Difference between revisions of "Networkbak"

From Whitespace (Hackerspace Gent)
Jump to: navigation, search
(The schema)
m (Piet moved page OLD Network page to Network over redirect)
(7 intermediate revisions by 3 users not shown)
Line 17: Line 17:
 
== IBBT ==
 
== IBBT ==
 
Our friends from IBBT (http://www.ibbt.be) have provided us with a virtual server in their data center, which is '''awesome!''' It has a massive internet connection and that is why this server is often referred to as "Big Pipe"<ref>[[Big_pipe_server|Big pipe server]]</ref>.
 
Our friends from IBBT (http://www.ibbt.be) have provided us with a virtual server in their data center, which is '''awesome!''' It has a massive internet connection and that is why this server is often referred to as "Big Pipe"<ref>[[Big_pipe_server|Big pipe server]]</ref>.
 +
= VPN =
 +
To link 2 locations you have 2 options:
 +
# Provide your own infrastructure: connect the two sites with a physical cable
 +
# Use existing infrastructure to connect the two sites: connect through the interwebs
 +
For a whole bunch of reasons, option #1 is a bit impractical, so the way to go is through the interwebs.
 +
That is exactly what is done between 0x20 and IBBT, we've created a so called Virtual Private Network or VPN, which in this case is nothing more than a point-to-point tunnel over the internet connecting 0x20 and IBBT in the same private network. This setup is documented in project OpenVPN<ref>[[OpenVPN|Project OpenVPN]]</ref>.
 +
 +
= LAN @ 0x20 =
 +
I'm currently in the process of creating a new intranet at 0x20 with server [[Kimball]] as the central server for DHCP, DNS and Routing.
 +
== Network interfaces on Kimball ==
 +
Kimball has two network interfaces:
 +
<pre>
 +
# The primary network interface
 +
# eth0 is the WAN-side of our router and takes an IP from the old 0x20 network over DHCP
 +
auto eth0
 +
iface eth0 inet dhcp
 +
 +
# eth1 is the LAN-side of our router. It has a static ip and currently it uses Soekris as DNS server
 +
auto eth1
 +
iface eth1 inet static
 +
address 172.22.42.1
 +
gateway 172.22.42.1
 +
netmask 255.255.255.0
 +
network 172.22.42.0
 +
broadcast 172.22.42.255
 +
nameserver 172.22.32.14
 +
</pre>
 +
 +
== Routing Configuration on Kimball ==
 +
<pre>
 +
Kernel IP routing table
 +
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
 +
default        soekris.0x20.be 0.0.0.0        UG    0      0        0 eth0
 +
172.22.32.0    *              255.255.255.0  U    0      0        0 eth0
 +
172.22.42.0    *              255.255.255.0  U    0      0        0 eth1
 +
</pre>
 +
 +
== DHCP Service on Kimball ==
 +
Kimball is configured to provide Dynamic Host Configuration to hosts on the eth1 (LAN) side of the network. The configuration can be found in '''''/etc/dhcp/dhcpd.conf''''':
 +
<pre>
 +
# The ddns-updates-style parameter controls whether or not the server will
 +
# attempt to do a DNS update when a lease is confirmed. We default to the
 +
# behavior of the version 2 packages ('none', since DHCP v2 didn't
 +
# have support for DDNS.)
 +
ddns-update-style none;
 +
 +
# option definitions common to all supported networks...
 +
option domain-name "0x20.be";
 +
option domain-name-servers 172.22.32.14;
 +
 +
default-lease-time 6000;
 +
max-lease-time 7200;
 +
 +
# If this DHCP server is the official DHCP server for the local
 +
# network, the authoritative directive should be uncommented.
 +
#authoritative;
 +
 +
# Use this to send dhcp log messages to a different log file (you also
 +
# have to hack syslog.conf to complete the redirection).
 +
log-facility local7;
 +
 +
subnet 172.22.42.0 netmask 255.255.255.0 {
 +
        option routers 172.22.42.1;
 +
        option subnet-mask 255.255.255.0;
 +
        option ip-forwarding off;
 +
        range dynamic-bootp 172.22.42.100 172.22.42.200;
 +
        default-lease-time 21600;
 +
        max-lease-time 43200;
 +
}
 +
</pre>
 +
 +
As you can see, Kimball hosts the '''172.22.42.0/24''' network and also acts as it's default gateway on 172.22.42.1 which is it's own static address on eth1. At the moment we provide the '''range 172.22.42.100-172.22.42.200''' for DHCP.
 +
 +
I also had to tell dhcpd to listen for DHCP-requests on eth1 instead of on eth0. For this I updated the file '''/etc/default/isc-dhcp-server''':
 +
<pre>
 +
# Defaults for dhcp initscript
 +
# sourced by /etc/init.d/dhcp
 +
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
 +
 +
#
 +
# This is a POSIX shell fragment
 +
#
 +
 +
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 +
#      Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 +
INTERFACES="eth1"
 +
</pre>
 +
  
