[LARTC] 4 ipadresses only one working

[LARTC] 4 ipadresses only one working

[Nico Berg]

Dear listreaders,
This is about my last hope! I'm new to this list.
Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl
connection and can loggin 4 times. Every time I loggin at my ISP I get an
ipadres. So I own 4 ipadresses. Only this first adress is working.

The other 3 are connected, can do a tcpdump and see reaction's only the one
who is pinging doesn't get an reaction. So, apperently the machine doesn't
react to this ipadresses because they are not in the system or so???? I put
in a piece tcpdump.

tcpdump: listening on ppp1
14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request

Reaction from the ping adres
PING 213.84.46.145 (213.84.46.145): 56 data bytes
^C
--- 213.84.46.145 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss

I can ping from my intern network then it works normal with a normal
reaction. I have a server (the machine discused above) and 4 machine getting
there internetaccess from the server with iptables.

#!/bin/sh

# Masquerading firewall (simpel)
# 13 augustus 2001
# Bart Geverts (bart@hakkefest.linux-site.net)

# Een hele eenvoudige masquerading firewall waarmee het mogelijk om met het
# hele achterliggende LAN het internet op te kunnen. Het 'firewall' gedeelte
# bestaat uit het afsluiten van een aantal poorten waarop relatief riskante
# servers draaien. Alleen de variabelen moeten aan de omgeving worden
aangepast.


############################################################################
####
# variabelen

# waar iptables staat
IPTABLES="/usr/sbin/iptables"

# interfaces
INTERNAL_INTERFACE="eth1"   # interface waarmee gateway aan lokale netwerk
zit
EXTERNAL_INTERFACE="ppp+"   # interface waarmee gateway aan het internet zit
#EXTERNAL_INTERFACE2="ppp1" # tweede ipnr
#EXTERNAL_INTERFACE3="ppp2" # derde
#EXTERNAL_INTERFACE4="ppp3" # vierde

# ipadressen / netwerken
LAN="196.168.0.1/24"        # lokale netwerk

# ip nummers
#IP_nr_1="213.84.46.144"
#IP_nr_2="213.84.46.145"
#IP_nr_3="213.84.46.146"
#IP_nr_4="213.84.46.147"


############################################################################
####
# clean-up + init

# flush en clear alle rules en zet de tellers op 0
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t nat -Z

# set de default policies
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT


############################################################################
####
# initialiseren van de kernel

## Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


############################################################################
####
# masquerade

## Alles met afkomst van of bestemming lokale netwerk heeft forwarden
$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE
$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s
$LAN -d ! $LAN -j ACCEPT
$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE -d
$LAN -s ! $LAN -j ACCEPT

############################################################################
##### Tweede IPnr
#$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE
#$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE2 -s
$LAN -d ! $LAN -j ACCEPT
#$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE2 -d
$LAN -s ! $LAN -j ACCEPT
#$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE_2 -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE_2 -j ACCEPT

############################################################################
####
# riskante servers afsluiten

## telnet afsluiten voor de buitenwereld
$IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j
DROP
#
#$IPTABLES -L

If my ipadresses working properly then I want to extend the firewallscript
to a normal working firewall (in the mean time I have updated my swiss
cheese to a normal functional firewall).

I hope somebody can help me out here and tell me how to (I think Postrouting
or so) my 3 adresses. If there is somebody interested I have put a lot of
information on a webpages and publised it on the first ipadres:
http://gandalf.xs4all.nl/Suse.html

So please help! Greetings, Nico Berg



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] 4 ipadresses only one working

[niels]

Try to run /sbin/ifconfig... It show's the IP adresses your interfaces
have... has your interface all those 4 adresses? I think not...

If not you should "add" those IP adresses to the interface 

Try something like this:

#ip addr add 213.84.46.145/24 dev ppp+ broadcast 213.84.46.255

After that you should proxy-ARP or SNAT them to another machine on the
internal network (or better DMZ) because I don't see the advantage of
running more than one IP adress on the linux box itself


-----Original Message-----
From: Nico Berg [mailto:nberg@gandalf.xs4all.nl] 
Sent: 30 August 2002 10:33
To: lartc@mailman.ds9a.nl
Subject: [LARTC] 4 ipadresses only one working


Dear listreaders,
This is about my last hope! I'm new to this list.
Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl
connection and can loggin 4 times. Every time I loggin at my ISP I get an
ipadres. So I own 4 ipadresses. Only this first adress is working.

