|Tested on||SME 5.5, 5.6, 6.0 and 6.0.1|
Sometimes, on a production network, it's not possible to do testing on the production
SME server. SME don't need monstrous hardware, and it's (fairly) easy to find a computer
that nobody wants anymore to create a SME test server.
Generally, in this case, the SME test server is installed in 'server only' mode, and it becomes a LAN client as any other computers.
However, some tests are hard to realize (if only possible) in this configuration, and it's not always easy to create a isolated test network.
What I want to show you is how (via a small TCP/IP trick) to connect a Test SME Server in
'server and gateway' mode on your production Network without perturbation.
Note : Your test SME server will need two network interfaces, like a 'true' production SME Server.
Let's have a look on a typical small SME server network :
We see on the left side the Internet or public Network, with the public network interface of SME. On the other side is the SME private network. The IP number of the private Network is generally the result of a random choice of the SME Server. The Network Number always start by 192.168. This is a part of the 'Private Networks IPs'. (For more informations about 'private Networks IPs', please read this document :RFC 1918).
Given my experience, there are some points of configuration that seems to be 'standards' on a SME Distro installation :
Now that we know all theses point, how to 'put' our test SME server on this Network ?
The trick is to play with the IP subnet masks. We will connect the two networks interfaces of our SME test server on our HUB our SWITCH of the production network. It's only the IP configuration of our test server that will do the difference.
Let's see the implantation layout :
Playing with Subnet Masks we will let our test server thinking that there a two (differents) networks :
With this configuration, the test server will see the production server as a part of the public network. In contrary, DHCP clients will be seen as station on the test server private network. This configuration permit numerous tests.
Please note that in this configuration is a major drawback : if, on your network, some computers have an IP address greater than 192.168.X.126, theses computers will not be able to access to the test server !
Before starting to configure the SME test server, you need to control some parameters of your current network : I give you here the parameters from my network. I just changed my local IP number by X. If your parameters are not the same as mine, and you don't knows how this can affect this how-to, please stop here and advice !
-# /sbin/e-smith/db configuration show dhcpd dhcpd=service end=192.168.X.122 start=192.168.X.65 status=enabled -# /sbin/e-smith/db configuration show LocalIP LocalIP=192.168.X.1 -# /sbin/e-smith/db configuration show LocalNetmask LocalNetmask=255.255.255.0
The production server (internal) IP address is 192.168.X.1, with a netmask of 255.255.255.0 (This permit to use address between 192.168.X.1 and 192.168.X.254), the DHCP server allocate address between 192.168.X.65 and 192.168.X.122
You will of course need the value of X for your network !!!
Go on your test server console and connect you with the admin login (this is automatic if you choose to retain the default value of 'Display server console at all times' during installation steps).
After these successful change, you can connect your test box on your production network. The computer is reachable.
For a greatest comfort, it's better to set two new entries (type 'local') in the production DNS (saying your test box is named smetest) :
Your SME test server is now accessible from your network, but how ?
Your P.C. can access the SME box only via it's internal LAN card, that is with the name smetest in the production DNS. Your production SME server can only access your test server via it's external LAN card, named smetest-ext. This access is constraint to the FireWall rules. While it's practical in case of test, it's sometime uncomfortable. But don't try to fool the test box and to access directly by the internal Ip address : if your production server will find a way to access this interface, the test server never will find a way to answer, due to the netmask conflict.
Your P.C. see the Test Box like a 'server only' SME server. They continue to use the production SME server as gateway.
If you need, for a test, that one of your P.C. really use the test server as it gateway, it's possible, you just have to do a manual IP configuration on the P.C. :
The same way, if you need to have a P.C. accessing the test server as an Internet P.C. would do, it's also OK, just doing another manual IP configuration of the P.C. :
This give many tests possibility very near to a real installation.
This is not a perfect construction, but using it since many months I find it useful.
With this configuration, my P.C. have a direct (and reliable) access to all the services provided by the production SME server, and they can also access to the test server.
But this can certainly be improved. Don't hesitate to tell me your test return and your feeling.
|march 13, 2004||Initial version (1.0.0)|
|copyleft Schirrms Studio 2002-2004||
||The whole website www.schirrms.net is under GFPL license|