18Oct/170

E-mail server in Windows Server, part 2: Security

This is a follow-up to the tutorial How to install an e-mail server in Windows, directed to those who already have an hMailserver and want to increase the security.

Spam protection

To activate the spam protection, please go to Settings >> Anti-spam in the hMailserver Administrator.

In the tab "General" you can leave the settings the way they are, as shown in the image. Of course you can adjust them later according to your needs.

In the second tab "Spam tests" you should select all four spam detection parameters:

- Use SPF (3)
- Check host in the HELO command (2)
- Check that sender has DNS-MX records (2)
- Verify DKIM-Signature header (5)

Malware protection

As already mentioned in the previous tutorial, you have the possibility to use different anti malware software in hMailServer. The most easy solution is to use the free ClamWin anti virus scanner. You can download it there:

https://sourceforge.net/projects/clamwin/

Please follow the installation wizard. Installing the browser extension is not required for your e-mail server. Normally ClamWin will now appear in the Windows system tray and start to update its database once a day. It will also protect your system from malware. You are of course free to change those settings individually in the ClamWin menu. The integration in the hMailServer is easy. Please go to Settings >> Anti-Virus >> ClamWin. The button "autodetect" will find the correct path to your ClamWin anti virus installation and you can finish the setup with "Save".

TLS encryption

To enable your clients to start an encrypted connection to your server, so nobody can steal your data, you have to enable this in your settings first. You will need an SSL certificate to achieve this. If you do not have already one for the host name of your server, you can create a self signed one on your own. Self signed certificates are free. But you will have to add an exception manually each time you set up a new client for your server. Most clients like Thunderbird or Outlook will ask you for that after the credentials got entered and they start the first connection. You can use XCA to create such a certificate:

https://sourceforge.net/projects/xca/

After the software got installed and opened, you have to create a new database on the upper left side. You can choose any name, you do not even have to remember the password. We will need this tool only once to create the new certificate. You can remove it again afterwards.

After the new database got created you can choose the tab "Certificates". In the following menu please choose "New Certificate" on the right side. A new window will open. In this new window please choose the tab "Subject" and add your host name next to "commonName". In our example screenshot this is mail.yourdomain.com. Now please create a key for the certificate by pressing the button "Generate a new key". The options in the window normally will be  inserted correctly per default as shown in the image. You can finish the creation with "create".

The next step is to switch to the tab "Extensions". Enter a date until the certificate will be valid. You can be generous at this point. In our example we set a date in the year 2030 for "Validity not after". With the "OK" button in the bottom right corner you will finally create the certificate.

Now you have to export the certificate and the according key. Please choose in the tab "Certificates" the certificate and click on "Export" on the right side. You can let the path the way it is. In our case it is:

C:\Program Files (x86)\xca\mail.yourdomain.com.crt

In the tab "Private Keys" please do the same for the previously created key. The path should be:

C:\Program Files(x86)\xca\mail.yourdomain.com.pem

Please open the hMailServer Administrator and navigate to Settings >> Advanved >> SSL certificates and click on "Add". Now you have to add the previously exported certificate and key as shown in the image below and save the settings.

For the last step please go to Settings >> Advanced >> TCP/IP ports. There you have to modify the three entries below "0.0.0.0 / 25 / SMTP" as shown in the following images. At "SSL Certificate", please choose your recently created certificate. "0.0.0.0 / 25 / SMTP" has to stay in its original state as the only one. If you change it, your e-mail server will not work properly!

Now you have to open the new ports in your firewall. For that you can edit the rule from the previous tutorial. We called it "Ports for hMailServer" there. Please change the "local ports" from 25, 110, 143, 587 to 25, 465, 993, 995. (Windows Firewall with Advanced Security on Local computer >> Inbound Rules >> Ports for hMailServer >> Protocols and Ports)

The settings for your clients have changed too:

ingoing server:

protocol: IMAP; port: 143; security: SSL/TLS; server: the IP or hostname of your server

outgoing server:

protocol: SMTP; port: 587; security: SSL/TLS; server: the IP or hostname of your server

9Oct/172

How to install an e-mail server in Windows Server

You want to send and receive e-mails with your Windows server and connect to it by using your clients on PC, smartphone or tablet? In this tutorial we will explain how you can setup your own e-mail server on a Windows system with a static public IP. This tutorial will work for our VPS as well as for our dedicated servers. hMailServer is a free open source program, the setup is rather simple and can be done in just a few easy steps. Next to the default features like SMTP, POP3 and IMAP, the software is capable to detect spam and also a free virus protection like ClamWin can be added.

