Multi IP addresses on one NIC question

Multi IP addresses on one NIC question

Post by Stormie Nelso » Tue, 09 Feb 1999 04:00:00



Howdy from Texas -

I am trying to set up a masquerading firewall.  I have done this before
with no real problems, but I am doing something a little weird at a
customer's request.  It has a legal address assigned by the ISP, and
they want me to assign a private address for ipmasq to the same NIC, so
the same physical interface is configured for the public and the private
network.

In rc.inet1 I am doing

/sbin/ifconfig eth0 201.20.99.2 broadcast 201.20.99.255 netmask
255.255.255.0
/sbin/ifconfig eth0:0 192.168.200.1 broadcast 192.168.200.255 netmask
255.255.255.0
 /sbin/route add default gw 201.20.99.1 netmask 0.0.0.0 metric 1
 /sbin/route add -net 192.168.200.0 gw 192.168.200.1

In a file I created called rc.masq I am doing

/sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_cuseeme.o
/sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_ftp.o
/sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_irc.o
/sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_quake.o
/sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_raudio.o
/sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_vdolive.o
/sbin/ipfwadm -F -p accept
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
/sbin/ipfwadm -F -a m -S 192.168.200.0/24 -D 0.0.0.0/0

I know, I have not yet locked down the firewalling portion, I just want
to get connectivity squared away before I start shutting services down.

I am getting kind of weird results, like _intermittent_ ability to get
out to the Internet from within the private network, especially from
folks dialing in to the >cringe< WinNT RAS server.

I am running Slackware 3.6, kernel 2.0.36, and an Intel Ether Express
Pro 100b.  Is this just not a good thing to do, running two logical
networks on one physical interface?  I am starting to believe it is not,
but I was just looking for anyone who had any input.

If convenient, please respond via e-mail as well as post.

Thanks!

 
 
 

Multi IP addresses on one NIC question

Post by Matt Kresse » Tue, 09 Feb 1999 04:00:00



> Howdy from Texas -

> I am trying to set up a masquerading firewall.  I have done this before
> with no real problems, but I am doing something a little weird at a
> customer's request.  It has a legal address assigned by the ISP, and
> they want me to assign a private address for ipmasq to the same NIC, so
> the same physical interface is configured for the public and the private
> network.

> In rc.inet1 I am doing

> /sbin/ifconfig eth0 201.20.99.2 broadcast 201.20.99.255 netmask
> 255.255.255.0
> /sbin/ifconfig eth0:0 192.168.200.1 broadcast 192.168.200.255 netmask
> 255.255.255.0
>  /sbin/route add default gw 201.20.99.1 netmask 0.0.0.0 metric 1
>  /sbin/route add -net 192.168.200.0 gw 192.168.200.1

> In a file I created called rc.masq I am doing

> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_cuseeme.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_ftp.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_irc.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_quake.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_raudio.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_vdolive.o
> /sbin/ipfwadm -F -p accept
> /sbin/ipfwadm -F -f
> /sbin/ipfwadm -I -f
> /sbin/ipfwadm -O -f
> /sbin/ipfwadm -F -a m -S 192.168.200.0/24 -D 0.0.0.0/0

> I know, I have not yet locked down the firewalling portion, I just want
> to get connectivity squared away before I start shutting services down.

> I am getting kind of weird results, like _intermittent_ ability to get
> out to the Internet from within the private network, especially from
> folks dialing in to the >cringe< WinNT RAS server.

> I am running Slackware 3.6, kernel 2.0.36, and an Intel Ether Express
> Pro 100b.  Is this just not a good thing to do, running two logical
> networks on one physical interface?  I am starting to believe it is not,
> but I was just looking for anyone who had any input.

This is not a good idea since all packets will be put on the wires even
if you have the firewall in place!  Since they share the same interface,
for both networks, then both networks share the same data as well, not
good! Go spend $50 for another card and do it the right way: two cards,
two physical networks.  All packets MUST go through the box this way and
you have control over what you want to go through.

-Matt

--

+---------  Northrop Grumman Corporation, Bethpage, NY ---------+
+---------  TEL: (516) 346-9101 FAX: (516) 346-9740 ------------+

 
 
 

Multi IP addresses on one NIC question

Post by Donge » Wed, 10 Feb 1999 04:00:00


I am also a little miffed by this install.  You are saying they have 1 NIC,
and that is it and want to do IP masq.

I agree with previous.  Get another NIC, set it up the correct way.  Even
better, get a third NIC, will throw hackers off from the outside...

