not all browsers support the virtual-host-by-name stuff that Apache has (but obviously all the modern ones do). you do not need the route add -net after each eth0 alias. You can't ping the local alias without it, but that's not tragic. Hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
On 1 Jul 1998, Andy Spiegl wrote:
I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got
a whole package of 256 IP addresses that I want to assign to this
server. In the NET-3-HOWTO I read that I have to set it up like this:
# here I am trying to set up the IP-Aliasing for the whole
# subnetwork XXX.231.206.x
ifconfig eth0:1 XXX.231.206.1 netmask 255.255.255.0 up
route add -net XXX.231.206.0 netmask 255.255.255.0 eth0:1
# [...]
# and so on, until:
ifconfig eth0:254 XXX.231.206.254 netmask 255.255.255.0 up
route add -net XXX.231.206.254 netmask 255.255.255.255 eth0:254
firstly, replace all those ifconfig route commands with something like
this:
i=1
while [ $i -le 254 ] ; do
ifconfig eth0:$i XXX.231.206.$i netmask 255.255.255.0
route add -host XXX.231.206.$i eth0:$i
$i=$(( $i + 1 ))
done
secondly, the route command is optional. and if you do use it, you should
use a host route, rather than a network route.
third: do you *really* need all those aliases configured right now? if
not, then only configure the ones you actually need, *when* you need
them.
fourth: for a virtual hosting system, it's not terribly difficult to
set things up so that the configurations for virtual web, ftp, mail,
dns, and ip_aliasing are all controlled from one file. e.g. make a file
called /etc/virtual-hosts which contains the following info:
#IP-address domain name username
XXX.231.206.1 foo.com.au foo
XXX.231.206.2 bar.com.au bar
modify /etc/init.d/networks to use field 1 (cut or awk or perl can
extract the info for you - e.g. awk '{print $1}' prints field 1) for
configuring the ip aliases. write the script so that it ignores blank
lines and comments ('grep -v ^$\|^#' is a good start).
i=1
for j in $( grep -v ^$\|^# /etc/virtual-hosts | awk '{print $1}' ) ; do
ifconfig eth0:$i $j netmask 255.255.255.0
route add -host $j eth0:$i
$i=$(( $i + 1 ))
done
then write scripts which generate config files for apache and proftpd
using all three fields (username being used to derive the public_html
and anon ftp dirs for the virtual host...subdirectories of ~username).
how you handle virtual mail depends on which mailer you useif
you use sendmail, then adding a line like @domain username to
/etc/virtusertable and then running makemap hash virtusertable
/etc/virtusertable will do the job.
zone files for bind can be auto-generated too, using the first two
fields...most virtual hosts will be identical except for IP address and
domain name. write this so that it only generates a zone file if one
doesn't already exist.
finally, write a Makefile to tie it all together...so adding a new
virtual host is as simple as editing /etc/virtual-hosts and typing make.
you *can* do all this in sh/awk/sed/cut but doing it in perl will be
much easier, especially where you need to use more than one field from
/etc/virtual-hosts at a time. doing that in perl is trivial. in sh it is
difficult.
BTW, you can add as many extra field to /etc/virtusertable as you
need...e.g. you could add a type field which defines whether a
particular virtual host is mail, web, ftp, or all three.
What I want seems to work this way, but I can't imagine that this is
the right way to do it. And if I will ever get another subnetwork to
add, how would I add it using the above method? I found that eth0:255
is the highest possible virtual network number. So I couldn't add any
more?
All you network-gurus: Please give me a hint or any pointer as to
where I can find more info on that.
you can increase this limit by modifying the kernel sources. or start
using 2.1 series kernels.
alternatively, stick another ethernet card in the machine and start using
eth1:0 - eth1:255 aliases.the limit is per interface.
if you've got more than 255 virtual hosts then you probably want another
machine to host them on anyway. don't try to make one machine do too
much.
