Thursday, May 2, 2024
Homepage · networking
 Popular · Latest · Hot · Upcoming
0
rated 0 times [  0] [ 0]  / answers: 1 / hits: 16426  / 1 Year ago, sun, december 18, 2022, 5:58:58

Hy to all: I have just installed Ubuntu Server 12.04.3 on a Sunfire X4100



This server has 4 ethernet port, my target is to use:




  • eth0 to connect to the modem and so to internet

  • eth1, eth2, eth3 to connect some switch and access point in order to create an internal lan, share resources, storage, printers, etc.



To achive this target I installed a dhcp server [apt-get install isc-dhcp-server] and used below configuration:



/etc/default/isc-dhcp-server

 INTERFACES="eth1 eth2 eth3"



/etc/network/interfaces

auto lo

  iface lo inet loopback



auto eth0

    iface eth0 inet static

    address 192.168.1.5

    netmask 255.255.255.0

    network 192.168.1.0

    gateway 192.168.1.1

    dns-nameservers 8.8.8.8 8.8.4.4



auto eth1

    iface eth1 inet static

    address 192.168.1.5

    netmaks 255.255.255.0

    network 192.168.1.0



auto eth2

    iface eth2 inet static

    address 192.168.1.5

    netmaks 255.255.255.0

    network 192.168.1.0



auto eth3

    iface eth3 inet static

    address 192.168.1.5

    netmaks 255.255.255.0

    network 192.168.1.0


my DHCP-Server configuration



/etc/dhcp/dhcpd.conf

default-lease-time 600;

max-lease-time 7200;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.1.255;

option routers 192.168.1.1;

option netbios-name-servers 192.168.1.1;

# Use Google public DNS

option domain-name-servers 8.8.8.8, 8.8.4.4;

option domain-name "mydomain.it";

# Define address range

subnet 192.168.2.0 netmask 255.255.255.0 {

   range 192.168.2.15 192.168.2.25;

}


The result is:




  • Server has the desired ip address and is capable to go on internet

  • Client machines receive the ip address from the DHCP but are not able
    to go over internet and/or either ping server or modem



Here-below ip ad result on the server:



1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:14:4f:20:20:9c brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.5/24 brd 192.168.1.255 scope global eth0

    inet6 fe80::214:4fff:fe20:209c/64 scope link 

       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:14:4f:20:20:9d brd ff:ff:ff:ff:ff:ff

    inet 192.168.2.5/32 scope global eth1

    inet6 fe80::214:4fff:fe20:209d/64 scope link 

       valid_lft forever preferred_lft forever

4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

    link/ether 00:14:4f:20:20:a2 brd ff:ff:ff:ff:ff:ff

    inet 192.168.3.5/32 scope global eth2

5: eth3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

    link/ether 00:14:4f:20:20:a3 brd ff:ff:ff:ff:ff:ff

    inet 192.168.4.5/32 scope global eth3

6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 

    link/ether 06:0d:62:1a:3c:c5 brd ff:ff:ff:ff:ff:ff

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0


here below ip r on the server:



 default via 192.168.1.1 dev eth0  metric 100 

169.254.0.0/16 dev eth3  scope link  metric 1000 

192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.2 

192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1


Here below a picture of the map:



Network Picture


More From » networking
 Answers
2

1) configure the networks



Apart from the DHCP-part (and the forwarding darent suggested) you need to configure your interfaces correctly.



In most cases each interface is in its own IP-network (I am giving example-addresses, you will have to adapt them).



Leave eth0 as it is.



auto eth1

  iface eth1 inet static

  address 192.168.2.5

  netmask 255.255.255.0

  network 192.168.2.0



auto eth2

  iface eth2 inet static

  address 192.168.3.5

  netmask 255.255.255.0

  network 192.168.3.0



auto eth3

  iface eth3 inet static

  address 192.168.4.5

  netmask 255.255.255.0

  network 192.168.4.0


If the DHCP server is running on the same machine you will have to configure it accordingly. Just for testing you can give one host on every subnet a static IP-address (for instance use 192.168.2.11 for one host connected to eth1)



After having configured IP-networks and IP-addresses correctly you will need to enable IP-forwarding with



sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"


(just for once to test success)



and by editing /etc/sysctl.conf and "activating" the line



net.ipv4.ip_forward=1


by removing the # at the beginning.



When that is done (every client should be able to ping the corresponding interface of your server)



2) activate NAT



(try it first for one subnet, I give the example for eth1 you have to adapt addresses for the other ones)



sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT

sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -t nat -F POSTROUTING

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


Now the clients on subnet 1 should be able to ping IP-addresses on the internet - but only till the next reboot of your server. If it works continue with eth2 and eth3 accordingly.



To make it permanent you need to save the current (working) configuration of netfilter rules



sudo iptables-save | sudo tee /etc/iptables-NAT.sav


and then create the following entry in /etc/rc.local to reload the same configuration on every reboot. Make sure that exit 0 is after your new entry



iptables-restore < /etc/iptables-NAT.sav


(no sudo needed here)



3) DHCP



The DHCP-Configuration is wrong. You must create different subnets for every interface and you must set an appropriate "gateway" (using option routers) for each subnet.



# for eth1 with 192.168.2.5 as local address

subnet 192.168.2.0 netmask 255.255.255.0 {

range 192.168.2.15 192.168.2.25;

option routers 192.168.2.5;

} 

# for eth2 with 192.168.3.5 as local address

subnet 192.168.3.0 netmask 255.255.255.0 {

range 192.168.3.15 192.168.3.25;

option routers 192.168.3.5;

} 

# for eth3 with 192.168.4.5 as local address

subnet 192.168.4.0 netmask 255.255.255.0 {

range 192.168.4.15 192.168.4.25;

option routers 192.168.4.5;

}


Now all clients should be able to reach IP-addresses outside your network, name-resolution will (probably) not be available yet.


[#27547] Monday, December 19, 2022, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
njuash
Add To Favorites
Follow
Total Points: 402
Total Questions: 125
Total Answers: 98
Location: Jersey
Member since Sun, Dec 4, 2022
1 Year ago
njuash questions
Wed, Jun 8, 22, 11:53, 2 Years ago
Wed, Nov 30, 22, 11:42, 1 Year ago
Mon, May 30, 22, 04:33, 2 Years ago
Mon, Apr 10, 23, 03:40, 1 Year ago
Mon, May 9, 22, 08:49, 2 Years ago
View All
;