Installation

hMailServer needs NET Framework 3.5. to run correctly. Therefore you should add it to Windows before you install hMailServer. To do so, please open the Server Manager. The next steps will differ a little in the different versions of Windows Server. We will explain it by using the example of Windows Server 2012. Please click on "Manage" on the right upper side and choose "Add Features and Roles". In the window that opens you can click four times on "Next" and leave all the settings the way they are. Now you can choose the features you need to install. You just have to choose the NET Framework 3.5 like shown in the image. With "Next" again, you confirm this selection and "Install" will start the installation. As soon as the process is finished, you can close the window and proceed with the installation of your e-mail server.

Please download the latest version of the software from this site:

https://www.hmailserver.com/download

Please do not choose a version that is still in beta, since it might contain bugs and vulnerabilities. After you received the installation package, you can execute it and accept the terms of service.

You should leave the default installation directory as is and continue with "Next". Now you can choose the required products for installation. You will need the full installation, so please let "Server" and "Administrative Tools" checked and proceed with "Next". For an easy installation, we do recommend to choose "Use built-in database engine" in the next step. In the following window let the name be hMailServer and proceed. hMailServer will need a password for administrative tasks in the future. So please create a password you want to use to protect your service and write it down. The last step will be to start the installation. It should finish without error.

hMailServer Configuration

Please open the hMailServer Administrator. In the first window you have to activate "Automatically connect on Start-up" and click on "Connect".

In the next window, please go to "Domains", choose "Add..." and insert your domain you want to use for sending e-mails.

After the domain got saved, you can add new e-mail addresses in the menu "Accounts".

Now please go to Settings >> Protocols >> SMTP >> Delivery of e-mail. There, please add the local host name of your server that should be used for introducing your server to other e-mail servers. It has to be a valid domain and has to resolve to the IP of your server. So please add an A record to your DNS zone if necessary. You also should set an identical PTR for the IP address of your server. This can be done in the Contabo customer control panel. The host name should consist of three parts. That means it has to be an FQDN and it may not contain too many numbers, since it might seem to be generic. A good name for example might be: "mail.justanexample.com". When you are done, please save your new settings.

Firewall Configuration

The main configuration is done. But you still have to open all used e-mail ports in the firewall to make it work. Please open the Windows Firewall settings and choose "Inbound Rules". On the right side click on "New Rule". A window will open and you have to choose "Port" and click on "Next". In the next window please insert the ports 25, 110, 143 and 587, as shown in the image.

In the following window please choose "Allow The Connection" and after "Next", please check "Domain", "Private" and "Public".

In the last window you can enter a name for the new rule. For example "Ports for hMailServer". Please finish the setup and close the firewall settings.

Now you should add an SPF record to your DNS zone. Many e-mail servers will reject e-mails from your server if it does not exist. Therefore please add this TXT record to your zone:

justanexample.com 86400 in TXT "v=spf1 ip4:1.2.3.4 ~all"

"justanexample.com" has of course to be replaced with your domain and 1.2.3.4 with your IP.

You should also add an MX record to your DNS zone, if it does not exist already. The MX record should look like this:

justanexample.com 86400 in MX 10 "mail.justanexample.com"

The value "mail.justanexample.com" has to be replaced with the the host name you have chosen for your e-mail server.

The basic setup of your e-mail server is now complete. It should be able to send and receive e-mails as soon as the DNS changes are active and you can now connect with any e-mail client like Outlook, Thunderbird or Apple Mail.