craig
--
craig sanders
--
Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got a whole package of 256 IP addresses that I want to assign to this server. In the NET-3-HOWTO I read that I have to set it up like this: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. Correct me if I'm wrong, I believe that even for apache you still need IP for each virtualhost since each is going to be a diffenent domain. I think there are some way to do non-IP virtualhost but you would be handicapped in other services. Any ideas? __o __o __o __o __\_))__\_))__\_))__\_))___. --\---\ R O W I N G Jieyao [EMAIL PROTECTED] ICQ 836655 Don't waste your computer's time. Join the Singapore RC5 Effort now! http://www.raffles.nus.edu.sg/~rekcah/rc5/ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
I am running Debian with 1 IP address and like 20 or 30 virtual hosts, and EVERYTHING works. :) On Thu, 2 Jul 1998, Jieyao wrote: I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got a whole package of 256 IP addresses that I want to assign to this server. In the NET-3-HOWTO I read that I have to set it up like this: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. Correct me if I'm wrong, I believe that even for apache you still need IP for each virtualhost since each is going to be a diffenent domain. I think there are some way to do non-IP virtualhost but you would be handicapped in other services. Any ideas? __o __o __o __o __\_))__\_))__\_))__\_))___. --\---\ R O W I N G Jieyao [EMAIL PROTECTED] ICQ 836655 Don't waste your computer's time. Join the Singapore RC5 Effort now! http://www.raffles.nus.edu.sg/~rekcah/rc5/ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Please help with IP Aliasing
Hi!
I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got
a whole package of 256 IP addresses that I want to assign to this server.
In the NET-3-HOWTO I read that I have to set it up like this:
/etc/init.d/network: (part of the addresses X-ed out)
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
# here is the real IP address for this linux box
IPADDR=XXX.30.72.69
NETMASK=255.255.255.0
NETWORK=XXX.30.72.0
BROADCAST=XXX.30.72.255
GATEWAY=XXX.30.72.70
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
[ ${GATEWAY} ] route add default gw ${GATEWAY} metric 1
# here I am trying to set up the IP-Aliasing for the whole
# subnetwork XXX.231.206.x
ifconfig eth0:1 XXX.231.206.1 netmask 255.255.255.0 up
route add -net XXX.231.206.0 netmask 255.255.255.0 eth0:1
ifconfig eth0:2 XXX.231.206.2 netmask 255.255.255.0 up
route add -net XXX.231.206.2 netmask 255.255.255.255 eth0:2
ifconfig eth0:3 XXX.231.206.3 netmask 255.255.255.0 up
route add -net XXX.231.206.3 netmask 255.255.255.255 eth0:3
# [...]
# and so on, until:
ifconfig eth0:253 XXX.231.206.253 netmask 255.255.255.0 up
route add -net XXX.231.206.253 netmask 255.255.255.255 eth0:253
ifconfig eth0:254 XXX.231.206.254 netmask 255.255.255.0 up
route add -net XXX.231.206.254 netmask 255.255.255.255 eth0:254
What I want seems to work this way, but I can't imagine that this
is the right way to do it. And if I will ever get another subnetwork
to add, how would I add it using the above method? I found that
eth0:255 is the highest possible virtual network number. So I
couldn't add any more?
All you network-gurus: Please give me a hint or any pointer as
to where I can find more info on that.
Thank you so much in advance!
Andy.
