Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th December 2007, 14:28
dimas dimas is offline
Senior Member
 
Join Date: Jul 2006
Posts: 125
Thanks: 7
Thanked 27 Times in 8 Posts
Default external IPs & routing in Debian Etch

I'm an old and faithful user of ispconfig, and I've also changed a number of ISPs over the years - and I've never come across anything that wasn't pretty simple and straight-forward to configure.

My new ISP, however, is something that I can't talk about without using swear words. It's tech support is virtually nonexistent. Oh yes, they can answer simple questions about configuring an Internet connection on a windows computer, but if the question is slightly off the beaten track, they are stumped. They have just one administrator (who presumably is the only person responsible for the whole setup), but he's almost like a mythical being that simply can't be reached. He's the kind of person that "has just come out" or "is not available today" whenever I call. I've tried to catch him for three days, without luck.

I'm writing this here with just one purpose - to explain why I can't get support from my ISP and why I have to ask for your advice here.

Well, here is the problem.

Understandably, I need external IPs for my ISPConfig server, so I ordered a sub-net of 16 external IPs from my ISP. At the time I thought that I would be able to simply make aliases in /etc/network/interfaces (I'm using Debian Etch & Perfect Setup), like this:

auto eth0
iface eth0 inet static
address xxx
netmask xxx
gateway xxx

auto eth0:0
iface eth0:0 inet static
address xxx
netmask xxx
gateway xxx

No way, my new ISP has a very strange system of providing external IP addresses.

They say that I need a separate router computer with two network cards. The first card should have IP xxx.yyy.239.50 with netmask 255.255.255.252 & gateway xxx.yyy.239.49. This is the card where I need to plug in the network cable from the ISP. Then I need to connect the second network card to a switch and only then I'll able to connect my computer (or computers) to this switch. The given range of addresses for my computers was xxx.yyy.237.48 - xxx.yyy.237.63 with netmask 255.255.255.240.

Well, that's it. No more information. So I need your help to configure the router computer.

Here's my current interfaces file for the router computer:

-----------------------------------
auto lo
iface lo inet loopback

# This is where the ISP cable goes:
auto eth0
iface eth0 inet static
address xxx.yyy.239.50
netmask 255.255.255.252
gateway xxx.yyy.239.49

# To the switch:
auto eth1
iface eth1 inet static
address xxx.yyy.237.49
netmask 255.255.255.240
-----------------------------------

And here is the configuration of an ispconfig server plugged to a switch (with just one IP at the moment):

-----------------------------------
auto lo
iface lo inet loopback

# From the switch:
auto eth0
iface eth0 inet static
address xxx.yyy.237.50
netmask 255.255.255.240
gateway xxx.yyy.237.49
-----------------------------------

Of course, it doesn't work because as I understand I need to configure eth0 of the router computer to route traffic bound for the IPs in the range xxx.yyy.237.48 - xxx.yyy.237.63 to eth1 of the router computer and then to the switch. And I don't know how to do it.

Any help will be highly appreciated!

Last edited by dimas; 25th December 2007 at 14:37.
Reply With Quote
Sponsored Links
  #2  
Old 25th December 2007, 17:07
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,263
Thanks: 216
Thanked 649 Times in 295 Posts
Default

Whell, the setup which your ISP advices, sounds rather weird to me.
In my opinion, what you descibed (adding extra lines to /etc/network/interfaces) is correct. And of course you must add the additional IP-addresses within ISPConfig as well under Management > Server > Settings > IP-list.
__________________
Hans

MrHostman | Managed Hosting
Reply With Quote
  #3  
Old 25th December 2007, 17:40
dimas dimas is offline
Senior Member
 
Join Date: Jul 2006
Posts: 125
Thanks: 7
Thanked 27 Times in 8 Posts
Default

Yes, it is definitely a weird setup... But according to the ISP, the only one which is possible with them. I'm still unsuccessfully trying to get in touch with their administrator...

Merry Christmas to you!
Reply With Quote
  #4  
Old 26th December 2007, 10:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by dimas
And here is the configuration of an ispconfig server plugged to a switch (with just one IP at the moment):

-----------------------------------
auto lo
iface lo inet loopback

# From the switch:
auto eth0
iface eth0 inet static
address xxx.yyy.237.50
netmask 255.255.255.240
gateway xxx.yyy.237.49
-----------------------------------

Of course, it doesn't work because as I understand I need to configure eth0 of the router computer to route traffic bound for the IPs in the range xxx.yyy.237.48 - xxx.yyy.237.63 to eth1 of the router computer and then to the switch. And I don't know how to do it.