Client Configuration

Please use the following settings for your e-mail client.

ingoing server:

protocol: IMAP; port: 143; security: none; server: the IP or host name of your server

outgoing server:

protocol: SMTP; port: 587; security: none; server: the IP or host name of your server

Security

If you want to do some optimizations to the server security like transport encryption, spam checks and malware protection, please take a look at our second tutorial: E-mail server in Windows Server, part 2: Security.

13Apr/170

Installing Windows Hyper-V 2016 on a dedicated server

Welcome to our tutorial about installing Hyper-V on your Dedicated Server with Windows Server 2016.

Step 1

Installing Hyper-V

After receiving the login information to your dedicated server you might want to find out how Hyper-V can be installed. Hyper-V is an additional Server-Role for Windows which can be added within the Server manager.

On the upper right side you will find the option "Add Roles and Features"

 

After clicking on that option a new windows will popup.

Navigate to "Server Roles" and select Hyper-V

Now select the checkbox and click on next.
You will be asked if the install manager is allowed to automatically reboot your server.


At least one reboot is required !

The installation can take up to one hour, depending on the rented dedicated server model and the storage configuration it might be completed within several minutes.

 

 

Step 2

Configuring Hyper-V

For configuration we are going to use the Hyper-V Manager, you can access this tool by clicking on "Tools" on the upper right side within your Server-Manager window.

Before creating a virtual machine, we have to configure the network interface. Open the "virtual Switch Manager" to perform the necessary steps.

Now we are going to create a new external switch:

Enter a name and description (notes) of your choice.

Select the external network and make sure that the checkbox "allow management operating system to share this network adapter" was selected. If it was not selected your server might be inaccessible afterwards.

Step 3

Configuration of the Network

On the taskbar at the very right side you will see the network icon.
Perform a rightclick to open the following dialogue:

Another window will open, navigate to your network devices:

Now rightclick on the recently created network device and select "Properties":

Select "Internet Protocol Version 4" and once more select "Properties"

Insert your Server's IP-Configuration.

Please double check the information you are setting up, otherwise your server will be inaccessible.

Step 4

Creating a virtual machine

For now we are almost done, the next step shows you how to create a virtual machine.

Within the Hyper-V Manager select "New" to create a new VM:

Configure the VM with your preferences:

Tip: Selecting "Generation 2" for Windows 8 (Windows Server 2012) VMs and later will improve the performance.

As network device you should select the Hyper-V Switch we have created before.

Select the .ISO you want to install and start the installation.

After the installation was completed you need to set up a public IP within the VM.
If you do not have any additional public IPs assigned to your account, please contact us at support@contabo.com to order additional IPs.

After a public IP was set up, your VM will be able to establish connections.

31Mar/170

Being spoilt for choice – Windows or Linux?

The operating system is the centrepiece of a server. You can imagine how important it is to choose a fitting operating system. For servers, two operating systems have established themselves: Windows and Linux. In this short overview, I'd like to present you the main differences between those two operating systems.

 

You might have heard that Windows is less stable compared to Linux. This actually was the case 15 years ago. Older Windows Server operating systems tended to operate rather unstable at times. However, Windows Server developed into an utterly robust operating system during the past years. Nowadays, you won't find much of a difference between both operating systems regarding stability.

Let's come down to the first real difference: Interface and Remote Access, which certainly are the most obvious differences between Windows and Linux.
With Windows Server, you access your server remotely with a protocol developed by Microsoft called RDP. The software used to connect to your server remotely, Remote Desktop Connection, is installed on every Windows machine by default, regardless of whether it's a Desktop or a Server version.

remote_en

Once connected to the server, you'll find a familiar Windows interface you already know from your Windows PC you use at home.

remotedesktop2

And that is probably the biggest advantage of Windows Server. Web server, DNS server, or other services, everything can be managed with a graphical user interface.

 

On Linux, this is totally different. While desktop versions come with a graphical interface as well, in server versions, you won't find one there for the benefit of performance. Also, you cannot access it using RDP, but via SSH.
Windows operating systems do not have an SSH client installed by default, therefore you have to install such a client on your own. There are plenty of them on the market, a well known and established client is PuTTY.

putty

Unlike on Windows Servers, there won't open a Desktop environment, but only a command line.

putty2

Administering the server is done exclusively via commands you type into the command line. While the experienced Linux user knows the most important commands, users who are new to Linux will probably have some trouble here, which could cause problems regarding server security and stability.

