Network Configuration
3.1. Network interfaces
You can enter into network interfaces configuration at → at the left menu.
For each network interface we can choose a new name and its configuration. Available configurations are:
- Static
It will assign permanently an IP address to the network interface. Once you have chosen the configuration, you can set if this network interface is external[1], its IP address and its network mask.
- DHCP
When you select this option for configuration, the network interface will be configured dynamically if a DHCP Server exists on the network. The only configuration parameter is the ability to be an external interface.
- Trunk 802.1Q
When this method is selected, the interface applies a mechanism which allows multiple bridged networks to transparently share the same physical network link without leakage of information between networks, i.e. doing trunking.
- Not configured
Network interface won't be configured.
A virtual interface is the one which is attached to a real one, and it is used to listen or serve another IP address apart from the real one, that is, the real interface can assist two or more networks just creating as many virtual interfaces as needed.
It's possible to create new virtual interfaces bound to any interface configured as static.
Once you have configured static interface, a form will be shown to add virtual interfaces, where you can assign their name, IP address and network mask.
You can set IP addresses for the name servers that you want to use to resolve host names. You may set as many name servers as you want, the first one is primary one which whether it becomes down, the secondary one is used instead and so on.
Warning
You have to remember that, if your network interfaces are configured with DHCP, your network settings could be overwritten.
You can use this tools to check if your network settings are correct.
Selecting → you could make a ping to a reachable host through your network interfaces, or you can resolve a domain name.
The output of this operations will be shown on this page, corresponding with the standard output of the GNU/Linux commands ping and dig.
Through this section you can set the gateways where your network traffic is directed. It is very useful in order to split or do balance your Internet traffic.
Choosing → you could add as many gateways as you want. The following attributes are required when adding a gateway:
- Name
It is the logical name associated to the gateway in eBox which is used in other eBox modules. It should be unique.
- IP Address
The static gateway IP address. Its value has to be unique as well.
- Interface
The interface from where the gateway is reachable. That is, it is the interface where packets can be routed to get to the gateway.
- Upload
The maximum upload rate (in Kilobits per second) you can have towards the connection from eBox to the gateway. It will surely depend on the sort of connection provided by your ISP.
- Download
The maximum download rate (in Kilobits per second) you can obtain towards the connection from the gateway to eBox.
- Weight
It is the weight associated to this gateway. It is used by balance traffic section to apply special rules applied to multiple gateways.
- Default
It is set to determine whether the gateway is the default one or not. This implies that any packet which does not have a explicit gateway to be routed through will come out through the default one. Note that just one gateway can be the default one at the same time.
Warning
Each gateway should be reachable from at least one interface. eBox checks so for each interface whose configuration is static. If the interface is configured via DHCP, this inspection will be skipped since it is impossible to determine.
The correct values for upload and download rate are critical to ensure the correct functionality from traffic shaping module.
Once you have added a gateway, it will appear at the Gateway list . Then, you can delete it or edit the values set previously through the icons which appear on the right side of the list.
In order to use these two features, at least two gateways configured are required. Check out this section to know how to create them.
You can enable traffic balancing via → in order to share your traffic through different routes. The traffic distribution relies on a weighted sum from the gateway weights which are set on gateway attributes (See Gateways section to know how configured them).
A typical configuration could be as follows: you have two gateways configured where one has the double rate capacity (A) than the other one (B). Thus you may want to balance traffic in 2:1 proportion, that is, gateway A will deliver the double traffic than B. To achieve so, you should set the weight parameter to A to 2 and gateway B will have weight set to 1.
It may be needed to route explicitly traffic by a certain gateway, to do so, you should use the multigateway rules which mark the packets to be delivered through the gateway selected.
The packets are matched depending on the rules given to be directed to the asked gateway. You can select the traffic according to the following factors:
- Protocol
It could be TCP, UDP or any.
- Interface
The source interface where traffic comes from. The list only includes internal interfaces.
- Source
You can select a source IP address or an eBox network object. (See this chapter for details)
- Source port
You can choose a source port. You must select a protocol different from any to be able to direct traffic depending on the source port.
- Destination
You can select a destination IP address or an eBox network object.
- Destination port
You can choose a destination port. The same policy from source port is applied here.
After editing at least one of the factors you can select a previously defined gateway to direct traffic which matches with the defined attributes.
Once the rule has been added to the multigateway rule list, you may edit or delete a previous defined rule through its icons depicted on its right side.
In advanced configurations, defining a set of gateways and rules to applied them is not sufficient. Thus the user defined Example 3.1 routing table may help:
Example 3.1. Static route use case
“ I have some machines that are on the outside, connected to the external LAN of the eBox and I would like all users who connect to VPN server to connect to those machines via the VPN tunnel. ”
In those cases, we may use static routes. This table specifies those networks whose traffic is redirected to a fixed gateway, which must be reachable from eBox host. Each route must have an unique network to route. Moreover, an optional description is provided to allow administrator to add information to the route and ease so the maintenance.
[1] On eBox, an interface is defined as external when its connection is directed to Internet. For instance, its IP address can be an static public one. However, internal interface is those where clients from your internal network are connected.
Posts
Post a Comment