Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Multiple Public IPs on Smoothwall GPL

  • 22-01-2003 6:54pm
    #1
    cgarvey
    Registered Users, Registered Users 2 Posts: 3,889 ✭✭✭


    I did search for similar posts but only found 23 "use smoothwall, its great" posts, so apologies if it has come up before...

    Now, anyone know how to get smoothwall gpl to accept incoming connections for more than the 1 ip its got assigned on its ppoe connection?

    I have DSL with a 29 bit subnet of routable IPs and the first host IP in that range is assigned to my ppp0 device.

    I can ping that IP fine externally, but when I ping the other host IPs, I get reject hits in my smoothwall logs (fair 'nough, as it knows nothing about these)... so can I add static routes (as the IPs are fixed anyway) and if so, how?

    As always, TIA,
    .cg


Comments

  • #2
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭Typedef


    In IPCop to specify a range of ips you type 192.168.0. into it's configuration section for port (n).

    The will allow all 192.168.0.x connections on port n.

    I'm not sure that's what you want to do though.


  • #3
    longword
    Closed Accounts Posts: 741 ✭✭✭longword


    I honestly don't know how that can work on an IP network level. The PPPoE connection will bring up a ppp0 device. AFAIK that can only have a netmask of 255.255.255.255 since it's intrinsically a point-to-point link from one IP address to one other IP address. You can't simply assign more addresses as IP aliases to that PPP interface, as you might with an ethernet device.

    I could understand if the PPPoE IP address was not part of the /29 - that would be easy. You'd just bring up your own local network, probably on eth1 or something, that uses that whole /29 subnet. Or perhaps it could be done with multiple PPPoE accounts. Each PPPoE session would get its own IP address and you'd have your first IP on ppp0, the second on ppp1...

    Maybe someone else has a deeper understanding of the IP issues involved and would like to fill us in?


  • #4
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭Typedef


    Now, anyone know how to get smoothwall gpl to accept incoming connections for more than the 1 ip its got assigned on its ppoe connection?

    Hold on a second now, unless your ISP is specifically masquerading the other 29 external static IPs, you will need a ppp interface for 'each' IP, otherwise there is no way your box can 'know' about those ips.

    So your 'only' option aside from nicely asking your ISP to masquerade all 29 ips to the first IP is to bring up a ppp interface for all external ips.

    From experience of IPCop, which is a smoothwall branch, you will have to configure that by hand, which believe me, you don't want to do, smoothwall isn't designed to be configured by hand, but, instead by it's web interface. Therefore each time you'd make a small change to your firewall you'd have to rewrite all of your changes 'by' hand, which is very, very naff.

    http://www.thelinuxreview.com/howto/IP-MASQ/x2201.htm

    You haven't a sniff of getting smoothwall to do that. I'd use Slackware, run rp_pppoe, and try running 29 instances of rp_pppoe, through the nic connected to the DSL interface, but, I don't expect that would work..... but it might.

    Essentially you might get lucky, I'd say the best place to ask is the ILUG.


  • #5
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭Typedef


    Right I've had a look at the router in work and here is what I think you should try.

    Install Slackware, Debian or the like.

    Have to NICs.

    Nic 0 --> Interface to your internal lan.

    Nic 1 --> Connects to your DSL line and has no IP assigned.

    Then run 29 instances of rp_pppoe over eth1, remembering to specify a 'new' ip for each instance of rp_pppoe.

    This should create ppp0 - ppp28, which is apparently what you want to do. Then you will have to roll your own firewalling rules, I'd guess.

    But let them eat cake.


  • #6
    cgarvey
    Registered Users, Registered Users 2 Posts: 3,889 ✭✭✭cgarvey


    I tried IPCop (and am still using it). While the "External Aliases" feature (allowing you to assign multiple IPs to your RED interface), it only works when the RED is static, which its not in my case, its PPPoE (as I have a dsl modem, not router.. ZyXel 645M).

    So the solution was to add the extra IPs in the External Aliases section of the web GUI, and then edit the /etc/ppp/ppp-on script to add IP aliases to the ppp0 interface (once it has been brought up of course)

    so adding ...
    (where ISP assigns me .17 of the 29 bit subnet, the further hosts being aliased. SNM for a 28 bit being 255.255.255.248)
    sleep 3;
system( "/sbin/ifconfig ppp0:0 x.x.x.18 netmask 255.255.255.248" );
system( "/sbin/ifconfig ppp0:1 x.x.x.19 netmask 255.255.255.248" );
system( "/sbin/ifconfig ppp0:2 x.x.x.20 netmask 255.255.255.248" );
system( "/sbin/ifconfig ppp0:3 x.x.x.21 netmask 255.255.255.248" );
system( "/sbin/ifconfig ppp0:4 x.x.x.22 netmask 255.255.255.248" );

    And now I can use the GUI to por forward, based on inbound IP, etc.. So thanks for the pointers..

    .cg


  • Advertisement
Advertisement