Internet from LAN

UCS - Univention Corporate Server
#1

Sorry for the newbie question, but I’m just learning networking concepts - just enough to be dangerous, as the saying goes :slight_smile:

I am setting up a server that has two NICs. I connect the NIC whose interface is eth0 directly to the router provided by my ISP, and connect the NIC whose interface is eth1 to a switch that all the clients also connect to. I configure the eth0 network to get its IP address and other information from DHCP (from the router). I then configure eth1 with a static IP address of 192.168.11.1, and configure DNS and DHCP to provide dynamic address information to the clients. Two questions:

  1. Is NAT the standard way to enable the clients connected to the 192.168.11.0/24 network to connect to the internet?

  2. Does UCS provide any facility for managing NAT? The only discussion of NAT that I found in the manual was in the section on the virtualization manager. Or, do I have to manage this manually from the command line? I’ve played around quite a bit with Zentyal, and it seems to do this automatically if you designate eth0 as an external interface and eth1 as an internal interface, but I haven’t yet found any indication whether or not UCS does this.

I would really appreciate any help. When I get this figured out, I plan to write a blog post helping out newbies like myself.

#2

Hello,

mostly, the UCS server is not used as a gateway, because it is not the focus of this system, so you have to enable IPv4 forwarding. This can be achieved by using the following UCR variables, which enable it und define a cron job executed at boot time:

# ucr set cron/ipforwarding/command='echo "1" > /proc/sys/net/ipv4/ip_forward'
# ucr set cron/ipforwarding/time=@reboot

I hope I did not misunderstand your question.

Regards
Ulf Friedel

#3

Hello, Ulf

Thanks for the reply. It is rather disappointing to hear that UCS doesn’t have anything built-in for acting as a gateway. It does, after all have built-in support for acting as a DHCP server (as well as DNS) server - maybe that is only tangentially related to acting as a gateway. And since it is a Debian server, I imagine it is straightforward enough to configure NAT between eth0 (internal LAN) and eth1 (internet connection). It’s just surprising that this isn’t built in. Both of what I would consider the serious competitors of UCS (Zentyal and ClearOS) handle this.

Best regards,
Gary Schiltz

Mastodon