The other 3 are connected, can do a tcpdump and see reaction's only the one
who is pinging doesn't get an reaction. So, apperently the machine doesn't
react to this ipadresses because they are not in the system or so???? I put
in a piece tcpdump.

tcpdump: listening on ppp1
14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request

Reaction from the ping adres
PING 213.84.46.145 (213.84.46.145): 56 data bytes
^C
--- 213.84.46.145 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss

I can ping from my intern network then it works normal with a normal
reaction. I have a server (the machine discused above) and 4 machine getting
there internetaccess from the server with iptables.

#!/bin/sh

# Masquerading firewall (simpel)
# 13 augustus 2001
# Bart Geverts (bart@hakkefest.linux-site.net)

# Een hele eenvoudige masquerading firewall waarmee het mogelijk om met het
# hele achterliggende LAN het internet op te kunnen. Het 'firewall' gedeelte
# bestaat uit het afsluiten van een aantal poorten waarop relatief riskante
# servers draaien. Alleen de variabelen moeten aan de omgeving worden
aangepast.


############################################################################
####
# variabelen

# waar iptables staat
IPTABLES="/usr/sbin/iptables"

# interfaces
INTERNAL_INTERFACE="eth1"   # interface waarmee gateway aan lokale netwerk
zit
EXTERNAL_INTERFACE="ppp+"   # interface waarmee gateway aan het internet zit
#EXTERNAL_INTERFACE2="ppp1" # tweede ipnr #EXTERNAL_INTERFACE3="ppp2" #
derde #EXTERNAL_INTERFACE4="ppp3" # vierde

# ipadressen / netwerken
LAN="196.168.0.1/24"        # lokale netwerk

# ip nummers
#IP_nr_1="213.84.46.144"
#IP_nr_2="213.84.46.145"
#IP_nr_3="213.84.46.146"
#IP_nr_4="213.84.46.147"


############################################################################
####
# clean-up + init

# flush en clear alle rules en zet de tellers op 0
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t nat -Z

# set de default policies
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT


############################################################################
####
# initialiseren van de kernel

## Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


############################################################################
####
# masquerade

## Alles met afkomst van of bestemming lokale netwerk heeft forwarden
$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE
$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s $LAN
-d ! $LAN -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i
$EXTERNAL_INTERFACE -d $LAN -s ! $LAN -j ACCEPT

############################################################################
##### Tweede IPnr
#$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE
#$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE2 -s $LAN
-d ! $LAN -j ACCEPT #$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i
$EXTERNAL_INTERFACE2 -d $LAN -s ! $LAN -j ACCEPT #$IPTABLES -A INPUT -i
$EXTERNAL_INTERFACE_2 -j ACCEPT #$IPTABLES -A OUTPUT -o
$EXTERNAL_INTERFACE_2 -j ACCEPT

############################################################################
####
# riskante servers afsluiten

## telnet afsluiten voor de buitenwereld
$IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j
DROP # #$IPTABLES -L

If my ipadresses working properly then I want to extend the firewallscript
to a normal working firewall (in the mean time I have updated my swiss
cheese to a normal functional firewall).

I hope somebody can help me out here and tell me how to (I think Postrouting
or so) my 3 adresses. If there is somebody interested I have put a lot of
information on a webpages and publised it on the first ipadres:
http://gandalf.xs4all.nl/Suse.html

So please help! Greetings, Nico Berg



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] 4 ipadresses only one working

[Nico Berg]

> -----Oorspronkelijk bericht-----
> Van: lartc-admin@mailman.ds9a.nl
> [mailto:lartc-admin@mailman.ds9a.nl]Namens niels@wxn.nl
> Verzonden: vrijdag 30 augustus 2002 11:23
> Aan: nberg@gandalf.xs4all.nl; lartc@mailman.ds9a.nl
> Onderwerp: RE: [LARTC] 4 ipadresses only one working
>
>
> Try to run /sbin/ifconfig... It show's the IP adresses your interfaces
> have... has your interface all those 4 adresses? I think not...

Yes I do have all the 4 adresses!!!!!

>
> If not you should "add" those IP adresses to the interface
>
> Try something like this:
>
> #ip addr add 213.84.46.145/24 dev ppp+ broadcast 213.84.46.255

This doesn't work, I still can not ping to this adress from another server!
I am new to this kind of stuff and I don't know shit about it, so excuse me
if I do not understand why it doesn't work this way, it looked good.


