Try to run /sbin/ifconfig... It show's the IP adresses your interfaces have... has your interface all those 4 adresses? I think not... If not you should "add" those IP adresses to the interface Try something like this: #ip addr add 213.84.46.145/24 dev ppp+ broadcast 213.84.46.255 After that you should proxy-ARP or SNAT them to another machine on the internal network (or better DMZ) because I don't see the advantage of running more than one IP adress on the linux box itself -----Original Message----- From: Nico Berg [mailto:nberg@gandalf.xs4all.nl] Sent: 30 August 2002 10:33 To: lartc@mailman.ds9a.nl Subject: 4 ipadresses only one working Dear listreaders, This is about my last hope! I'm new to this list. Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl connection and can loggin 4 times. Every time I loggin at my ISP I get an ipadres. So I own 4 ipadresses. Only this first adress is working. The other 3 are connected, can do a tcpdump and see reaction's only the one who is pinging doesn't get an reaction. So, apperently the machine doesn't react to this ipadresses because they are not in the system or so???? I put in a piece tcpdump. tcpdump: listening on ppp1 14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request Reaction from the ping adres PING 213.84.46.145 (213.84.46.145): 56 data bytes ^C --- 213.84.46.145 ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss I can ping from my intern network then it works normal with a normal reaction. I have a server (the machine discused above) and 4 machine getting there internetaccess from the server with iptables. #!/bin/sh # Masquerading firewall (simpel) # 13 augustus 2001 # Bart Geverts (bart@hakkefest.linux-site.net) # Een hele eenvoudige masquerading firewall waarmee het mogelijk om met het # hele achterliggende LAN het internet op te kunnen. Het 'firewall' gedeelte # bestaat uit het afsluiten van een aantal poorten waarop relatief riskante # servers draaien. Alleen de variabelen moeten aan de omgeving worden aangepast. ############################################################################ #### # variabelen # waar iptables staat IPTABLES="/usr/sbin/iptables" # interfaces INTERNAL_INTERFACE="eth1" # interface waarmee gateway aan lokale netwerk zit EXTERNAL_INTERFACE="ppp+" # interface waarmee gateway aan het internet zit #EXTERNAL_INTERFACE2="ppp1" # tweede ipnr #EXTERNAL_INTERFACE3="ppp2" # derde #EXTERNAL_INTERFACE4="ppp3" # vierde # ipadressen / netwerken LAN="196.168.0.1/24" # lokale netwerk # ip nummers #IP_nr_1="213.84.46.144" #IP_nr_2="213.84.46.145" #IP_nr_3="213.84.46.146" #IP_nr_4="213.84.46.147" ############################################################################ #### # clean-up + init # flush en clear alle rules en zet de tellers op 0 $IPTABLES -F $IPTABLES -X $IPTABLES -Z $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t nat -Z # set de default policies $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT ############################################################################ #### # initialiseren van de kernel ## Enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward ############################################################################ #### # masquerade ## Alles met afkomst van of bestemming lokale netwerk heeft forwarden $IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE $IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s $LAN -d ! $LAN -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE -d $LAN -s ! $LAN -j ACCEPT ############################################################################ ##### Tweede IPnr #$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE #$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE2 -s $LAN -d ! $LAN -j ACCEPT #$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE2 -d $LAN -s ! $LAN -j ACCEPT #$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE_2 -j ACCEPT #$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE_2 -j ACCEPT ############################################################################ #### # riskante servers afsluiten ## telnet afsluiten voor de buitenwereld $IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j DROP # #$IPTABLES -L If my ipadresses working properly then I want to extend the firewallscript to a normal working firewall (in the mean time I have updated my swiss cheese to a normal functional firewall). I hope somebody can help me out here and tell me how to (I think Postrouting or so) my 3 adresses. If there is somebody interested I have put a lot of information on a webpages and publised it on the first ipadres: http://gandalf.xs4all.nl/Suse.html So please help! Greetings, Nico Berg _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
