Advanced Network Question [solved]

[ethraza]

Hi!

Take a look what I need to do...

 

I need to do a proxy server that will act like that... In a lan with aprox. 50 nodes...

When someone come with u notebook and plug this, no mather the OS, he must to be able to use the Internet without configurations cose hin is a ordinary User.

And the cool part now... Each one simple cannot see the others.

 

I think in add 50 virtual ips to the Server eth and configure 50 subnets in dhcp.

I know that Linux support at least 255 virtual ips on one eth, but I don't know if dhcp will like that. I try this later.

 

But opinions, suggestions and comments are appreciated.

 

Thanx n 1 in advance!

[ethraza]

Ok, please n 1?

 

I started with problens...

I'm having problens with dhcpd.conf ... crazy

Edited January 23, 2005 by ethraza

[Cannonfodder]

Better post that file :)

 

etc/dhcpd.conf

[ethraza]

I did some google search and found that noone knows what is talking about.

 

My last dhcpd.conf :

---

ddns-update-style ad-hoc;

shared-network 0 {

subnet 192.168.0.0 netmask 255.255.255.0 {

option broadcast-address 192.168.0.255;

}

}

subnet 192.168.1.0 netmask 255.255.255.0 {

range 192.168.1.2 192.168.1.5;

option broadcast-address 192.168.1.255;

}

subnet 192.168.2.0 netmask 255.255.255.0 {

range 192.168.2.2 192.168.2.5;

option broadcast-address 192.168.2.255;

}

---

 

ifconfig :

---

eth1 Encapsulamento do Link: Ethernet Endereço de HW 00:02:44:25:C0:EC

inet end.: 192.168.0.1 Bcast:192.168.0.255 Masc:255.255.255.0

endereço inet6: fe80::202:44ff:fe25:c0ec/64 Escopo:Link

UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1

RX packets:6718 errors:0 dropped:0 overruns:0 frame:0

TX packets:15975 errors:0 dropped:0 overruns:0 carrier:0

colisões:0 txqueuelen:1000

RX bytes:940656 (918.6 Kb) TX bytes:12740022 (12.1 Mb)

IRQ:10 Endereço de E/S:0x2000

 

eth1:1 Encapsulamento do Link: Ethernet Endereço de HW 00:02:44:25:C0:EC

inet end.: 192.168.1.1 Bcast:192.168.1.255 Masc:255.255.255.0

UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

colisões:0 txqueuelen:1000

RX bytes:0 (0.0 b ) TX bytes:0 (0.0 b )

IRQ:10 Endereço de E/S:0x2000

 

eth1:2 Encapsulamento do Link: Ethernet Endereço de HW 00:02:44:25:C0:EC

inet end.: 192.168.2.1 Bcast:192.168.2.255 Masc:255.255.255.0

UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

colisões:0 txqueuelen:1000

RX bytes:0 (0.0 b ) TX bytes:0 (0.0 b )

IRQ:10 Endereço de E/S:0x2000

---

 

service dhcpd start

[Failed]

 

syslog :

---

dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file

dhcpd: Wrote 0 leases to leases file.

dhcpd: Interface eth1 matches multiple shared networks

dhcpd:

dhcpd: exiting.

dhcpd: dhcpd inmcio failed

---

 

Why?

[fissy]

do you want the proxy server to ask for a username and password or is open access ok?

 

If you want anyone on your network to be able to access the net through the proxy without a password you could redirect outgoing traffic at the router to the proxy server except in the case where the traffic has come from the proxy. Shorewall is good for this.

 

edit; sorry, didn't read the 'cool part'

Edited January 23, 2005 by fissy

[ethraza]

Thanks 4 the reply but I know do a proxy server, my problem is with the DHCP server and the "Cool Part".

I googled this and I think that is is poorly documented. This make the things more complicated. If some one know a good documentation for the DHCP can be a good start. THX

 

 

 

 

 

 

 

[Draco Araurlis]

The documentation available on the net for DHCPd is, as you say, mediocre at best. Even on the development website - but you can buy the book.

 

http://www.isc.org/index.pl?/sw/dhcp/

[ethraza]

If is usefull 4 n 1:

 

To resolve my won problem the only thing to undestand is that a shared-network statemant refers to a ethernet and not for an IP, so if all virtual IPs are in one ethernet, all configs of subnets must come inside a shared-network statement that refers to the phisycal ethernet.

[Guest dhanraj sheth]

hi

you don't want any user to see other user on the network or what ??

well as you said you also wanted to do that with DHCP well if the answer of my question is "YES" then do this:

 

give ip to every user with subnet 255.255.255.252 in that manner with each ip allocated to a machine on your network another 3 ip will be lost and then configure the firewall as said by 'fissy' with "shorewall" and block all the loc to loc file sharing and netbios on the network well for this setup Evey users Gateway will be diffrent and will be bind with virtual interface on the Server which in term will be Gateway and each ip you add the route should also be added so that the user should be able to surf the web.

 

if your answer is "NO" then please explain in simple language.

 

Thanks,

Dhanraj sheth

[ethraza]

Is this! (Yes is the right answer.)

Thanks 4 the reply, I will need this soon.

[ethraza]

With this part solved, the 'big net saga' continues on:

http://mandrakeusers.org/index.php?showtopic=23962