linux:servers:dvorak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:servers:dvorak [2012/03/12 21:32] walter |
linux:servers:dvorak [2021/05/02 21:36] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | * In the rack, number 2 on the kvm. | + | ====== Dvorak ====== |
| - | * Local IP: 172.29.0.1 | + | |
| - | * dvorak.cs.uic.edu | + | |
| - | * acm-linux.cs-icl.uic.edu | + | |
| - | * is currently doing package routing for the LAN. | + | |
| - | ====== Route to Wireless Subnet ====== | + | |
| - | Since the servers need to provide services to the wireless, 10.0.0.0/24, subnet and since they have static networking a a default route out their external IPs, a new routing table, route, and rules need to be added in order to let them talk to the wireless subnet. **This only applies to machines that do not have the same default route as the one handed out by DHCP** | + | This machine acts as the gateway router and [[network:firewall|firewall]] for the ACM Network. It has 2 1Gig copper WAN lines out to the UIC/CS network and 2 10Gig SFP fiber lines for the LAN network(s). |
| - | Create a new routing table | + | ====== WAN Interfaces ====== |
| - | <code> | + | |
| - | echo 1 wireless >> /etc/iproute2/rt_tables | + | |
| - | </code> | + | |
| - | Add the routing rule to the new table | + | [[https://acm.cs.uic.edu/wiki/network:public_ip_and_hostname_list]] |
| - | <code> | + | |
| - | ip route add default via 172.29.0.1 dev <lan dev> table wireless | + | |
| - | </code> | + | |
| - | Add routing rules | + | ^ Interface ^ Hostname ^ Host ^ Notes ^ |
| - | <code | + | | wmac0 | dvorak.cs.uic.edu | dvorak.acm.cs | LAN Gateway | |
| - | ip rule add to 10.0.0.0/24 dev <lan dev> table wireless | + | | wmac1 | acm.cs.uic.edu (lug/acm.eecs/swe) | chopin.acm.cs | | |
| - | ip rule add from 10.0.0.0/24 dev <lan dev> table wireless | + | | wmac2 | hans.cs.uic.edu | hans.acm.cs | | |
| - | </code> | + | | wmac3 | brink.cs.uic.edu | brink.acm.cs | | |
| + | | wmac4 | cuda.cs.uic.edu | cuda.acm.cs | | | ||
| + | | wmac5 | linux.cs.uic.edu | medusa.acm.cs | | | ||
| + | | wmac6 | sigbuild.cs.uic.edu | dvorak.acm.cs | | | ||
| + | | wmac7 | siggame.cs.uic.edu | dvorak.acm.cs | | | ||
| - | Add these to the POST_UP command in the netcfg profile or equivalent system so that the rules are set a boot time. | + | ===== How to setup a WAN interface ===== |
| - | ====== Router Configuration ====== | + | //If for some reason the MAC address is not registered with the UIC DHCP server for the desired hostname, you must contact UIC CS Support to register the address you wish to use.// Otherwise, collect the MAC address registered for that hostname from the config book in the server room. Adding the interface and activating it is then as simple putting the MAC address into the example config below, picking a network device name, and activating it with the //netctl// command. |
| - | iptables config script for basic sharing setup | + | <file|/etc/netctl/file_name> |
| - | <file> | + | Description='Virtual LAN with a static MAC on interface wmac0 using DHCP' |
| - | #!/bin/bash | + | Interface=wmacX |
| + | Connection=macvlan | ||
| + | BindsToInterfaces=wan0 | ||
| + | Mode="bridge" | ||
| + | MACAddress="XX:XX:XX:XX:XX:XX" | ||
| + | IP=dhcp | ||
| + | TimeoutDHCP=240 | ||
| + | DHCPReleaseOnStop="yes" | ||
| + | </file> | ||
| + | <WRAP center round info 60%> | ||
| + | Afterwards, proceed to the [[network:firewall|firewall]] page to configure routing and the firewall. | ||
| + | </WRAP> | ||
| - | ipt="/usr/sbin/iptables" | ||
| - | #Vars | ||
| - | $WAN_IFACE="wan0" | ||
| - | $WAN_IFACE_BAK="wan1" | ||
| - | $SOURCE_IP="131.193.17.26"" | ||
| - | $SOURCE_IP_BAK="131.193.35.164" | ||
| - | #Flush active rules and delete custom chains | ||
| - | $ipt -F | ||
| - | $ipt -t nat -F | ||
| - | $ipt -t mangle -F | ||
| - | $ipt -X | ||
| - | $ipt -t nat -X | ||
| - | $ipt -t mangle -X | ||
| - | #Set default policies | + | ===== If you Restarted the Server... ===== |
| - | $ipt -P INPUT ACCEPT | + | |
| - | $ipt -P FORWARD ACCEPT | + | |
| - | $ipt -P OUTPUT ACCEPT | + | |
| - | $ipt -t nat -P OUTPUT ACCEPT | + | |
| - | $ipt -t nat -P PREROUTING ACCEPT | + | |
| - | $ipt -t nat -P POSTROUTING ACCEPT | + | |
| - | $ipt -t mangle -P PREROUTING ACCEPT | + | |
| - | $ipt -t mangle -P POSTROUTING ACCEPT | + | |
| - | #loopback sanitity check | + | <WRAP center round info 60%> |
| - | $ipt -A INPUT -i lo -j ACCEPT | + | - Don't do it again. |
| - | $ipt -A OUTPUT -o lo -j ACCEPT | + | - Reacquire IP addresses from DHCP with: ''sudo dhcpcd -t 0 -4 wmac1''. |
| - | + | - DO NOT do it again. | |
| - | #rewrite rule | + | </WRAP> |
| - | $ipt -t nat -A POSTROUTING -o $WAN_IFACE -j SNAT --to-source $SOURCE_IP | + | |
| - | $ipt -t nat -A POSTROUTING -o $WAN_IFACE_BAK -j SNAT --to-source $SOURCE_IP_BAK | + | |
| - | </file> | + | |
| - | ====== Links ====== | ||
| - | [[http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/]] | ||
linux/servers/dvorak.1331587943.txt.gz · Last modified: 2021/05/02 21:36 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