Any help will be highly appreciated!
Can you try and add this line:
Code:
up route add -net xxx.yyy.237.48 netmask 255.255.255.240 gw xxx.yyy.237.49 eth0
at the end of the file and restart the network?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 5th January 2008, 15:22
dimas dimas is offline
Senior Member
 
Join Date: Jul 2006
Posts: 125
Thanks: 7
Thanked 27 Times in 8 Posts
Default

Dear Falko, thank you very much for your suggestion, now from eth1 of the router-computer I can ping the whole world, like this:

ping -I eth1 216.109.112.135

that's yahoo.com

to achieve this, I added this line at the end of the router-computer 'interfaces' file:
up route add -net xxx.yyy.237.48 netmask 255.255.255.240 gw xxx.yyy.237.49 eth1

(the only change from your suggestion was to write eth1 instead of eth0, it also works if eth1 is not there at all)

now, however, there is a question how to share this connection with the ISPConfig server (or any other computer attached to the switch, for that matter).

I have a shell script that is used for sharing an Internet connection that should be run on a router computer (well, I actually found this script on the Internet, my ISP is still not helpful at all). BUT - it uses NAT. And my ISP can only say that the connection sharing should NOT use NAT (by the way, that's the reason I can't use a regular router - NAT can't be turned off on the router that I have).

So I guess that in order for everything to function I need to 'exclude' NAT from the following script:

------------------------------------
#!/bin/sh

echo -e "\n\nSETTING UP IPTABLES PROXY..."

INTIF="eth1"
EXTIF="eth0"
EXTIP="xxx.yyy.239.50"

echo "Loading required stateful/NAT kernel modules..."

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

echo " Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo " External interface: $EXTIF"
echo " External interface IP address is: $EXTIP"

echo " Loading proxy server rules..."

iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e " Proxy server rule loading complete\n\n"
------------------------------------

I tried commenting out a few lines in this script and finally got a connection on a second computer - but it was mostly a wild goose chase because I'm not completely sure what relates to NAT in the script and what is not.

So if you could spare me a little of your time I would highly appreciate your advice about what is to be left out (or maybe added) to this script.

As a result I hope to be able to configure the ISPConfig server with all the external IPs, from xxx.yyy.237.50 to xxx.yyy.237.63

Thank you!

Last edited by dimas; 5th January 2008 at 15:25.
Reply With Quote
  #6  
Old 6th January 2008, 12:17
dimas dimas is offline
Senior Member
 
Join Date: Jul 2006
Posts: 125
Thanks: 7
Thanked 27 Times in 8 Posts
 
Default

Well, I have finally made it work. Everything works if the script looks like ths (it works even without the 'up route' command I spoke about earlier):

------------------------------------
#!/bin/sh

INTIF="eth1"
EXTIF="eth0"
EXTIP="xxx.yyy.239.50"

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD

iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

------------------------------------

There is one interesting thing, however. It so happened that the router computer I was using was also an ISPConfig server. Well, I tried the following setup and pulled all the cables except for the one coming from the ISP:
-----------------------------------
auto lo
iface lo inet loopback

# This is where the ISP cable goes:
auto eth0
iface eth0 inet static
address xxx.yyy.239.50
netmask 255.255.255.252
gateway xxx.yyy.239.49

# Leading nowhere now:
auto eth1
iface eth1 inet static
address xxx.yyy.237.49
netmask 255.255.255.240

auto eth1:0
iface eth1:0 inet static
address xxx.yyy.237.50
netmask 255.255.255.240

auto eth1:1
iface eth1:1 inet static
address xxx.yyy.237.51
netmask 255.255.255.240
...
etc for the rest of the IPs
-----------------------------------

Then I tried to add some sites via ISPConfig - and I found out that all the IPs xxx.yyy.237.49 - xxx.yyy.237.62 were accessible from the outside, and the sites worked! What's more, they worked even without the shell script displayed at the beginning of this post!

Now, however, there is another problem. There is no outbound Internet on the server. It's because the connection with a gateway is eth0, and I can't even ping anything with it, but I can ping everything with eth1, eth1:0 etc - but eth1, eth1:0 etc have no gateway!

I really wonder if it's possible to make a connection without gateway a default Internet connection

Of course my idea behind this is to get rid of the switch and make the whole setup work on one computer.

I'm also thinking about another option - what if I insert a THIRD network adapter in the router computer and then it would receive Internet via eth1 and then switch? Will it work?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 02:39
Installing Debian Etch From a Windows System - Error bluegrass Installation/Configuration 2 24th October 2007 08:28
Multible ip's on debian etch bernholdt Installation/Configuration 1 23rd June 2007 19:05
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 01:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 00:47.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.