> -----Oorspronkelijk bericht----- > Van: lartc-admin@mailman.ds9a.nl > [mailto:lartc-admin@mailman.ds9a.nl]Namens niels@wxn.nl > Verzonden: vrijdag 30 augustus 2002 11:23 > Aan: nberg@gandalf.xs4all.nl; lartc@mailman.ds9a.nl > Onderwerp: RE: 4 ipadresses only one working > > > Try to run /sbin/ifconfig... It show's the IP adresses your interfaces > have... has your interface all those 4 adresses? I think not... Yes I do have all the 4 adresses!!!!! > > If not you should "add" those IP adresses to the interface > > Try something like this: > > #ip addr add 213.84.46.145/24 dev ppp+ broadcast 213.84.46.255 This doesn't work, I still can not ping to this adress from another server! I am new to this kind of stuff and I don't know shit about it, so excuse me if I do not understand why it doesn't work this way, it looked good. Greetings, Nico Berg > > After that you should proxy-ARP or SNAT them to another machine on the > internal network (or better DMZ) because I don't see the advantage of > running more than one IP adress on the linux box itself > > > -----Original Message----- > From: Nico Berg [mailto:nberg@gandalf.xs4all.nl] > Sent: 30 August 2002 10:33 > To: lartc@mailman.ds9a.nl > Subject: 4 ipadresses only one working > > > Dear listreaders, > This is about my last hope! I'm new to this list. > Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl > connection and can loggin 4 times. Every time I loggin at my ISP I get an > ipadres. So I own 4 ipadresses. Only this first adress is working. > > The other 3 are connected, can do a tcpdump and see reaction's > only the one > who is pinging doesn't get an reaction. So, apperently the machine doesn't > react to this ipadresses because they are not in the system or > so???? I put > in a piece tcpdump. > > tcpdump: listening on ppp1 > 14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > 14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > 14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > 14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > 14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > 14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > 14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request > > Reaction from the ping adres > PING 213.84.46.145 (213.84.46.145): 56 data bytes > ^C > --- 213.84.46.145 ping statistics --- > 7 packets transmitted, 0 packets received, 100% packet loss > > I can ping from my intern network then it works normal with a normal > reaction. I have a server (the machine discused above) and 4 > machine getting > there internetaccess from the server with iptables. > > #!/bin/sh > > # Masquerading firewall (simpel) > # 13 augustus 2001 > # Bart Geverts (bart@hakkefest.linux-site.net) > > # Een hele eenvoudige masquerading firewall waarmee het mogelijk > om met het > # hele achterliggende LAN het internet op te kunnen. Het > 'firewall' gedeelte > # bestaat uit het afsluiten van een aantal poorten waarop > relatief riskante > # servers draaien. Alleen de variabelen moeten aan de omgeving worden > aangepast. > > > ################################################################## > ########## > #### > # variabelen > > # waar iptables staat > IPTABLES="/usr/sbin/iptables" > > # interfaces > INTERNAL_INTERFACE="eth1" # interface waarmee gateway aan lokale netwerk > zit > EXTERNAL_INTERFACE="ppp+" # interface waarmee gateway aan het > internet zit > #EXTERNAL_INTERFACE2="ppp1" # tweede ipnr #EXTERNAL_INTERFACE3="ppp2" # > derde #EXTERNAL_INTERFACE4="ppp3" # vierde > > # ipadressen / netwerken > LAN="196.168.0.1/24" # lokale netwerk > > # ip nummers > #IP_nr_1="213.84.46.144" > #IP_nr_2="213.84.46.145" > #IP_nr_3="213.84.46.146" > #IP_nr_4="213.84.46.147" > > > ################################################################## > ########## > #### > # clean-up + init > > # flush en clear alle rules en zet de tellers op 0 > $IPTABLES -F > $IPTABLES -X > $IPTABLES -Z > $IPTABLES -t nat -F > $IPTABLES -t nat -X > $IPTABLES -t nat -Z > > # set de default policies > $IPTABLES -P INPUT ACCEPT > $IPTABLES -P FORWARD ACCEPT > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -t nat -P PREROUTING ACCEPT > $IPTABLES -t nat -P POSTROUTING ACCEPT > $IPTABLES -t nat -P OUTPUT ACCEPT > > > ################################################################## > ########## > #### > # initialiseren van de kernel > > ## Enable IP forwarding > echo 1 > /proc/sys/net/ipv4/ip_forward > > > ################################################################## > ########## > #### > # masquerade > > ## Alles met afkomst van of bestemming lokale netwerk heeft forwarden > $IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE > $IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s $LAN > -d ! $LAN -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i > $EXTERNAL_INTERFACE -d $LAN -s ! $LAN -j ACCEPT > > ################################################################## > ########## > ##### Tweede IPnr > #$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE > #$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o > $EXTERNAL_INTERFACE2 -s $LAN > -d ! $LAN -j ACCEPT #$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i > $EXTERNAL_INTERFACE2 -d $LAN -s ! $LAN -j ACCEPT #$IPTABLES -A INPUT -i > $EXTERNAL_INTERFACE_2 -j ACCEPT #$IPTABLES -A OUTPUT -o > $EXTERNAL_INTERFACE_2 -j ACCEPT > > ################################################################## > ########## > #### > # riskante servers afsluiten > > ## telnet afsluiten voor de buitenwereld > $IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j > DROP # #$IPTABLES -L > > If my ipadresses working properly then I want to extend the firewallscript > to a normal working firewall (in the mean time I have updated my swiss > cheese to a normal functional firewall). > > I hope somebody can help me out here and tell me how to (I think > Postrouting > or so) my 3 adresses. If there is somebody interested I have put a lot of > information on a webpages and publised it on the first ipadres: > http://gandalf.xs4all.nl/Suse.html > > So please help! Greetings, Nico Berg > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