 
= References =
 
= References =
 
<references/>
 
<references/>

Revision as of 14:59, 6 November 2012


Networkbak
WhitespaceLogo.gif
What:
Documenting network stuff at 0x20
Participants:
cedric
Locations:
0x20
Cornify

intro

This page was created for the sole purpose of creating clarity in the networking thingies at 0x20.

The schema

note: This schema accepts patches. You can find the .dia-file (sudo apt-get install dia) at http://members.0x20.be/cedric/Network_0x20.dia VPN 0x20.png

Sites

Whitespace

Whitespace, our hackerspace, has a LAN which connects local machines in the network 172.22.32.0/24. We provide ethernet and Wifi access to connect to the network.

IBBT

Our friends from IBBT (http://www.ibbt.be) have provided us with a virtual server in their data center, which is awesome! It has a massive internet connection and that is why this server is often referred to as "Big Pipe"<ref>Big pipe server</ref>.

VPN

To link 2 locations you have 2 options:

  1. Provide your own infrastructure: connect the two sites with a physical cable
  2. Use existing infrastructure to connect the two sites: connect through the interwebs

For a whole bunch of reasons, option #1 is a bit impractical, so the way to go is through the interwebs. That is exactly what is done between 0x20 and IBBT, we've created a so called Virtual Private Network or VPN, which in this case is nothing more than a point-to-point tunnel over the internet connecting 0x20 and IBBT in the same private network. This setup is documented in project OpenVPN<ref>Project OpenVPN</ref>.

LAN @ 0x20

I'm currently in the process of creating a new intranet at 0x20 with server Kimball as the central server for DHCP, DNS and Routing.

Network interfaces on Kimball

Kimball has two network interfaces:

# The primary network interface
# eth0 is the WAN-side of our router and takes an IP from the old 0x20 network over DHCP
auto eth0
iface eth0 inet dhcp

# eth1 is the LAN-side of our router. It has a static ip and currently it uses Soekris as DNS server
auto eth1
iface eth1 inet static
address 172.22.42.1
gateway 172.22.42.1
netmask 255.255.255.0
network 172.22.42.0
broadcast 172.22.42.255
nameserver 172.22.32.14

Routing Configuration on Kimball

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         soekris.0x20.be 0.0.0.0         UG    0      0        0 eth0
172.22.32.0     *               255.255.255.0   U     0      0        0 eth0
172.22.42.0     *               255.255.255.0   U     0      0        0 eth1

DHCP Service on Kimball

Kimball is configured to provide Dynamic Host Configuration to hosts on the eth1 (LAN) side of the network. The configuration can be found in /etc/dhcp/dhcpd.conf:

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "0x20.be";
option domain-name-servers 172.22.32.14;

default-lease-time 6000;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

subnet 172.22.42.0 netmask 255.255.255.0 {
        option routers 172.22.42.1;
        option subnet-mask 255.255.255.0;
        option ip-forwarding off;
        range dynamic-bootp 172.22.42.100 172.22.42.200;
        default-lease-time 21600;
        max-lease-time 43200;
}

As you can see, Kimball hosts the 172.22.42.0/24 network and also acts as it's default gateway on 172.22.42.1 which is it's own static address on eth1. At the moment we provide the range 172.22.42.100-172.22.42.200 for DHCP.

I also had to tell dhcpd to listen for DHCP-requests on eth1 instead of on eth0. For this I updated the file /etc/default/isc-dhcp-server:

# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/isc-dhcp-server by the maintainer scripts

#
# This is a POSIX shell fragment
#

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth1"


References

<references/>