Keith

 
 
 

Multi IP addresses on one NIC question

Post by tongk » Thu, 11 Feb 1999 04:00:00


I did it using the config as below, using one nic with 1 valid ip address
and 2 privite ip.

my rc.local with lines :

# Setting up IP alias interfaces.
echo "Setting up 192.168.10.1 IP Aliases ... "
/sbin/ifconfig eth0:0 192.168.10.1 netmask 255.255.255.0 up
/sbin/ifconfig eth0:1 192.168.20.1 netmask 255.255.255.0 up
#
# Setting up IP routes
echo "Setting up IP routes ..."
/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 eth0:0
/sbin/route add -net 192.168.20.0 netmask 255.255.255.0 eth0:1
# Loading modules
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp.o
#
# Setting up IP Masquerade
echo "Setting IP Masquerade ..."
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.10.0/24 -D 0.0.0.0/0
ipfwadm -F -a m -S 192.168.20.0/24 -D 0.0.0.0/0

and my network report the status as :

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0 coll:0

eth0      Link encap:Ethernet  HWaddr 00:60:8C:C8:C0:A6
          inet addr:192.168.133.155  Bcast:192.168.133.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1040584 errors:0 dropped:0 overruns:0 frame:0
          TX packets:440875 errors:0 dropped:0 overruns:0 carrier:0
coll:2116
          Interrupt:10 Base address:0x330

eth0:0    Link encap:Ethernet  HWaddr 00:60:8C:C8:C0:A6
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
          UP RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

eth0:1    Link encap:Ethernet  HWaddr 00:60:8C:C8:C0:A6
          inet addr:192.168.20.1  Bcast:192.168.20.255  Mask:255.255.255.0
          UP RUNNING  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

the system work fine on a 486-100 16M RAM linux box with slackware 3.5,
kernel 2.0.36.


> Howdy from Texas -

> I am trying to set up a masquerading firewall.  I have done this before
> with no real problems, but I am doing something a little weird at a
> customer's request.  It has a legal address assigned by the ISP, and
> they want me to assign a private address for ipmasq to the same NIC, so
> the same physical interface is configured for the public and the private
> network.

> In rc.inet1 I am doing

> /sbin/ifconfig eth0 201.20.99.2 broadcast 201.20.99.255 netmask
> 255.255.255.0
> /sbin/ifconfig eth0:0 192.168.200.1 broadcast 192.168.200.255 netmask
> 255.255.255.0
>  /sbin/route add default gw 201.20.99.1 netmask 0.0.0.0 metric 1
>  /sbin/route add -net 192.168.200.0 gw 192.168.200.1

> In a file I created called rc.masq I am doing

> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_cuseeme.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_ftp.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_irc.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_quake.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_raudio.o
> /sbin/modprobe /lib/modules/2.0.36/ipv4/ip_masq_vdolive.o
> /sbin/ipfwadm -F -p accept
> /sbin/ipfwadm -F -f
> /sbin/ipfwadm -I -f
> /sbin/ipfwadm -O -f
> /sbin/ipfwadm -F -a m -S 192.168.200.0/24 -D 0.0.0.0/0

> I know, I have not yet locked down the firewalling portion, I just want
> to get connectivity squared away before I start shutting services down.

> I am getting kind of weird results, like _intermittent_ ability to get
> out to the Internet from within the private network, especially from
> folks dialing in to the >cringe< WinNT RAS server.

> I am running Slackware 3.6, kernel 2.0.36, and an Intel Ether Express
> Pro 100b.  Is this just not a good thing to do, running two logical
> networks on one physical interface?  I am starting to believe it is not,
> but I was just looking for anyone who had any input.

> If convenient, please respond via e-mail as well as post.

> Thanks!

 
 
 

Multi IP addresses on one NIC question

Post by James Kno » Wed, 17 Feb 1999 04:00:00




>I am also a little miffed by this install.  You are saying they have 1 NIC,
>and that is it and want to do IP masq.

>I agree with previous.  Get another NIC, set it up the correct way.  Even
>better, get a third NIC, will throw hackers off from the outside...

Why the third NIC?

--

_________________________________________________________________________
The above opinions are my own and not those of ISM Corp., a subsidiary of
IBM Canada Ltd.

 
 
 

Multi IP addresses on one NIC question

Post by Miguel Cr » Thu, 18 Feb 1999 04:00:00



Quote:> I am trying to set up a masquerading firewall.  I have done this before
> with no real problems, but I am doing something a little weird at a
> customer's request.  It has a legal address assigned by the ISP, and they
> want me to assign a private address for ipmasq to the same NIC, so the
> same physical interface is configured for the public and the private
> network.

Your customer is being stupid. Spend the $15 and get a second ethernet card.

miguel

 
 
 

1. How to bind multi IP addresses in to one NIC?

I would like to bind multiple IP addresses in one network interface
card.
eg.

ifconfig_eth0="inet 192.168.1.1  netmask 255.255.255.0"
ifconfig_eth0="inet 192.168.1.2  netmask 255.255.255.0"
ifconfig_eth0="inet 192.168.1.3  netmask 255.255.255.0"
            .
            .
            .
ifconfig_eth0="inet 192.168.1.225  netmask 255.255.255.0"

Can I write these intructions in the /etc/rc.conf file? If I want to
create hostname for these IP addresses, should I create the CNAME in my
dns setup files?

Thanks
Sam.

2. My 'kpackage' won't work anymore.. Need Help

3. What IP addresses for multi-NIC bridge?

4. RedHat 7.0 -IPTABLES

5. How can i bind two NICs to one IP address for load balance?

6. Setting up a lan with Win98 and Linux

7. Two IP addresses on one NIC

8. luupgrade, adding locale

9. How to bind more that one IP address to NIC

10. Two ip addresses on one NIC

11. How do I add a secondary IP address to my one NIC?

12. Can one NIC have two IP address??

13. Two IP addresses on one NIC?