• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1028
  • Last Modified:

How do I configure 2 class c's on the same CENTOS 5 server?

Hello,
I am trying to configure 2 class c's on the same server. I have setup the base ip, and the ifcfg-eth0-range0 file for the first class c, and it works fine. However, when I add a second file (ifcfg-eth0-range1) with the second class c, I get this issue:

error in ifcfg-eth0-range1: already seen device eth0:250 in ifcfg-eth0-range0

How do I make it so both of these will work?

Here is the range files:

<range0>
IPADDR_START=212.117.218.3
IPADDR_END=212.117.218.253
CLONENUM=10

<range1>
IPADDR_START=212.117.209.2
IPADDR_END=212.117.209.254
CLONENUM=300


Worth 500 points.

Thanks,
Rick
0
richardsimnett
Asked:
richardsimnett
  • 5
  • 4
  • 2
  • +1
2 Solutions
 
elf_binCommented:
I'd be interested in seeing your /etc/sysconfig/network-scripts/ifcfg-eth*
I would have thought you'd need your subnet mas in there, so the box "knows" that they are different networks.  Surely you only need to have something like:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
HWADDR=xx:xx:xx:xx:xx:xx
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=212.117.218.3
NETMASK=255.255.255.0
and then the same thing for eth1, only with it's own subnet mask.
(I always thought CLONENUM was CLONENUM_START=)

I might be missing the point mind.

0
 
maxchowCommented:
you have to put the 2 ranges of the network into 2 difference files: e.g.

/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth0:0

in the ifcfg-eth0 one you can put in:
DEVICE=eth0
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
HWADDR=xx:xx:xx:xx:xx:xx
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=212.117.218.3
NETMASK=255.255.255.0
GATEWAY=212.117.209.xxx

and in the ifcfg-eth0:0 one you can put in:
DEVICE=eth0:0
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
HWADDR=xx:xx:xx:xx:xx:xx
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=212.117.209.2
NETMASK=255.255.255.0
GATEWAY=212.117.209.xxx
0
 
MysidiaCommented:
I believe your original ifcfg-*-ranges are mostly ok.
It's just that the name is CLONENUM_START  to select
the first interface alias name to use for the range,
not CLONENUM.

/etc/sysconfig/network-scripts/ifcfg-eth0-range0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR_START="212.117.218.3"
IPADDR_END="212.117.218.253"
CLONENUM_START="10"
NETMASK="255.255.255.0"
USERCTL=no

/etc/sysconfig/network-scripts/ifcfg-eth0-range1
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR_START=212.117.209.2
IPADDR_END=212.117.209.254
CLONENUM_START="300"
NETMASK="255.255.255.0"
USERCTL=no



By the way  what point is there in assigning so many ips?
This in theory creates 502  ethernet alias interfaces......


There are possibly more scalable, less cluttered strategies like using IPTABLES
INPUT/PREROUTING DNAT rule locally or
a rule on an upstream router to NAT the entire class C to one ip,
so you don't have to list so many local interfaces, if you are doing something
simple...




0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
richardsimnettAuthor Commented:
Mysidia,
The reason for so many ips on one box is that I am working on a setting up standalone pc as a linux router, the idea being, that the public ips, mask to private ones, allowing us to filter ports on ips used by our customers. We will be using IPTABLES for these mappings, and chokes, but we had to get the ip ranges working first.

Thanks,
Rick
0
 
maxchowCommented:
If the purpose is being used the eth in this way, I think you need to use the ethernet-bridge feature, for detail, please tell how you are going to connect the networks.
0
 
richardsimnettAuthor Commented:
oh we arent connecting them, we are simply performing a proxy like pass through, a request to port 80 for instance comes in from the internet, the port is allowed, so the packet is routed to a predetermined local area address (ie 212.116.209.2 -> 192.168.0.1 on port 80). But lets say a request goes out from 192.168.9.1 on port 25, because we choke port 25, the request will be refused.
0
 
maxchowCommented:
So that are you working a reversed proxy to your web servers?
0
 
richardsimnettAuthor Commented:
yes
0
 
maxchowCommented:
Richard,

To setup a reversed proxy, you may also need squid. Are you clear with what you want to do?
0
 
richardsimnettAuthor Commented:
Yes. I already have squid installed, and iptables to do the choking of ports. I've got it all under control.

Thanks for all the help!
0
 
MysidiaCommented:
What I might suggest is...

edit /etc/sysctl.conf  
add this line (to turn on ip forwarding)

net.ipv4.ip_forward = 1

run   sysctl -p

setup the NAT rules using the postrouting table, for example
Where  eth0 is your external interface, eth1 is your internal interface;
eth0 has a public ip assigned outside the mapped range --

and you have a static route on the Linux box
# ip route add 192.168.33.0/24  dev eth1

# iptables -t nat  -i eth0 -I PREROUTING  -d 212.117.218.0/24 -j NETMAP --to 192.168.33.0/24
# iptables -t nat  -o eth1 -I POSTROUTING  -s 192.168.33.0/24 -j NETMAP --to 212.117.218.0/24


Then instead of having Linux listen on all those ips itself; have it route those ips.

Tell  the local upstream router to route those public ips to a separate IP of the Linux box (outside the mapped ranges)

Or run Quagga, gated, or some other routing daemon on the Linux box, according to the design of your network  (and advertise the ranges you are mapping)


This is more difficult to setup,  however...
consider the fact you want to add a few more /24s to map later?

You could have thousands of eth0:XXX   ip aliases with the approach
of just adding all the ips to the Linux box


0
 
richardsimnettAuthor Commented:
Mysidia,
Wow! thats a nice approach to this problem. Simple, elegant, am I correct in assuming I can add the same port restrictions using iptables on those routes?

Thanks,
Rick
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now