--
Andy Spiegl, University of Technology, Muenchen, Germany
E-Mail: [EMAIL PROTECTED] URL: http://www.spiegl.de
PGP fingerprint: B8 48 24 7B DB 96 6F 1C D9 6D 8E 6C DB C2 E7 E9
o _ _ _
- __o __o /\_ _ \\o (_)\__/o (_)
--- _`\,__`\,__(_) (_)/_\_| \ _|/' \/
-- (_)/ (_) (_)/ (_) (_)(_) (_)(_)' _\o_
~~~
--
Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
On Wed, Jul 01, 1998 at 02:55:39PM +, Andy Spiegl wrote: Hi! I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got a whole package of 256 IP addresses that I want to assign to this server. In the NET-3-HOWTO I read that I have to set it up like this: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. The script you've shown should work, but a quicker way to do it would be: for ip in 1 2 3 4 5 6 7 8 9 10 ... do ifconfig eth0:$ip xxx.xxx.xxx.$ip netmask 255.255.255.0 done you do not need the route add -net after each eth0 alias. [stuff deleted] What I want seems to work this way, but I can't imagine that this is the right way to do it. And if I will ever get another subnetwork to add, how would I add it using the above method? I found that eth0:255 is the highest possible virtual network number. So I couldn't add any more? All you network-gurus: Please give me a hint or any pointer as to where I can find more info on that. -- __ | ian eure, network admin, freelance security consultant, and | | manically depressed paranoid schizophrenic, at your service. | ; [EMAIL PROTECTED] - http://minion.org ; : raw speed = 105.6 wpm with 4.5% errors : . . . . . . . . . . . . . . . . . . . . . . -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
I only have 1 main IP address (actually 5, but only one is used), and I host a number of domains for web space and mail I use Apache, and Qmail Both are really good for Virtual Hosting Matthew On Wed, 1 Jul 1998, Ian Eure wrote: On Wed, Jul 01, 1998 at 02:55:39PM +, Andy Spiegl wrote: Hi! I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got a whole package of 256 IP addresses that I want to assign to this server. In the NET-3-HOWTO I read that I have to set it up like this: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. The script you've shown should work, but a quicker way to do it would be: for ip in 1 2 3 4 5 6 7 8 9 10 ... do ifconfig eth0:$ip xxx.xxx.xxx.$ip netmask 255.255.255.0 done you do not need the route add -net after each eth0 alias. [stuff deleted] What I want seems to work this way, but I can't imagine that this is the right way to do it. And if I will ever get another subnetwork to add, how would I add it using the above method? I found that eth0:255 is the highest possible virtual network number. So I couldn't add any more? All you network-gurus: Please give me a hint or any pointer as to where I can find more info on that. -- __ | ian eure, network admin, freelance security consultant, and | | manically depressed paranoid schizophrenic, at your service. | ; [EMAIL PROTECTED] - http://minion.org ; : raw speed = 105.6 wpm with 4.5% errors : . . . . . . . . . . . . . . . . . . . . . . -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Please help with IP Aliasing
If you are using apache and qmail, you have no need whatsoever for binding more than 1 ip to your system. eg, on my system, I'm doing virtual webhosting email for a few domains. so... if you go to http://crosssound.narrows.com, you get one page. If you go to http://www3.minion.ml.org, you get a different page. If you nslookup those two names, they come up with the same ip, 198.93.1.102. In apache's /etc/apache/httpd.conf, I have a section like so: VirtualHost minion.ml.org ServerAdmin [EMAIL PROTECTED] DocumentRoot /home2/ieure/minion ServerName minion.ml.org ErrorLog /var/log/apache/minion.ml.org-error_log TransferLog /var/log/apache/minion.ml.org-access_log /VirtualHost I use smail, not qmail, so I can't help with that... but when smail was installed, it asked for other hostnames to process mail for... add whatever names you need, then just make sure that all of them are CNAMES in your dns zone file. This is also more stable than having many ip aliases in some cases. On Wed, Jul 01, 1998 at 03:16:04PM -0400, matthew tebbens wrote: I only have 1 main IP address (actually 5, but only one is used), and I host a number of domains for web space and mail I use Apache, and Qmail Both are really good for Virtual Hosting Matthew On Wed, 1 Jul 1998, Ian Eure wrote: On Wed, Jul 01, 1998 at 02:55:39PM +, Andy Spiegl wrote: Hi! I am currently setting up a Mail and Webserver (hamm, 2.0.33). I have got a whole package of 256 IP addresses that I want to assign to this server. In the NET-3-HOWTO I read that I have to set it up like this: Why do you want to give the machine 256 ips? It's pointless unless you do webhosting, and there are better ways of doing that eg with apache's VirtualHost setup. The script you've shown should work, but a quicker way to do it would be: for ip in 1 2 3 4 5 6 7 8 9 10 ... do ifconfig eth0:$ip xxx.xxx.xxx.