El 12/09/13 19:02, johnny bowen escribió:
First I need to gather a little information.
Johnny,
I'm grateful..
It sounds like you have two subnets connected to the same switch which
are then connected to one ethernet port that has an alias on it.
yes, i have a three interface shorewall
1. ifconfig
br0 link ..... xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is a
public IP)
eth0 link ....
eth1 192.168.4.254
eth1:0 192.168.6.254
eth2 link
You are rigth, there are two subnets link to eth1
--------------------------------
SHOREWALL
2. interfaces file:
pub br0 detect logmartians,routerfilter,bridge
net br0:eth0
dmz br0:eth2
- eth1 detect dhcp (as you suggest me)
-----------------------
3. zones file:
fw firewall
pub ipv4
net:pub bport4
dmz:pub bport4
loc ipv4
guest ipv4
--------------------------
4. bridge file:
BRIDGE_INGERFACE=br0
INTERFACES="eth0 eth2"
-------------------------
5. hosts file:
loc eth1:192.168.4.0/24
guest eth1:192.168.6.0/24
------------------------------
6. masq file:
...
eth1:0 192.168.6.0/24
eth1 192.168.4.0/24
#Last line
br0 192.168.6.0/24 xxx.xxx.xxx.xxx
br0 192.168.4.0/24 xxx.xxx.xxx.xxx
------------------------------------
Why are you using two subnets?
the mount of subnets is because one segment is going to be used from
local users (employees, ...)
the another one is to provide just internet support to guests, movil
devices, eventual users etc, etc... and insolate the connections. This
ip only would have internet connection and not more
i would separate ips and subtnets to have a little one security and control
If you need dhcp on both subnets when a client connects to network it
will make a broadcast dhcp query to get an ip address. So any dhcp
server listening on either 192.168.4.0/24 <http://192.168.4.0/24> or
192.168.6.0/24 <http://192.168.6.0/24> will respond.
!!!ups!!!!! then, there are no solution from control which one 4.xxx
or 6.xxx will have the new device when is connect to the network ???
There will be a race condition. The first reply received is the one
that that computer will use.
It's hard to understand exactly what you're trying to accomplish, but
I get the feeling that you want to have a network with mixed static
ips and dynamic ips.
yes, the 192.168.4.0/24 subnet, just this have a mix of dinamic and
static. I have dnsmasq-host.conf file wich contains mac address and IP's
number to get static IP's ... and the dnsmas.conf file is configurated
to leave a segment (192.168.4.200 -- 192.168.4.220) as a dinamic IPS
In the same file dnsmasq.conf the i put all 192.168.6.0/24 to leave
dinamic ips
For that you could use one single net: 192.168.6.0/24
<http://192.168.6.0/24>, then just configure your dhcpd server to only
select dynamic ips from a pool like: 192.168.6.50-192.168.6.254
o.k.. i understand what you mean.. the razon is, my boss ask me for this
configuration... a mix of static and dinamic IPs for one subnet and the
another one only dinamic subnets...
If you want to keep your current setup you can force the dhcp server
to only listen on a specific interface.
and what if i need listening in both ???
I really apreciate your help, thanks a lot
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
