Forums

Resolved
0 votes
We have /27s through both our ISPs. I know how to handle multiple IPs from the Linux command line. But what's present in ClearOS for this? I see mention in the NAT docs on using multiple IPs. Are there options for handling them independent of NAT?

I'm realizing I'm going to have to do my own scripting to handle hardware failover with ClearOS -- probably will use UCARP for that -- but I'd like to avoid getting into a space where my scripts and ClearOS's methods are stepping on each other. The easy thing to do would be to handle the /27s as UCARP VIPs. But if ClearOS is going to be also getting its hand in there, for instance in conjunction with NAT configuration, this could be a headache. Is there any documentation on what to expect from ClearOS and its modules from a back-end perspective?
Wednesday, August 23 2017, 04:12 PM
Share this post:
Responses (2)
  • Accepted Answer

    Friday, August 25 2017, 03:51 PM - #Permalink
    Resolved
    0 votes
    I know this method works as I have this setup currently on a system - you have to get your ISP to subnet the range down again (so from 1x /27 to 2x /28) then make the 2nd subnet route through your primary IP in the first subnet (Your ClearOS primary IP). This is handled by the ISP. Then you create a true DMZ (it's own NIC) on your firewall. Assign one of the IPs from the 2nd subnet to this NIC. Works well. You can then assign the public IPs to nodes in your DMZ and use the DMZ Firewall modules in Clear to poke hole in various directions.

    Let me see if I can map that out here for you:

    192.168.1.0/27: (Subnetted to 2x /28 by your ISP)

    192.168.1.0/28: 1-14 Broadcast:15
    192.168.1.1: ISP Router
    192.168.1.6: Your ClearOS Install WAN (ISP Points route for 2nd subnet here)

    192.168.1.16/28: 17-30 Broadcast: 31
    192.168.1.17: Your ClearOS DMZ IP (Default Gateway for DMZ nodes)

    Obviously your IPs & assignments will/may be different and you will need a friendly ISP to achieve.

    Not 100% sure that answers your question specifically but I hope that helps some.

    Jim
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 23 2017, 08:26 PM - #Permalink
    Resolved
    0 votes
    I think there is another way where you assign half of them to ClearOS then the other half to machines in a DMZ but I really can't remember. Other than that the ClearOS way is 1-to-1 NAT. You can just set up virtual interfaces but then you are on your own, and I've never heard of the term UCARP VIPs so your knowledge is probably way ahead of mine. ClearOS 1-to-1 NAT won't get in the way of anything if you don't use it, but I'd have thought you'd need to leave ClearOS with one proper IP. Firewall rules and routing for virtual IP's would be up to you.
    The reply is currently minimized Show
Your Reply