$ip netmask 255.255.255.0 done you do not need the route add -net after each eth0 alias. [stuff deleted] What I want seems to work this way, but I can't imagine that this is the right way to do it. And if I will ever get another subnetwork to add, how would I add it using the above method? I found that eth0:255 is the highest possible virtual network number. So I couldn't add any more? All you network-gurus: Please give me a hint or any pointer as to where I can find more info on that. -- __ | ian eure, network admin, freelance security consultant, and | | manically depressed paranoid schizophrenic, at your service. | ; [EMAIL PROTECTED] - http://minion.org ; : raw speed = 105.6 wpm with 4.5% errors : . . . . . . . . . . . . . . . . . . . . . . -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- __ | ian eure, network admin, freelance security consultant, and | | manically depressed paranoid schizophrenic, at your service. | ; [EMAIL PROTECTED] - http://minion.org ; : raw speed = 105.6 wpm with 4.5% errors : . . . . . . . . . . . . . . . . . . . . . . -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: IP Aliasing
On Dec 19, [EMAIL PROTECTED] wrote I just threw together a page on IP Aliasing, since it seems to be a topic more and more. If someone more knowledgeable than I could take a look at it, I would appreciate it. Heh. Oops! I guess telling you where to look would be even better! It's off my ISP page http://www.buoy.com/isp Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 671 http://www.buoy.comRidge, NY 11961 [EMAIL PROTECTED]/[EMAIL PROTECTED](516) 476-3031 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
IP Aliasing
I just threw together a page on IP Aliasing, since it seems to be a topic more and more. If someone more knowledgeable than I could take a look at it, I would appreciate it. Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 671 http://www.buoy.comRidge, NY 11961 [EMAIL PROTECTED]/[EMAIL PROTECTED](516) 476-3031 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
On Fri, 19 Dec 1997 [EMAIL PROTECTED] wrote: On Dec 19, [EMAIL PROTECTED] wrote I just threw together a page on IP Aliasing, since it seems to be a topic more and more. If someone more knowledgeable than I could take a look at it, I would appreciate it. Heh. Oops! I guess telling you where to look would be even better! It's off my ISP page http://www.buoy.com/isp You might note that the procedure for Red Hat Linux 4.2 is as follows (I haven't installed 5.0 yet, so I don't know how it differs): 1. Use your favorite method to recompile your kernel. Answer Y to CONFIG_NET_ALIAS and CONFIG_IP_ALIAS. Install the new kernel and reboot. 2. Create a new network interface configuration file for the interface alias. The easiest way is to copy an existing configuration file. The name of the new configuration file should reflect the name of the interface alias. For instance, if you are creating an alias on the zero'th ethernet interface, eth0, copy the eth0 configuration file: cd /etc/sysconfig/network-scripts cp -p ifcfg-eth0 ifcfg-eth0:0 This will create a file in /etc/sysconfig/network-scripts named ifcfg-eth0:0. The name reflects the file's role: to configure the zero'th alias on the zero'th ethernet interface. 3. Using your favorite editor, edit the newly-created network interface configuration file and make appropriate changes to the values in the file. Specifically, you'll need to change the DEVICE and IPADDR lines at the very least. For example, suppose the interface configuration file we copied, eth0's, looked like this: DEVICE=eth0 IPADDR=10.151.9.241 NETMASK=255.255.255.0 NETWORK=10.151.9.0 BROADCAST=10.151.9.255 ONBOOT=yes Suppose we were creating the zero'th alias on the zero'th ethernet interface, so we need to change the DEVICE value to eth0:0. The alias is to have the IP address, 10.151.9.242, so we need to change the IPADDR value. The address is on the same network, within the same subnet, responds to the same broadcast address, and should be configured at boot-time, so the other values will stay the same. We would thus change the above to: DEVICE=eth0:0 IPADDR=10.151.9.242 NETMASK=255.255.255.0 NETWORK=10.151.9.0 BROADCAST=10.151.9.255 ONBOOT=yes Save the changes and exit the editor. 