Solved

How do I configure 2 class c's on the same CENTOS 5 server?

Posted on 2008-10-05
12
961 Views
Last Modified: 2013-12-16
Hello,
I am trying to configure 2 class c's on the same server. I have setup the base ip, and the ifcfg-eth0-range0 file for the first class c, and it works fine. However, when I add a second file (ifcfg-eth0-range1) with the second class c, I get this issue:

error in ifcfg-eth0-range1: already seen device eth0:250 in ifcfg-eth0-range0

How do I make it so both of these will work?

Here is the range files:

<range0>
IPADDR_START=212.117.218.3
IPADDR_END=212.117.218.253
CLONENUM=10

<range1>
IPADDR_START=212.117.209.2
IPADDR_END=212.117.209.254
CLONENUM=300


Worth 500 points.

Thanks,
Rick
0
Comment
Question by:richardsimnett
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 10

Accepted Solution

by:
elf_bin earned 250 total points
ID: 22648191
I'd be interested in seeing your /etc/sysconfig/network-scripts/ifcfg-eth*
I would have thought you'd need your subnet mas in there, so the box "knows" that they are different networks.  Surely you only need to have something like:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
HWADDR=xx:xx:xx:xx:xx:xx
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=212.117.218.3
NETMASK=255.255.255.0
and then the same thing for eth1, only with it's own subnet mask.
(I always thought CLONENUM was CLONENUM_START=)

I might be missing the point mind.

0
 
LVL 3

Assisted Solution

by:maxchow
maxchow earned 250 total points
ID: 22648520
you have to put the 2 ranges of the network into 2 difference files: e.g.

/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth0:0

in the ifcfg-eth0 one you can put in:
DEVICE=eth0
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
HWADDR=xx:xx:xx:xx:xx:xx
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=212.117.218.3
NETMASK=255.255.255.0
GATEWAY=212.117.209.xxx

and in the ifcfg-eth0:0 one you can put in:
DEVICE=eth0:0
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
HWADDR=xx:xx:xx:xx:xx:xx
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=212.117.209.2
NETMASK=255.255.255.0
GATEWAY=212.117.209.xxx
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22656400
I believe your original ifcfg-*-ranges are mostly ok.
It's just that the name is CLONENUM_START  to select
the first interface alias name to use for the range,
not CLONENUM.

/etc/sysconfig/network-scripts/ifcfg-eth0-range0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR_START="212.117.218.3"
IPADDR_END="212.117.218.253"
CLONENUM_START="10"
NETMASK="255.255.255.0"
USERCTL=no

/etc/sysconfig/network-scripts/ifcfg-eth0-range1
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR_START=212.117.209.2
IPADDR_END=212.117.209.254
CLONENUM_START="300"
NETMASK="255.255.255.0"
USERCTL=no



By the way  what point is there in assigning so many ips?
This in theory creates 502  ethernet alias interfaces......


There are possibly more scalable, less cluttered strategies like using IPTABLES
INPUT/PREROUTING DNAT rule locally or
a rule on an upstream router to NAT the entire class C to one ip,
so you don't have to list so many local interfaces, if you are doing something
simple...




0
 

Author Comment

by:richardsimnett
ID: 22664751
Mysidia,
The reason for so many ips on one box is that I am working on a setting up standalone pc as a linux router, the idea being, that the public ips, mask to private ones, allowing us to filter ports on ips used by our customers. We will be using IPTABLES for these mappings, and chokes, but we had to get the ip ranges working first.

Thanks,
Rick
0
 
LVL 3

Expert Comment

by:maxchow
ID: 22664936
If the purpose is being used the eth in this way, I think you need to use the ethernet-bridge feature, for detail, please tell how you are going to connect the networks.
0
 

Author Comment

by:richardsimnett
ID: 22665015
oh we arent connecting them, we are simply performing a proxy like pass through, a request to port 80 for instance comes in from the internet, the port is allowed, so the packet is routed to a predetermined local area address (ie 212.116.209.2 -> 192.168.0.1 on port 80). But lets say a request goes out from 192.168.9.1 on port 25, because we choke port 25, the request will be refused.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 3

Expert Comment

by:maxchow
ID: 22665213
So that are you working a reversed proxy to your web servers?
0
 

Author Comment

by:richardsimnett
ID: 22665410
yes
0
 
LVL 3

Expert Comment

by:maxchow
ID: 22665724
Richard,

To setup a reversed proxy, you may also need squid. Are you clear with what you want to do?
0
 

Author Comment

by:richardsimnett
ID: 22666262
Yes. I already have squid installed, and iptables to do the choking of ports. I've got it all under control.

Thanks for all the help!
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22668457
What I might suggest is...

edit /etc/sysctl.conf  
add this line (to turn on ip forwarding)

net.ipv4.ip_forward = 1

run   sysctl -p

setup the NAT rules using the postrouting table, for example
Where  eth0 is your external interface, eth1 is your internal interface;
eth0 has a public ip assigned outside the mapped range --

and you have a static route on the Linux box
# ip route add 192.168.33.0/24  dev eth1

# iptables -t nat  -i eth0 -I PREROUTING  -d 212.117.218.0/24 -j NETMAP --to 192.168.33.0/24
# iptables -t nat  -o eth1 -I POSTROUTING  -s 192.168.33.0/24 -j NETMAP --to 212.117.218.0/24


Then instead of having Linux listen on all those ips itself; have it route those ips.

Tell  the local upstream router to route those public ips to a separate IP of the Linux box (outside the mapped ranges)

Or run Quagga, gated, or some other routing daemon on the Linux box, according to the design of your network  (and advertise the ranges you are mapping)


This is more difficult to setup,  however...
consider the fact you want to add a few more /24s to map later?

You could have thousands of eth0:XXX   ip aliases with the approach
of just adding all the ips to the Linux box


0
 

Author Comment

by:richardsimnett
ID: 22671242
Mysidia,
Wow! thats a nice approach to this problem. Simple, elegant, am I correct in assuming I can add the same port restrictions using iptables on those routes?

Thanks,
Rick
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now