Difference between revisions of "Networkbak"

From Whitespace (Hackerspace Gent)
Jump to: navigation, search
(DHCP Service on Kimball)
(Blanked the page)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Project
 
|Current=Yes
 
|Participants=cedric
 
|Locations=0x20
 
|Short description=Documenting network stuff at 0x20
 
}}
 
= intro =
 
'''''This page was created for the sole purpose of creating clarity in the networking thingies at 0x20.'''''
 
  
== The schema ==
 
'''''note: ''' This schema accepts patches. You can find the .dia-file (sudo apt-get install dia) at http://members.0x20.be/cedric/Network_0x20.dia
 
[[File:VPN_0x20.png]]
 
 
= Sites =
 
== Whitespace ==
 
Whitespace, our hackerspace, has a LAN which connects local machines in the '''network 172.22.32.0/24'''. We provide ethernet and Wifi access to connect to the network.
 
== IBBT ==
 
Our friends from IBBT (http://www.ibbt.be) have provided us with a virtual server in their data center, which is '''awesome!''' It has a massive internet connection and that is why this server is often referred to as "Big Pipe"<ref>[[Big_pipe_server|Big pipe server]]</ref>.
 
= VPN =
 
To link 2 locations you have 2 options:
 
# Provide your own infrastructure: connect the two sites with a physical cable
 
# Use existing infrastructure to connect the two sites: connect through the interwebs
 
For a whole bunch of reasons, option #1 is a bit impractical, so the way to go is through the interwebs.
 
That is exactly what is done between 0x20 and IBBT, we've created a so called Virtual Private Network or VPN, which in this case is nothing more than a point-to-point tunnel over the internet connecting 0x20 and IBBT in the same private network. This setup is documented in project OpenVPN<ref>[[OpenVPN|Project OpenVPN]]</ref>.
 
 
= LAN @ 0x20 =
 
I'm currently in the process of creating a new intranet at 0x20 with server [[Kimball]] as the central server for DHCP, DNS and Routing.
 
== Network interfaces on Kimball ==
 
Kimball has two network interfaces:
 
<pre>
 
# The primary network interface
 
# eth0 is the WAN-side of our router and takes an IP from the old 0x20 network over DHCP
 
auto eth0
 
iface eth0 inet dhcp
 
 
# eth1 is the LAN-side of our router. It has a static ip and currently it uses Soekris as DNS server
 
auto eth1
 
iface eth1 inet static
 
address 172.22.42.1
 
gateway 172.22.42.1
 
netmask 255.255.255.0
 
network 172.22.42.0
 
broadcast 172.22.42.255
 
nameserver 172.22.32.14
 
</pre>
 
 
== Routing Configuration on Kimball ==
 
<pre>
 
Kernel IP routing table
 
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
 
default        soekris.0x20.be 0.0.0.0        UG    0      0        0 eth0
 
172.22.32.0    *              255.255.255.0  U    0      0        0 eth0
 
172.22.42.0    *              255.255.255.0  U    0      0        0 eth1
 
</pre>
 
 
== DHCP Service on Kimball ==
 
Kimball is configured to provide Dynamic Host Configuration to hosts on the eth1 (LAN) side of the network. The configuration can be found in '''''/etc/dhcp/dhcpd.conf''''':
 
<pre>
 
# The ddns-updates-style parameter controls whether or not the server will
 
# attempt to do a DNS update when a lease is confirmed. We default to the
 
# behavior of the version 2 packages ('none', since DHCP v2 didn't
 
# have support for DDNS.)
 
ddns-update-style none;
 
 
# option definitions common to all supported networks...
 
option domain-name "0x20.be";
 
option domain-name-servers 172.22.32.14;
 
 
default-lease-time 6000;
 
max-lease-time 7200;
 
 
# If this DHCP server is the official DHCP server for the local
 
# network, the authoritative directive should be uncommented.
 
#authoritative;
 
 
# Use this to send dhcp log messages to a different log file (you also
 
# have to hack syslog.conf to complete the redirection).
 
log-facility local7;
 
 
subnet 172.22.42.0 netmask 255.255.255.0 {
 
        option routers 172.22.42.1;
 
        option subnet-mask 255.255.255.0;
 
        option ip-forwarding off;
 
        range dynamic-bootp 172.22.42.100 172.22.42.200;
 
        default-lease-time 21600;
 
        max-lease-time 43200;
 
}
 
</pre>
 
 
As you can see, Kimball hosts the '''172.22.42.0/24''' network and also acts as it's default gateway on 172.22.42.1 which is it's own static address on eth1. At the moment we provide the '''range 172.22.42.100-172.22.42.200''' for DHCP.
 
 
I also had to tell dhcpd to listen for DHCP-requests on eth1 instead of on eth0. For this I updated the file '''/etc/default/isc-dhcp-server''':
 
<pre>
 
# Defaults for dhcp initscript
 
# sourced by /etc/init.d/dhcp
 
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
 
 
#
 
# This is a POSIX shell fragment
 
#
 
 
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 
#      Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 
INTERFACES="eth1"
 
</pre>
 
 
 
= References =
 
<references/>
 

Latest revision as of 19:42, 25 June 2014