3. To active the new network interface alias, issue the following command from the /etc/sysconfig/network-scripts directory: ./ifup ifcfg-eth0:0 replacing ifcfg-eth0:0 with the name of the interface alias configuration file you just created. If, at some point in the future, you want to deactivate the interface alias temporarily, issue the following command, also from the /etc/sysconfig/network-scripts directory: ./ifdown ifcfg-eth0:0 4. Test your new interface alias by pinging its IP address: ping 10.151.9.242 If you receive a response, your new interface has been set-up successfully. Your Red Hat Linux system will automatically configure the interface alias again whenever the system is started. -- Steve Coile P a t r i o t N e t Systems Engineering [EMAIL PROTECTED] Patriot Computer Group(703) 277-7737 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
Nice page, I don't ever put the dev in my route add -host 111.222.333.444 eth0:1 line. you might want to go into, eth0 being the first ethernet card, and some ppl may want it on eth1, and how to create multiple aliases with eth0:2, eth0:3, etc. other than that sounds great to me!! HTH, -Craig On Fri, 19 Dec 1997 [EMAIL PROTECTED] wrote: On Dec 19, [EMAIL PROTECTED] wrote I just threw together a page on IP Aliasing, since it seems to be a topic more and more. If someone more knowledgeable than I could take a look at it, I would appreciate it. Heh. Oops! I guess telling you where to look would be even better! It's off my ISP page http://www.buoy.com/isp Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 671 http://www.buoy.comRidge, NY 11961 [EMAIL PROTECTED]/[EMAIL PROTECTED](516) 476-3031 === Craig SawyerThe Yuma Area LUG:[EMAIL PROTECTED] [EMAIL PROTECTED] Debian/GNU Linux the Beautiftical OS NEED ISP HELP?: http://happy.digitaldune.net/~pbs === -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
On Dec 19, Craig Sawyer wrote Nice page, I don't ever put the dev in my route add -host 111.222.333.444 eth0:1 line. Hrm. Good point. It's not in the man page anymore. I guess old habits die hard.. you might want to go into, eth0 being the first ethernet card, and some ppl may want it on eth1, and how to create multiple aliases with eth0:2, eth0:3, etc. OK. I'll make it a little more obvious. Thanks, Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 671 http://www.buoy.comRidge, NY 11961 [EMAIL PROTECTED]/[EMAIL PROTECTED](516) 476-3031 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: BIND 8.1.1 and IP aliasing in Linux
I have several Linux DNS servers, two of which have IP aliases on one interface. Recently I upgraded from BIND 4.9.6 to BIND 8.1.1. One of the subtle problems I have noticed is now the machines that have IP aliases don't automatically update a zone when sent a notify by the primary server. Under 4.9.6 they had no problems. I've noticed that the debian package for bind 4.9.6 isn't to great (no offense to whomever made it), so i downloaded bind-4.9.6-REL.tar.gz, and manually did it myself. I have not and will not goto 8.x until they resolve a lot of errors. Right now i am quite happy with 4.9.6, it works as it should, and isn't a hassle what so ever. Now to your questions, could you possibly be forgetting to increment your serial numbers in your databases? If so, that would possibly explain lack of zone transfers to your secondaries. Also, setting up a cronjob to pull records is a good idea. I have cron run named-xfer with the correct parameters every 6 hours on my secondaries to pull from myself. If i haven't been a help sorry =\, else, goo : *** dA' Phucilage Phactory*Yesturday upon the stair,* *I met a guy who wasn't there,* *He wasn't there again today, * [EMAIL PROTECTED]*I think he's from the CIA. * *** author unknown -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: BIND 8.1.1 and IP aliasing in Linux