 

You might already know that Windows Server, unlike most Linux operating systems, is not for free. Microsoft fees a monthly amount for licensing their products. The amount of this fee differs, it depends on the hardware of the server running the operating system and the version of Windows Server.

 

Basically, every service can be realised on both Linux or Windows Server. The choice is mostly a matter of taste.

23Nov/160

Available now: Windows Server 2016

Not long ago, Microsoft officially launched its latest operating system for server systems, Windows Server 2016. We immediately went to work and performed numerous functionality tests and thus ensured a smooth integration in our systems. Today we can finally say:

Windows Server 2016 is available as an upgrade for all our root servers and VPS with 100% SSD!

As you already know from Windows Server 2012, you can once again choose between the Standard Edition and the Datacenter Edition when ordering Windows Server 2016.

If you are a new customer or place an additional order, you can select Windows Server 2016 as your operating system during the order process on our homepage. We kindly ask existing customers to send a short e-mail to our support department, then we will process the upgrade manually.

So what are the costs of Windows Server 2016 at Contabo?

The most important thing first: As a special service for our customers, we offer Windows Server 2016 free of charge for the first two months - for every root server customer. In other words:
No costs apply for the use of Windows Server 2016 on a root server within the first two months.

If you opt for a root server at Contabo, you are free to choose between the two new versions as well as the previous versions of Windows Server 2012 – in addition to a broad selection of Linux distributions. For most of our Dedicated Servers, Windows Server 2016 Standard Edition is available for 39.99€ per month (from the 3rd month onwards, free of charge before). The Datacenter Edition is a bit more expensive with a monthly fee of 279.99€ (from the 3rd month onwards, free of charge before); however, it offers the ambitious user additional possibilities, as for example in the field of virtualization.

If you decide to order one of our VPS with 100% SSD disk space and add Windows Server 2016 as your operating system of choice, you automatically receive the premium Datacenter Edition. It is available from 5.99€ per month for our VPS – the eventual monthly fee depends on the chosen VPS model. Of course, all available Linux distributions can be selected as the operating system for your VPS as well.

Order your new Contabo VPS or root server with Windows Server 2016 today!

14Jan/163

Edit Windows Updates in Windows 2012

The following tutorial will show you how you can check and administrate the Windows updates for your Windows Server 2012 system:

1. Please connect to your server using RDP. Please open the control panel of the server and select the option 'System and Security':

Windows Updates 1

2. You will be forwarded to the following site:

Windows Updates 2

Please open the option 'Windows Update'

3. Subsequently you will be forwarded:

Windows Updates 3

You have the choice between 'Check for updates', 'Change settings', 'View update history', and 'Restore hidden updates'. By selecting the option „Check for updates“, an immediate search for updates will be started

4.1. If you choose the option „Check for updates“, Windows will automatically check whether there are updates which need to be installed on your server. If you want to change the settings of the Windows updates, please click the „Change settings“ button:

Windows Updates 4

4.2. If you click on the dropdown field „Install updates automatically (recommended)“ these options will appear:

Windows Updates 5

In general, it is always recommended to install updates automatically (first option), since the security of your server could be endangered if you do not keep the Windows version updated. If you want to select the updates manually, you need to choose the option „Download updates but let me choose whether to install them“. A similar option will be „Check for updates but let me choose whether to download and install them“, where you will have an overview of available updates and you can choose then if you want to download and install them“. On the other hand „Never check for updates (not recommended)“ is not recommended, since this could be dangerous for the security of your system if you do not keep it updated.

4.3. By clicking the link „Updates will be automatically installed during the maintenance windows.“, you will be able to choose a time when you want to perform the maintenance. In the checkbox below the field where you can insert the time, you will have the option "Allow scheduled maintenance to wake up my computer at the scheduled time". If you leave this box selected, your server will be started automatically in order to perform the maintenance/update. If you uncheck the box, the update will be performed as soon as you start the server yourself.

