linux:servers:dvorak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:servers:dvorak [2012/03/20 18:36] walter |
linux:servers:dvorak [2021/05/02 21:36] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | * In the rack, number 2 on the kvm. | + | ====== Dvorak ====== |
| - | * Local IP: 172.29.0.1 | + | |
| - | * dvorak.cs.uic.edu | + | |
| - | * acm-linux.cs-icl.uic.edu | + | |
| - | * is currently doing package routing for the LAN. | + | |
| - | * Network DHCP Server | + | |
| - | ====== Route to Wireless Subnet ====== | + | This machine acts as the gateway router and [[network:firewall|firewall]] for the ACM Network. It has 2 1Gig copper WAN lines out to the UIC/CS network and 2 10Gig SFP fiber lines for the LAN network(s). |
| - | Since the servers need to provide services to the wireless, 10.0.0.0/24, subnet and since they have static networking a a default route out their external IPs, a new routing table, route, and rules need to be added in order to let them talk to the wireless subnet. **This only applies to machines that do not have the same default route as the one handed out by DHCP** | + | ====== WAN Interfaces ====== |
| - | Create a new routing table | + | [[https://acm.cs.uic.edu/wiki/network:public_ip_and_hostname_list]] |
| - | <code> | + | |
| - | echo 1 wireless >> /etc/iproute2/rt_tables | + | |
| - | </code> | + | |
| - | Add the routing rule to the new table | + | ^ Interface ^ Hostname ^ Host ^ Notes ^ |
| - | <code> | + | | wmac0 | dvorak.cs.uic.edu | dvorak.acm.cs | LAN Gateway | |
| - | ip route add default via 172.29.0.1 dev <lan dev> table wireless | + | | wmac1 | acm.cs.uic.edu (lug/acm.eecs/swe) | chopin.acm.cs | | |
| - | </code> | + | | wmac2 | hans.cs.uic.edu | hans.acm.cs | | |
| + | | wmac3 | brink.cs.uic.edu | brink.acm.cs | | | ||
| + | | wmac4 | cuda.cs.uic.edu | cuda.acm.cs | | | ||
| + | | wmac5 | linux.cs.uic.edu | medusa.acm.cs | | | ||
| + | | wmac6 | sigbuild.cs.uic.edu | dvorak.acm.cs | | | ||
| + | | wmac7 | siggame.cs.uic.edu | dvorak.acm.cs | | | ||
| - | Add routing rules | + | ===== How to setup a WAN interface ===== |
| - | <code> | + | |
| - | ip rule add to 10.0.0.0/24 dev <lan dev> table wireless | + | |
| - | ip rule add from 10.0.0.0/24 dev <lan dev> table wireless | + | |
| - | </code> | + | |
| - | Add these to the POST_UP command in the netcfg profile or equivalent system so that the rules are set a boot time. | + | //If for some reason the MAC address is not registered with the UIC DHCP server for the desired hostname, you must contact UIC CS Support to register the address you wish to use.// Otherwise, collect the MAC address registered for that hostname from the config book in the server room. Adding the interface and activating it is then as simple putting the MAC address into the example config below, picking a network device name, and activating it with the //netctl// command. |
| - | ====== Router Configuration ====== | + | <file|/etc/netctl/file_name> |
| + | Description='Virtual LAN with a static MAC on interface wmac0 using DHCP' | ||
| + | Interface=wmacX | ||
| + | Connection=macvlan | ||
| + | BindsToInterfaces=wan0 | ||
| + | Mode="bridge" | ||
| + | MACAddress="XX:XX:XX:XX:XX:XX" | ||
| + | IP=dhcp | ||
| + | TimeoutDHCP=240 | ||
| + | DHCPReleaseOnStop="yes" | ||
| + | </file> | ||
| + | <WRAP center round info 60%> | ||
| + | Afterwards, proceed to the [[network:firewall|firewall]] page to configure routing and the firewall. | ||
| + | </WRAP> | ||
| - | iptables config script for basic sharing setup | ||
| - | <file> | ||
| - | #!/bin/bash | ||
| - | ipt="/usr/sbin/iptables" | + | ===== If you Restarted the Server... ===== |
| - | #Vars | + | |
| - | $WAN_IFACE="wan0" | + | |
| - | $WAN_IFACE_BAK="wan1" | + | |
| - | $SOURCE_IP="131.193.17.26"" | + | |
| - | $SOURCE_IP_BAK="131.193.35.164" | + | |
| - | #Flush active rules and delete custom chains | + | |
| - | $ipt -F | + | |
| - | $ipt -t nat -F | + | |
| - | $ipt -t mangle -F | + | |
| - | $ipt -X | + | |
| - | $ipt -t nat -X | + | |
| - | $ipt -t mangle -X | + | |
| - | #Set default policies | + | <WRAP center round info 60%> |
| - | $ipt -P INPUT ACCEPT | + | - Don't do it again. |
| - | $ipt -P FORWARD ACCEPT | + | - Reacquire IP addresses from DHCP with: ''sudo dhcpcd -t 0 -4 wmac1''. |
| - | $ipt -P OUTPUT ACCEPT | + | - DO NOT do it again. |
| - | $ipt -t nat -P OUTPUT ACCEPT | + | </WRAP> |
| - | $ipt -t nat -P PREROUTING ACCEPT | + | |
| - | $ipt -t nat -P POSTROUTING ACCEPT | + | |
| - | $ipt -t mangle -P PREROUTING ACCEPT | + | |
| - | $ipt -t mangle -P POSTROUTING ACCEPT | + | |
| - | + | ||
| - | #loopback sanitity check | + | |
| - | $ipt -A INPUT -i lo -j ACCEPT | + | |
| - | $ipt -A OUTPUT -o lo -j ACCEPT | + | |
| - | + | ||
| - | #rewrite rule | + | |
| - | $ipt -t nat -A POSTROUTING -o $WAN_IFACE -j SNAT --to-source $SOURCE_IP | + | |
| - | $ipt -t nat -A POSTROUTING -o $WAN_IFACE_BAK -j SNAT --to-source $SOURCE_IP_BAK | + | |
| - | </file> | + | |
| - | ====== Links ====== | ||
| - | [[http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/]] | ||
linux/servers/dvorak.1332268596.txt.gz · Last modified: 2021/05/02 21:36 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