On Thu, 18 Dec 1997, dA' Phucilage Phactory wrote: I have several Linux DNS servers, two of which have IP aliases on one interface. Recently I upgraded from BIND 4.9.6 to BIND 8.1.1. One of the subtle problems I have noticed is now the machines that have IP aliases don't automatically update a zone when sent a notify by the primary server. Under 4.9.6 they had no problems. I've noticed that the debian package for bind 4.9.6 isn't to great (no offense to whomever made it), so i downloaded bind-4.9.6-REL.tar.gz, and manually did it myself. I have not and will not goto 8.x until they resolve a lot of errors. Right now i am quite happy with 4.9.6, it works as it should, and isn't a hassle what so ever. Now to your questions, could you possibly be forgetting to increment your serial numbers in your databases? If so, that would possibly explain lack of zone transfers to your secondaries. Also, setting up a cronjob to pull records is a good idea. I have cron run named-xfer with the correct parameters every 6 hours on my secondaries to pull from myself. No sorry, I know the serial numbers are not the problem. If I do a 'ndc reload' then it does the zone xfer alright. As I said - the only difference between when it was receiving and processing successfully the notifies from primary servers and now (when it's not) is that now I've added an IP alias to one interface and let named auto-detect the interfaces (rather than specifying via 'listen-on' directives, which appears to be no problem if you believe the logs). BTW, I'm not using (and haven't been using) the debian BIND package(s) - I've built my own, but the system is otherwise debian 1.3.whatever (bo). But thanx for some interest... 8---8 Richard Shepherd ([EMAIL PROTECTED]) Phone: 07-838-4764 8---8 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
BIND 8.1.1 and IP aliasing in Linux
I have several Linux DNS servers, two of which have IP aliases on one interface. Recently I upgraded from BIND 4.9.6 to BIND 8.1.1. One of the subtle problems I have noticed is now the machines that have IP aliases don't automatically update a zone when sent a notify by the primary server. Under 4.9.6 they had no problems. Points of interest: 1. One machine, which has always had aliases, stopped doing updates on receiving notifies as soon as it was upgraded to 8.1.1. 2. Another machine was doing the notifies fine under 8.1.1 UNTIL we added the IP alias, and now it too ignores them. 3. I haven't used any listen-on directives in /etc/named.conf, though the default behaviour of using all available ones seems to be working (and noted in the log file). Is this a documented problem with either Linux IP aliases or BIND 8.1.1? I'd be grateful to hear. 8---8 Richard Shepherd ([EMAIL PROTECTED]) Phone: 07-838-4764 8---8 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
-BEGIN PGP SIGNED MESSAGE- On Thu, 11 Dec 1997 [EMAIL PROTECTED] wrote: Hello, Our upstream provider is forcing us to change our Class C. Now, we need to run two blocks parallel for awhile. We're running Debian Linux (2.0.32) and I was wondering how to set up an IP address alias. i.e. we want our eth0 card to have two different addresses. Any pointers on how to do this? Roll a kernel with ip-alias included or as a module (in the latter case make sure the module is loaded) and use the normal ifconfig commands on the magic names eth0:0, eth0:1,... to configure additional IP adresses on the same physical device. See also kernel-source/Documentation/networking/alias.txt -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBNJE3OVptA0IhBm0NAQFlDwL/WH7SWvwWK2vtiZisECJ304uDkBkotdw4 1yzjRy/ljjC4OzWPKi6GAJKqZkMolVnBie0umu9gnq14oavpkGQBuZzmWx4cA4hq PhuUDvz/HgkqXPfFOD2c7JR64SOZlKME =PVMo -END PGP SIGNATURE- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
IP Aliasing
Hello, Our upstream provider is forcing us to change our Class C. Now, we need to run two blocks parallel for awhile. We're running Debian Linux (2.0.32) and I was wondering how to set up an IP address alias. i.e. we want our eth0 card to have two different addresses. Any pointers on how to do this? Thanks in advance, Steve AracNet -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
As a further note, we are using SCO and an older version of Slackware. On the Slackware machine, we compiled in a patch so that the command 'ifconfig net0 alias x.x.x.x' works. It works by default in SCO 5. I was hoping there's a way to do it on the linux box without patching anything. Thanks again, Steve AracNet On Thu, 11 Dec 1997 [EMAIL PROTECTED] wrote: Hello, Our upstream provider is forcing us to change our Class C. Now, we need to run two blocks parallel for awhile. We're running Debian Linux (2.0.32) and I was wondering how to set up an IP address alias. i.e. we want our eth0 card to have two different addresses. Any pointers on how to do this? Thanks in advance, Steve AracNet -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