Maintenance

4.4. With the options „Recommended updates“ and „Microsoft Update“ you will additionally have the possibility to get informed about any updates.

5. If you choose the option „View update history“ you will get a list of all updates which have been intstalled on the server already.

Windows Updates 6

If you wish to uninstall an update, you can choose the link „Installed Updates“. You will be forwarded to a list with installed updates and you can uninstall the updates.

If you ever experienced issues with updates, kindly choose the option „Troubleshoot problems with installing updates“. It will be automatically checked whether there are issues related to updates.

6. In the option „Restore hidden updates“ you will get the following:

Windows Updates 7

Updates, which you did not install and which were hidden, will be shown in this list and you can decide whether you want to install them.

18Dec/150

Edit Windows Updates in Windows 2008

The following tutorial will show you how you can check and administrate the Windows updates for your Windows Server 2008 system:

1. Please connect to your server using RDP and open the control panel, where you need to choose the section „System and Security“

WS Updates 2008 EN Bild 1

2. You will be forwarded to the following site, where you need to choose the option „Windows Update“:

WS Updates 2008 EN Bild 2

3. Subsequently you will be forwarded:

WS Updates 2008 EN Bild 3

You will have the choice between 'Check for updates', 'Change settings', 'View update history' and 'Restore hidden updates'. Additionally you have the option „Updates: frequently asked questions“, a help box will be opened if you select this one. By selecting the option „Check for updates“, an immediate search for new updates will be started.

4.1. If you choose the option „Check for updates“ Windows will automatically check whether there are updates which need to be installed on your server. If you want to change the settings of the Windows updates, please click the „Change settings“ button:

WS Updates 2008 EN Bild 4

4.2. If you click on the dropdown field „Install updates automatically (recommended)“ these options will appear:

WS Updates 2008 EN Bild 5

In general it is always recommended to install updates automatically (first option), since the security could be endangered otherwise, if you do not keep the Windows version updated. If you want to select the updates manually you need to choose the option „Download updates but let me choose whether to install them“. A similar option will be „Check for updates but let me choose whether to download and install them“, where you will have an overview of available updates and you can choose then if you want to download and install them“. On the other hand „Never check for updates (not recommended)“ is not recommended, since this could be dangerous for the security of your system if you do not keep it updated.

4.3. With the options „Recommended updates“ and „Who can install updates“ you will additionally have the possibility to get informed about any updates and which user can install the updates, if the account differs from the Administrator account.

5. If you choose the option „View update history“ you will get a list of all updates which have been intstalled on the server already:

 WS Updates 2008 EN Bild 6

If you wish to uninstall an update, you can choose the link „Installed Updates“. You will be forwarded to a list with installed updates and you can uninstall the updates.

If you ever experienced issues with updates, kindly choose the option „Troubleshoot problems with installing updates“. It will be automatically checked whether there are issues related to updates.

6. In the option „Restore hidden updates“ you will get the following:

 WS Updates 2008 EN Bild 7

Updates, which you did not install and which were hidden, will be shown in this list and you can decide whether you want to install them.

29Jul/150

How to use the Contabo Backup-Space

Ordering our FTP Backup-Space is always a good choice for saving important data on an external storage.

Using that backup space can be done in many different ways, I will show you some of the most reliable ones.

Please note, that a connection to our backup space can only be established within our datacenter. Therefore, a connection is only possible between your server and the backup server, both are located in our datacenter.

You also need to configure our DNS resolvers, those resolvers are configured as default in any installation - if you changed something and need help setting them up, please contact our support. You can simply test the configuration by using ping on your server: ping backup.contabo.net, if the name is resolved to an IP address, your are using the correct configuration.

Windows:

On our Windows servers you have an graphical user interface (GUI) via RDP, so a third party application such as Filezilla can be used without any annoying configuration steps. In Filezilla you can connect using the information as follows:

Host: backup.contabo.net
Username:
Password:

You should be connected now using encryption and you can transfer all the data you want to save.

winfilezilla

An alternate way is to mount the backup space directly as a network drive.
Open "This PC" where your drives show up and choose "add network location".

