linux:servers:dvorak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:servers:dvorak [2015/01/16 22:19] walter [Details and Roles] |
linux:servers:dvorak [2021/05/02 21:36] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Details and Roles ====== | + | ====== Dvorak ====== |
| - | * In the rack, number 2 on the kvm. | + | This machine acts as the gateway router and [[network:firewall|firewall]] for the ACM Network. It has 2 1Gig copper WAN lines out to the UIC/CS network and 2 10Gig SFP fiber lines for the LAN network(s). |
| - | * Local IP: 172.29.0.1 | + | |
| - | * dvorak.cs.uic.edu | + | |
| - | * Router | + | |
| - | * DHCP Serve | + | |
| - | * DNAT for cuda, brink, and hans IPs | + | |
| - | ====== Route to Wireless Subnet ====== | + | ====== WAN Interfaces ====== |
| - | Since the servers need to provide services to the wireless, 10.0.0.0/24, subnet and since they have static networking a a default route out their external IPs, a new routing table, route, and rules need to be added in order to let them talk to the wireless subnet. **This only applies to machines that do not have the same default route as the one handed out by DHCP** | + | [[https://acm.cs.uic.edu/wiki/network:public_ip_and_hostname_list]] |
| - | Create a new routing table | + | ^ Interface ^ Hostname ^ Host ^ Notes ^ |
| - | <code> | + | | wmac0 | dvorak.cs.uic.edu | dvorak.acm.cs | LAN Gateway | |
| - | echo 1 wireless >> /etc/iproute2/rt_tables | + | | wmac1 | acm.cs.uic.edu (lug/acm.eecs/swe) | chopin.acm.cs | | |
| - | </code> | + | | wmac2 | hans.cs.uic.edu | hans.acm.cs | | |
| + | | wmac3 | brink.cs.uic.edu | brink.acm.cs | | | ||
| + | | wmac4 | cuda.cs.uic.edu | cuda.acm.cs | | | ||
| + | | wmac5 | linux.cs.uic.edu | medusa.acm.cs | | | ||
| + | | wmac6 | sigbuild.cs.uic.edu | dvorak.acm.cs | | | ||
| + | | wmac7 | siggame.cs.uic.edu | dvorak.acm.cs | | | ||
| - | Add the routing rule to the new table | + | ===== How to setup a WAN interface ===== |
| - | <code> | + | |
| - | ip route add default via 172.29.0.1 dev <lan dev> table wireless | + | |
| - | </code> | + | |
| - | Add routing rules | + | //If for some reason the MAC address is not registered with the UIC DHCP server for the desired hostname, you must contact UIC CS Support to register the address you wish to use.// Otherwise, collect the MAC address registered for that hostname from the config book in the server room. Adding the interface and activating it is then as simple putting the MAC address into the example config below, picking a network device name, and activating it with the //netctl// command. |
| - | <code> | + | |
| - | ip rule add to 10.0.0.0/24 dev <lan dev> table wireless | + | |
| - | ip rule add from 10.0.0.0/24 dev <lan dev> table wireless | + | |
| - | </code> | + | |
| - | Add these to the POST_UP command in the netcfg profile or equivalent system so that the rules are set a boot time. | + | <file|/etc/netctl/file_name> |
| + | Description='Virtual LAN with a static MAC on interface wmac0 using DHCP' | ||
| + | Interface=wmacX | ||
| + | Connection=macvlan | ||
| + | BindsToInterfaces=wan0 | ||
| + | Mode="bridge" | ||
| + | MACAddress="XX:XX:XX:XX:XX:XX" | ||
| + | IP=dhcp | ||
| + | TimeoutDHCP=240 | ||
| + | DHCPReleaseOnStop="yes" | ||
| + | </file> | ||
| + | <WRAP center round info 60%> | ||
| + | Afterwards, proceed to the [[network:firewall|firewall]] page to configure routing and the firewall. | ||
| + | </WRAP> | ||
| - | ====== Router Configuration ====== | ||
| - | iptables config script for basic sharing setup | + | ===== If you Restarted the Server... ===== |
| - | <file> | + | |
| - | #!/bin/bash | + | |
| - | ipt="/usr/sbin/iptables" | + | <WRAP center round info 60%> |
| - | #Vars | + | - Don't do it again. |
| - | $WAN_IFACE="wan0" | + | - Reacquire IP addresses from DHCP with: ''sudo dhcpcd -t 0 -4 wmac1''. |
| - | $WAN_IFACE_BAK="wan1" | + | - DO NOT do it again. |
| - | $SOURCE_IP="131.193.17.26"" | + | </WRAP> |
| - | $SOURCE_IP_BAK="131.193.35.164" | + | |
| - | #Flush active rules and delete custom chains | + | |
| - | $ipt -F | + | |
| - | $ipt -t nat -F | + | |
| - | $ipt -t mangle -F | + | |
| - | $ipt -X | + | |
| - | $ipt -t nat -X | + | |
| - | $ipt -t mangle -X | + | |
| - | + | ||
| - | #Set default policies | + | |
| - | $ipt -P INPUT ACCEPT | + | |
| - | $ipt -P FORWARD ACCEPT | + | |
| - | $ipt -P OUTPUT ACCEPT | + | |
| - | $ipt -t nat -P OUTPUT ACCEPT | + | |
| - | $ipt -t nat -P PREROUTING ACCEPT | + | |
| - | $ipt -t nat -P POSTROUTING ACCEPT | + | |
| - | $ipt -t mangle -P PREROUTING ACCEPT | + | |
| - | $ipt -t mangle -P POSTROUTING ACCEPT | + | |
| - | + | ||
| - | #loopback sanitity check | + | |
| - | $ipt -A INPUT -i lo -j ACCEPT | + | |
| - | $ipt -A OUTPUT -o lo -j ACCEPT | + | |
| - | + | ||
| - | #rewrite rule | + | |
| - | $ipt -t nat -A POSTROUTING -o $WAN_IFACE -j SNAT --to-source $SOURCE_IP | + | |
| - | $ipt -t nat -A POSTROUTING -o $WAN_IFACE_BAK -j SNAT --to-source $SOURCE_IP_BAK | + | |
| - | </file> | + | |
| - | ====== Links ====== | ||
| - | [[http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/]] | ||
linux/servers/dvorak.1421446798.txt.gz · Last modified: 2021/05/02 21:36 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
