2 IPs -> NAT -> Webserver

Kumado · 10-29-2003, 08:55 PM

I posted before, but not got much close to work with yet. I have 3 live IPs I can use. I want all 3 IPs for use. One is for the NAT it'self ( did not seem to want to work unless it was live ). I want 1 to be for 3w.XXXX.### and the other for 3w.YYYY.### I am sure this can be done thru ONE NIC with Aliasing.
I typed in:
ifconfig eth0:0 second IP (3w.XXXX.###)

when I type ifconfig, it shows up in the list and I can ping both the IP on eth0 and eth0:0.

I type in:
route add -host (internal-webserver IP) eth0:0

I also cannot see the second IP from outside however

when I type in route, one entry is:

eth0 dest (internal-webserver IP) gw * flag UH

at this point though, I can no longer ping or view the webserver.

I used the Suse firewall set up. ( I have to look at this more when I go back to school, thought of it on my way home ) I do not think there is a rc.firewall file, but has to be some rule that Suse sets up. You have to turn on the firewall to get the NAT to work.
Is this what is stopping me from seeing the second IP and seeing the webserver?

Would I be wise to find the Susefirewall and edit it ( or copy and paste it to a rc.firewall file and edit it since the GUI does not include setting up eth0:0 )

To make all this last thru a reboot then, what file should I put either my changes in or a script that it should run on start up?

I need to set the same kind of thing on the webserver as right now I go to a shell and type apachectl start to get it running.

I do not mind the expense really of putting in a 3rd NIC( don't like the thoughts of running a second Cat6 to the server ) but do I then have to put in a 4th nic for the 3rd IP? Alias I am told does work, I am missing something though.
If you can help, THANKS! If I figure it out, I will post what I did to do it. ( I have gotten signed up for a server side Linux class for next week, just want it working now, be a more educated newbie then

Thanks for any input.

Robert0380 · 10-29-2003, 11:31 PM

about adding all these NICS. If the IPs are all on the same subnet (which they probably are), just throw in a switch. Extra NICS would be good if you have several different networks and was using your box as a router. With a switch, you just connect the computer to the uplink port and the computers to the other ports on the switch. (i think uplink-to-computer requires a crossover cable but i dont remember).

Lonnie · 10-30-2003, 08:34 AM

i am having the same problem so i could use any advice to.

Kumado · 10-31-2003, 09:32 PM

If can at least get this much up first,

There is no good reason to put in a second nic, and a few reasons not to. I can use ifconfig to add eth0:0 and it shows up. I can ping it on the NAT box it'self.
I can use YAST to set it up and I can ping it on that box.

What am I missing that will not let another machine outside the network ( I know it cannot be seen from the inside ) from pinging it?

I am assuming it is the firewall.

If I use Suse's firewall, it will only setup one device, either eth0 or eth0:0, I am still not able to see eth0:0 when it is the one alone.

I am wondering if I were to copy the contents of SuSEfirewall2 to a new file ( called rc.firewall?, Is that the standard file name? ) and add the device and the destination path for that device would fix the problem. Also, how do you put rc.firewall in place?

Thanks

Linux is too cool not to have a little more direct information for