Please enter this address:
ftp://<username>:<password>@backup.contabo.net

winftp

winbup

Unfortunately, Windows does not support an implicit FTP encryption, therefore, we highly recommend using some third party FTP client application.

Linux:

On Linux you can either use an FTP client or mount the backup space using some additional software.

Almost any FTP software can be used here, we recommend using lftp which supports encryption via FTP. Depending on your distribution, the necessary package can simply be installed, e.g. by issuing apt-get install lftp .

For the best performance while transferring the data, we recommend creating an archive, e.g.
tar -czf backup.tar.gz /home/File_1 /home/File_2

Now you can conveniently upload your files to the backup space using lftp:

:~# lftp
lftp :~> set ftp:ssl-force true
lftp :~> set ssl:verify-certificate no
lftp :~> connect backup.contabo.net
lftp backup.contabo.net:~> login <Username>
Password:

Since you are now successfully connected to the backup space, create a directory
mkdir backups

and move into.
cd backups

Finally,  you can upload your archive:
put /path_to_file/backup.tar.gz .

Similar to Windows, you can mount the backup space directly into the local file-system structure. On Linux you have several advantages like mounting with encryption. What you need is curlftpfs and some dependencies.

First install those packages from your repository:
apt-get update && apt-get install fuse fuse-utils curlftpfs

On Debian 8 (Ubuntu 16.04) and later the package "fuse-utils" might not be available anymore.

Just enter the following to install all necessary packages and dependencies :

apt update && apt install curlftpfs

For CentOS 7 you need to install the EPEL repository first :

yum install epel-release
yum install curlftpfs

Now create a folder where you want to mount your backup space:
mkdir /mnt/ftp

To avoid other users to see your password in the process overview (top, htop, ps, etc.), you need to put the following information into your .netrc file. This file should be located in your users home directory but might has to be created first.

machine backup.contabo.net
login <username>
password <password>

You can now mount the backup space via FTP with the following command:
curlftpfs -o ssl,no_verify_peer backup.contabo.net /mnt/ftp

On CentOS7 you might experience difficulties when accessing the folder, in that case try remounting the FTP without SSL encryption.

umount /mnt/ftp/ && curlftpfs -o no_verify_peer backup.contabo.net /mnt/ftp

Another option is to start curlftpfs in foreground with the parameter "-f".

curlftpfs -o ssl,no_verify_peer backup.contabo.net /mnt/ftp -f -v

Posted by: Gianni-Donato | Tagged as: , , , , No Comments
13Jul/151

Configuring additional IP addresses

Upon ordering a Dedicated Server or VPS you will receive one IPv4 address and one /64 IPv6 subnet. As an example, this could be the IPv4 address 192.51.100.10 and the IPv6 subnet 2001:0db8:2a02:c200::/64.

Your server comes pre-configured with this IPv4 (192.51.100.10) and one IPv6 address (2001:0db8:2a02:c200:0000:0000:0000:0001). Additional IPv4 addresses can be ordered by contacting us at support@contabo.com or through our homepage when placing an order for a new server. These additional IPv4 address will not be added to your system automatically but will have to be configured manually.

The following will give an overview on how to configure additional IP addresses on the most popular operating systems. The server used in these examples has the primary IPv4 address 192.51.100.10 and will receive the additional IPv4 addresses 192.51.100.42 and 192.0.2.23. As a general rule we recommend configuring these addresses with a netmask of 255.255.255.255 (/32) and /64 respectively and without adding a new gateway.

CentOS 6.x

CentOS has all its network interface configuration files stored in /etc/sysconfig/network-scripts/. In order to configure additional IPv4 addresses, one virtual interface per additional IPv4 address has to be created. If the main interface is e.g. eth0, the virtual interfaces would be named eth0:0, eth0:1, eth0:2 and so on. Their configurations reside in individual configuration files named ifcfg-eth0:0, ifcfg-eth0:1, ifcfg-eth0:2 receptively.