On Thu, 11 Dec 1997 [EMAIL PROTECTED] wrote: Our upstream provider is forcing us to change our Class C. Now, we need to run two blocks parallel for awhile. We're running Debian Linux (2.0.32) and I was wondering how to set up an IP address alias. i.e. we want our eth0 card to have two different addresses. Any pointers on how to do this? There is a mini-HOWTO. /usr/doc/HOWTO/mini/IP-Alias.gz I have never done this before, so this is the only thing I can tell you about it. Ciao, Martin -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP aliasing
Maarten Boekhold wrote: I tried to steup an IP alias on a machine here. According to the Virtual-Web mini-HOWTO, I can do: ifconfig eth0 alias new-address However, ifconfig says 'alias' is not a hostname. 'man ifconfig' doesn't say anything about aliasing. This is with netbase 2.13-1. Anybody who can get me goin' on this? NET-3-HOWTO, but more specifically: ifconfig eth0 myrealaddr options ifconfig eth0:1 myfirstipalias options... ifconfig eth0:2 mysecondipalias options... regards Terry -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP aliasing
On Thu, Sep 11, 1997 at 03:30:18PM +1000, Terry Dawson wrote: : Maarten Boekhold wrote: : : I tried to steup an IP alias on a machine here. According to the : Virtual-Web mini-HOWTO, I can do: : : ifconfig eth0 alias new-address : : However, ifconfig says 'alias' is not a hostname. 'man ifconfig' doesn't : say anything about aliasing. This is with netbase 2.13-1. : : Anybody who can get me goin' on this? : : NET-3-HOWTO, but more specifically: : : ifconfig eth0 myrealaddr options : ifconfig eth0:1 myfirstipalias options... : ifconfig eth0:2 mysecondipalias options... I propose this get included in a subsequent Debian release... I run this as /etc/init.d/virtualhosts. I wrote it, you can have it... cut here- #!/bin/bash # Copyleft Jason Costomiris [EMAIL PROTECTED] # Reserved rights? Nah, just leave these comment lines. # Stick your IPs or hostnames in the names line, put a space between them. names= count=0 if [ $1 = stop ]; then for addr in $names do /sbin/route del $addr /sbin/ifconfig eth0:$count- $addr let count=$count+1 done elif [ $1 = start -o $1 = ]; then for addr in $names do /sbin/ifconfig eth0:$count $addr /sbin/route add -host $addr dev eth0:$count let count=$count+1 done else echo 'Usage: '$0' [start|stop]' fi cut here- -- Jason Costomiris | Finger for PGP 2.6.2 Public Key [EMAIL PROTECTED] | There is a fine line between idiocy My employers like me, but not| and genius. We aim to erase that line enough to let me speak for them. | --Unknown http://www.jasons.org/~jcostom -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
IP aliasing
Hi, I tried to steup an IP alias on a machine here. According to the Virtual-Web mini-HOWTO, I can do: ifconfig eth0 alias new-address However, ifconfig says 'alias' is not a hostname. 'man ifconfig' doesn't say anything about aliasing. This is with netbase 2.13-1. Anybody who can get me goin' on this? Maarten _ | Maarten Boekhold, Faculty of Electrical Engineering TU Delft, NL| | [EMAIL PROTECTED] | - -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP aliasing
On Wed, 10 Sep 1997, Maarten Boekhold wrote: : Hi, : : I tried to steup an IP alias on a machine here. According to the : Virtual-Web mini-HOWTO, I can do: : : ifconfig eth0 alias new-address : : However, ifconfig says 'alias' is not a hostname. 'man ifconfig' doesn't : say anything about aliasing. This is with netbase 2.13-1. Use 'ifconfig eth0:1 new-address' Remco -- // Remco van de Meent // email: [EMAIL PROTECTED] // www: http://oloon.student.utwente.nl //Never make any mistaeks. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP aliasing
Remco van de Meent [EMAIL PROTECTED] wrote: : Use 'ifconfig eth0:1 new-address' Right; then use eth0:2, then eth0:3 and so on for new virtual hosts. E.- -- Eloy A. Paris Information Technology Department Rockwell Automation de Venezuela Telephone: +58-2-9432311 Fax: +58-2-9431645 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP aliasing
Maarten Boekhold wrote: Hi, I tried to steup an IP alias on a machine here. According to the Virtual-Web mini-HOWTO, I can do: ifconfig eth0 alias new-address However, ifconfig says 'alias' is not a hostname. 'man ifconfig' doesn't say anything about aliasing. This is with netbase 2.13-1. Anybody who can get me goin' on this? Maarten i had a similar problem today! in addition to Remco and Eloy, check to make sure your kernel has network aliasing and aliasing support configured in. if you configure aliasing support as a module ( ip_alias ), make sure you load that module at boot. m* -- The Shining One -- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP aliasing in debian 1.3
