> -----Oorspronkelijk bericht-----
> Van: lartc-admin@mailman.ds9a.nl
> [mailto:lartc-admin@mailman.ds9a.nl]Namens niels@wxn.nl
> Verzonden: vrijdag 30 augustus 2002 11:23
> Aan: nberg@gandalf.xs4all.nl; lartc@mailman.ds9a.nl
> Onderwerp: RE: [LARTC] 4 ipadresses only one working
>
>
> Try to run /sbin/ifconfig... It show''s the IP adresses your
interfaces
> have... has your interface all those 4 adresses? I think not...
Yes I do have all the 4 adresses!!!!!
>
> If not you should "add" those IP adresses to the interface
>
> Try something like this:
>
> #ip addr add 213.84.46.145/24 dev ppp+ broadcast 213.84.46.255
This doesn''t work, I still can not ping to this adress from another
server!
I am new to this kind of stuff and I don''t know shit about it, so
excuse me
if I do not understand why it doesn''t work this way, it looked good.
Greetings, Nico Berg
>
> After that you should proxy-ARP or SNAT them to another machine on the
> internal network (or better DMZ) because I don''t see the advantage
of
> running more than one IP adress on the linux box itself
>
>
> -----Original Message-----
> From: Nico Berg [mailto:nberg@gandalf.xs4all.nl]
> Sent: 30 August 2002 10:33
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] 4 ipadresses only one working
>
>
> Dear listreaders,
> This is about my last hope! I''m new to this list.
> Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl
> connection and can loggin 4 times. Every time I loggin at my ISP I get an
> ipadres. So I own 4 ipadresses. Only this first adress is working.
>
> The other 3 are connected, can do a tcpdump and see reaction''s
> only the one
> who is pinging doesn''t get an reaction. So, apperently the machine
doesn''t
> react to this ipadresses because they are not in the system or
> so???? I put
> in a piece tcpdump.
>
> tcpdump: listening on ppp1
> 14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
>
> Reaction from the ping adres
> PING 213.84.46.145 (213.84.46.145): 56 data bytes
> ^C
> --- 213.84.46.145 ping statistics ---
> 7 packets transmitted, 0 packets received, 100% packet loss
>
> I can ping from my intern network then it works normal with a normal
> reaction. I have a server (the machine discused above) and 4
> machine getting
> there internetaccess from the server with iptables.
>
> #!/bin/sh
>
> # Masquerading firewall (simpel)
> # 13 augustus 2001
> # Bart Geverts (bart@hakkefest.linux-site.net)
>
> # Een hele eenvoudige masquerading firewall waarmee het mogelijk
> om met het
> # hele achterliggende LAN het internet op te kunnen. Het
> ''firewall'' gedeelte
> # bestaat uit het afsluiten van een aantal poorten waarop
> relatief riskante
> # servers draaien. Alleen de variabelen moeten aan de omgeving worden
> aangepast.
>
>
> ##################################################################
> ##########
> ####
> # variabelen
>
> # waar iptables staat
> IPTABLES="/usr/sbin/iptables"
>
> # interfaces
> INTERNAL_INTERFACE="eth1" # interface waarmee gateway aan
lokale netwerk
> zit
> EXTERNAL_INTERFACE="ppp+" # interface waarmee gateway aan het
> internet zit
> #EXTERNAL_INTERFACE2="ppp1" # tweede ipnr
#EXTERNAL_INTERFACE3="ppp2" #
> derde #EXTERNAL_INTERFACE4="ppp3" # vierde
>
> # ipadressen / netwerken
> LAN="196.168.0.1/24" # lokale netwerk
>
> # ip nummers
> #IP_nr_1="213.84.46.144"
> #IP_nr_2="213.84.46.145"
> #IP_nr_3="213.84.46.146"
> #IP_nr_4="213.84.46.147"
>
>
> ##################################################################
> ##########
> ####
> # clean-up + init
>
> # flush en clear alle rules en zet de tellers op 0
> $IPTABLES -F
> $IPTABLES -X
> $IPTABLES -Z
> $IPTABLES -t nat -F
> $IPTABLES -t nat -X
> $IPTABLES -t nat -Z
>
> # set de default policies
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -P FORWARD ACCEPT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -t nat -P PREROUTING ACCEPT
> $IPTABLES -t nat -P POSTROUTING ACCEPT
> $IPTABLES -t nat -P OUTPUT ACCEPT
>
>
> ##################################################################
> ##########
> ####
> # initialiseren van de kernel
>
> ## Enable IP forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> ##################################################################
> ##########
> ####
> # masquerade
>
> ## Alles met afkomst van of bestemming lokale netwerk heeft forwarden
> $IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE
> $IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s $LAN
> -d ! $LAN -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i
> $EXTERNAL_INTERFACE -d $LAN -s ! $LAN -j ACCEPT
>
> ##################################################################
> ##########
> ##### Tweede IPnr
> #$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE
> #$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o
> $EXTERNAL_INTERFACE2 -s $LAN
> -d ! $LAN -j ACCEPT #$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i
> $EXTERNAL_INTERFACE2 -d $LAN -s ! $LAN -j ACCEPT #$IPTABLES -A INPUT -i
> $EXTERNAL_INTERFACE_2 -j ACCEPT #$IPTABLES -A OUTPUT -o
> $EXTERNAL_INTERFACE_2 -j ACCEPT
>
> ##################################################################
> ##########
> ####
> # riskante servers afsluiten
>
> ## telnet afsluiten voor de buitenwereld
> $IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j
> DROP # #$IPTABLES -L
>
> If my ipadresses working properly then I want to extend the firewallscript
> to a normal working firewall (in the mean time I have updated my swiss
> cheese to a normal functional firewall).
>
> I hope somebody can help me out here and tell me how to (I think
> Postrouting
> or so) my 3 adresses. If there is somebody interested I have put a lot of
> information on a webpages and publised it on the first ipadres:
> http://gandalf.xs4all.nl/Suse.html
>
> So please help! Greetings, Nico Berg
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/