Greetings, Nico Berg


>
> After that you should proxy-ARP or SNAT them to another machine on the
> internal network (or better DMZ) because I don't see the advantage of
> running more than one IP adress on the linux box itself
>
>
> -----Original Message-----
> From: Nico Berg [mailto:nberg@gandalf.xs4all.nl]
> Sent: 30 August 2002 10:33
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] 4 ipadresses only one working
>
>
> Dear listreaders,
> This is about my last hope! I'm new to this list.
> Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl
> connection and can loggin 4 times. Every time I loggin at my ISP I get an
> ipadres. So I own 4 ipadresses. Only this first adress is working.
>
> The other 3 are connected, can do a tcpdump and see reaction's
> only the one
> who is pinging doesn't get an reaction. So, apperently the machine doesn't
> react to this ipadresses because they are not in the system or
> so???? I put
> in a piece tcpdump.
>
> tcpdump: listening on ppp1
> 14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
> 14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
>
> Reaction from the ping adres
> PING 213.84.46.145 (213.84.46.145): 56 data bytes
> ^C
> --- 213.84.46.145 ping statistics ---
> 7 packets transmitted, 0 packets received, 100% packet loss
>
> I can ping from my intern network then it works normal with a normal
> reaction. I have a server (the machine discused above) and 4
> machine getting
> there internetaccess from the server with iptables.
>
> #!/bin/sh
>
> # Masquerading firewall (simpel)
> # 13 augustus 2001
> # Bart Geverts (bart@hakkefest.linux-site.net)
>
> # Een hele eenvoudige masquerading firewall waarmee het mogelijk
> om met het
> # hele achterliggende LAN het internet op te kunnen. Het
> 'firewall' gedeelte
> # bestaat uit het afsluiten van een aantal poorten waarop
> relatief riskante
> # servers draaien. Alleen de variabelen moeten aan de omgeving worden
> aangepast.
>
>
> ##################################################################
> ##########
> ####
> # variabelen
>
> # waar iptables staat
> IPTABLES="/usr/sbin/iptables"
>
> # interfaces
> INTERNAL_INTERFACE="eth1"   # interface waarmee gateway aan lokale netwerk
> zit
> EXTERNAL_INTERFACE="ppp+"   # interface waarmee gateway aan het
> internet zit
> #EXTERNAL_INTERFACE2="ppp1" # tweede ipnr #EXTERNAL_INTERFACE3="ppp2" #
> derde #EXTERNAL_INTERFACE4="ppp3" # vierde
>
> # ipadressen / netwerken
> LAN="196.168.0.1/24"        # lokale netwerk
>
> # ip nummers
> #IP_nr_1="213.84.46.144"
> #IP_nr_2="213.84.46.145"
> #IP_nr_3="213.84.46.146"
> #IP_nr_4="213.84.46.147"
>
>
> ##################################################################
> ##########
> ####
> # clean-up + init
>
> # flush en clear alle rules en zet de tellers op 0
> $IPTABLES -F
> $IPTABLES -X
> $IPTABLES -Z
> $IPTABLES -t nat -F
> $IPTABLES -t nat -X
> $IPTABLES -t nat -Z
>
> # set de default policies
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -P FORWARD ACCEPT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -t nat -P PREROUTING ACCEPT
> $IPTABLES -t nat -P POSTROUTING ACCEPT
> $IPTABLES -t nat -P OUTPUT ACCEPT
>
>
> ##################################################################
> ##########
> ####
> # initialiseren van de kernel
>
> ## Enable IP forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> ##################################################################
> ##########
> ####
> # masquerade
>
> ## Alles met afkomst van of bestemming lokale netwerk heeft forwarden
> $IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE
> $IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s $LAN
> -d ! $LAN -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i
> $EXTERNAL_INTERFACE -d $LAN -s ! $LAN -j ACCEPT
>
> ##################################################################
> ##########
> ##### Tweede IPnr
> #$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE
> #$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o
> $EXTERNAL_INTERFACE2 -s $LAN
> -d ! $LAN -j ACCEPT #$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i
> $EXTERNAL_INTERFACE2 -d $LAN -s ! $LAN -j ACCEPT #$IPTABLES -A INPUT -i
> $EXTERNAL_INTERFACE_2 -j ACCEPT #$IPTABLES -A OUTPUT -o
> $EXTERNAL_INTERFACE_2 -j ACCEPT
>
> ##################################################################
> ##########
> ####
> # riskante servers afsluiten
>
> ## telnet afsluiten voor de buitenwereld
> $IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j
> DROP # #$IPTABLES -L
>
> If my ipadresses working properly then I want to extend the firewallscript
> to a normal working firewall (in the mean time I have updated my swiss
> cheese to a normal functional firewall).
>
> I hope somebody can help me out here and tell me how to (I think
> Postrouting
> or so) my 3 adresses. If there is somebody interested I have put a lot of
> information on a webpages and publised it on the first ipadres:
> http://gandalf.xs4all.nl/Suse.html
>
> So please help! Greetings, Nico Berg
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/