#/etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.51.100.42
NETMASK=255.255.255.255

#/etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.0.2.23
NETMASK=255.255.255.255

Additional IPv6 addresses can be specified using the variable IPV6ADDR_SECONDARIES in the interface's primary configuration file (/etc/sysconfig/network-scripts/ifcfg-eth0 in case of eth0). Multiple addresses are separated by a white space:

#/etc/sysconfig/network-scripts/ifcfg-eth0
...
IPV6ADDR_SECONDARIES=2001:0db8:2a02:c200:0000:0000:0000:0002/64 2001:0db8:2a02:c200:0000:0000:0000:0003/64
...

To apply the changes, restart the network service:

service network restart

CentOS 7.x / Fedora

The network interface configuration files of both CentOS 7.x and Fedora are stored under /etc/sysconfig/network-scripts/. Additional IPv4 addresses can be added to the respective interface's configuration file by using variables of the pattern IPADDR0, IPADDR1, IPADDR2 and PREFIX0, PREFIX1, PREFIX2 etc., in case of e.g. eth0 this would be /etc/sysconfig/network-scripts/ifcfg-eth0:

#/etc/sysconfig/network-scripts/ifcfg-eth0
...
IPADDR0=192.51.100.42
PREFIX0=32
IPADDR1=192.0.2.23
PREFIX1=32
...

The old method using virtual interfaces as employed in CentOS 6.x and described above will also still work.

Additional IPv6 addresses can be specified using the variable IPV6ADDR_SECONDARIES in the interface's primary configuration file (/etc/sysconfig/network-scripts/ifcfg-eth0 in case of eth0). Multiple addresses are separated by a white space:

#/etc/sysconfig/network-scripts/ifcfg-eth0
...
IPV6ADDR_SECONDARIES=2001:0db8:2a02:c200:0000:0000:0000:0002/64 2001:0db8:2a02:c200:0000:0000:0000:0003/64
...

To apply the changes, restart the network service:

service network restart

cPanel

With cPanel there is no need to deal with configuration files. Log in to WHM and navigate to "IP Functions" » "Add a New IP Address". Enter the IP address, select subnet mask 255.255.255.255 and click "Submit":

cpanel-ip

Debian / Ubuntu

Debian's and Ubuntu's network interface configuration is stored in /etc/network/interfaces. Additional IP addresses can be assigned by adding them in separate iface192.51.100.42 and 192.0.2.23 to eth0 whose primary address is 192.51.100.10:

#/etc/network/interfaces
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.51.100.10
netmask 255.255.255.255
gateway 192.51.100.1

iface eth0 inet static
address 192.51.100.42
netmask 255.255.255.255

iface eth0 inet static
address 192.0.2.23
netmask 255.255.255.255
...

Additional IPv6 addresses are configured similarly:

#/etc/network/interfaces
...
iface eth0 inet6 static
address 2001:0db8:2a02:c200:0123:4567:89ab:0001
netmask 112
gateway fe80::1
accept_ra 0
autoconf 0
privext 0


iface eth0 inet6 static
address 2001:0db8:2a02:c200:0000:0000:0000:0002
netmask 64
...

To apply the changes, restart the networking service:

service networking restart

Or:

ifdown eth0; ifup eth0

openSUSE

openSUSE has its network interface configuration files stored under /etc/sysconfig/network/. All settings concerning e.g. eth0 are saved in ifcfg-eth0, additional IPv4 and IPv6 addresses can be added using the pattern IPADDR_1, IPADDR_2, IPADDR_3 etc:

#/etc/sysconfig/network/ifcfg-eth0
...
IPADDR_1='192.51.100.42/32'
IPADDR_2='192.0.2.23/32'
IPADDR_3='2001:0db8:2a02:c200:0000:0000:0000:0002/64'
IPADDR_4='2001:0db8:2a02:c200:0000:0000:0000:0003/64'
...

To apply the changes, restart the network service:

service network restart

Windows Server 2008, 2012 and 2016

Open the "Network and Sharing Center" and click on "Local Area Connection".