On Wed, 20 Aug 1997, Dan Dooher wrote: I'm trying to enable IP aliasing, but when a execute: /sbin/insmod /lib/modules/`uname -r`/ipv4/ip_alias.o It returns: ip_alias.o: No such file or directory. It sounds like you need to build yourself a custom kernel. Get the 'kernel-package' package and a 'kernel-source' package. Read the instructions for 'kernel-package', and when you configure your kernel make sure that you check out the networking options, selecting 'IP Aliasing'. If you need extra pointers, drop me an email - I'd be happy to help. Rich. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
IP aliasing in debian 1.3
Gang, I'm trying to enable IP aliasing, but when a execute: /sbin/insmod /lib/modules/`uname -r`/ipv4/ip_alias.o It returns: ip_alias.o: No such file or directory. Can anyone tell me where I can get this and if there are any special instructions I should no about? Regards, Dan -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
IP Aliasing
I just recently converted from RedHat to Debian Linux and my question is: I want my box to listen on two IP addresses. On RedHat it was simple: ifconfig eth0:1 inet new-ip-address broadcast broadcast-address up The Debian system says, SIOCSIFADDR: No such device, SIOCSIFBRDADDR: No such device. The man page on the Debian system is the same on the old RedHat system--so that's no help. Can any one tell me the args to ifconfig for IP aliasing under Debian? Regards, Dan -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: IP Aliasing
On Wed, 13 Aug 1997, Dan Dooher wrote: : I just recently converted from RedHat to Debian Linux and my question : is: : I want my box to listen on two IP addresses. : : On RedHat it was simple: : ifconfig eth0:1 inet new-ip-address broadcast broadcast-address up : : The Debian system says, SIOCSIFADDR: No such device, SIOCSIFBRDADDR: No : such device. : : The man page on the Debian system is the same on the old RedHat : system--so that's : no help. Can any one tell me the args to ifconfig for IP aliasing under : Debian? Well, I don't think your syntax is incorrect, but are you sure you enabled IP-Aliasing during kernel compile? I don't think the out-of-the-box-Debian-Linux-kernel supports ip_alias. Remco. -- // Remco van de Meent // email: [EMAIL PROTECTED] // www: http://oloon.student.utwente.nl //Never make any mistaeks. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
ip aliasing and virtual servers
I am new to Linux (just installed it a week since) and I want to get the machine to answer to additional ip addresses and run virtual servers with apache. Is there a comprehensive guide to this anywhere? I have read the mini-HowTo on ipaliasing but its not very clear to me (being a newbie!) and I really need a step-by step guide. I haven't a clue how to re-compile the kernal or set up modules. Any help appreciated. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Does IP aliasing work?
In [EMAIL PROTECTED], [EMAIL PROTECTED] (John D. Amidon) writes: My hardware is a Gateway 2000, 3c509 ethernet card, and Debian kernel is 2.0.6 built to include `ip_aliasing'. I see `/proc/net/alias*' files so I take it the kernel was built correctly. [...SNIP...] The NET-2-HOWTO makes it sound sooo easy as does the mini-howto at http://sunsite.unc.edu/mdw/HOWTO/mini/IP-Alias. What are we doing wrong? Just to follow up - we did get IP aliasing to work. It turned out we did not have the kernel built correctly after all. I guess 'make menuconfig' was just too easy for me! I'm glad it works - it would have seemed silly to have to install two Ethernet adapters, both connected to the same cable. -- Robert (Robin) Ristow - Senior Engineer Voice: (770) 447-6831 JHK Associates (An SAIC Company)Fax:(770) 449-7268 3500 Parkway Lane, Suite 600, Norcross, GA 30092 E-mail: [EMAIL PROTECTED]
Re: Does IP aliasing work?
John D. Amidon ([EMAIL PROTECTED]) wrote: : vtcs-cvs# ifconfig eth0:0 136.0.0.1 : SIOCSIFADDR: Invalid argument It means you have no eth0:0. Probably you didn't load the ip_alias module; just issue insmod ip_alias and it should work. A good idea would be to run kerneld (he manages things like that for you). The file /proc/net/alias exists wether you load the module or not. -Winfried