In Windows Server 2016:  Open the "Network and Sharing Center" and click on "Ethernet".

ws2008_01

In the newly opened windows, click on "Properties".

ws2008_02

If you want to add an additional IPv4 address, select "Internet Protocol Version 4 (TCP/IPv4)" and click on "Properties".

ws2008_03

In the newly created windows, click on "Advanced..." and in the following one on "Add..." under "IP addresses"

ws2008_05

Enter the new IP address and its netmask into the dialog and then click "Add".

ws2008_06

The new IP address is now active.

ws2008_07

IPv6 addresses can be added similarly by selecting "Internet Protocol Version 6 (TCP/IPv6)":

ws2008_08

ws2008_09

ws2008_12

ws2008_13

4Jul/150

Creating static routes

All traffic in our network has to pass through our core-routers, additionally switch ports are configured in such a way that they only accept ethernet frames with mac addresses originating from these routers. Consequently, no layer-2 traffic is forwarded between switch ports and direct communication between servers, even when on the same subnet, is not possible. If you have multiple servers with us which use IPv4 addresses from the same subnet (usually /24), and you want these servers to exchange traffic between each other, you will have to create static routes on these servers to each other.

The following examples assume that the server with the IPv4 address 192.51.100.10 and the server with the IPv4 address 192.51.100.42 want to communicate with each other.

CentOS

In CentOS, you can add static routes to the route-file of the respective interface. In case of eth0, the file is called route-eth0 and located under /etc/sysconfig/network-scripts/. The below entry on server 192.51.100.10 adds a static to server 192.51.100.42:

#/etc/sysconfig/network-scripts/route-eth0
...
192.51.100.42/32 via 192.51.100.1 dev eth0

Vice versa, the server 192.51.100.42 needs a corresponding route to server 192.51.100.10:

#/etc/sysconfig/network-scripts/route-eth0
...
192.51.100.10/32 via 192.51.100.1 dev eth0

Alternatively, both servers can have a single route added to the whole /24 subnet:

#/etc/sysconfig/network-scripts/route-eth0
...
192.51.100.0/24 via 192.51.100.1 dev eth0

Debian / Ubuntu

Static routes in Debian and Ubuntu are saved to /etc/network/interfaces. Entries are added to the end of the file or under the iface sections of the respective interface. Assuming the interface to be eth0, the entry on server 192.51.100.10 would look like this:

#/etc/network/interfaces
...
up ip route add 192.51.100.42/32 via 192.51.100.1 dev eth0
down ip route del 192.51.100.42/32 via 192.51.100.1 dev eth0

On server 192.51.100.42, this would be the static route to 192.51.100.10:

#/etc/network/interfaces
...
up ip route add 192.51.100.10/32 via 192.51.100.1 dev eth0
down ip route del 192.51.100.10/32 via 192.51.100.1 dev eth0

It is also possible to add a static route to the whole /24 on both servers instead:

#/etc/network/interfaces
...
up ip route add 192.51.100.0/24 via 192.51.100.1 dev eth0
down ip route del 192.51.100.0/24 via 192.51.100.1 dev eth0

openSUSE

Static routes in openSUSE can be set in /etc/sysconfig/network/routes. On server 192.51.100.10, the static route to 192.51.100.42 is as follows:

#/etc/sysconfig/network/routes
...
192.51.100.42/32 192.51.100.1 - eth0

Conversely, the static route on 192.51.100.42 to 192.51.100.10:

#/etc/sysconfig/network/routes
...
192.51.100.10/32 192.51.100.1 - eth0

As an alternative, both servers can have a static route to the whole /24 subnet:

#/etc/sysconfig/network/routes
...
192.51.100.0/24 192.51.100.1 - eth0

Windows Server

To create a static route under Windows Server 2008 or 2012, please open the "Command Prompt" with administrative privileges. On server 192.51.100.10 enter the following:

route -p add 192.51.100.42 mask 255.255.255.255 192.51.100.1

The corresponding entry on server 192.51.100.42 is:

route -p add 192.51.100.10 mask 255.255.255.255 192.51.100.1

Setting the -p option makes the route persistent across reboots. If the route is meant to be temporary, you may omit -p.

Posted by: Andreas | Tagged as: , , , , No Comments