Network¶
Configuration¶
Our networks:- 130.208.209.33 -- 130.208.209.62 Main DevDNS, DMZ, adjustable firewall
- 172.16.0.1 -- 172.16.0.254 NAT through 130.208.209.46
Important! DHCP gets a little confused sometime. Make sure that DHCP_HOST=
is set in the ifconfig-eth0 files or you make get random results!
Router¶
eir.dev.ru.is is our gateway/firewall running shorewall.
If you have to reconnect the machine, consult /etc/shorewall/interfaces
Then to make sure it is the right port, use: ethtool -p <portname> and that port will blink
- eth0 external network (to RU router)
- eth1 dmz (internal segment)
- eth2 private network
- eth3 Not connected
Testing¶
- Bandwidth foley
Security¶
For some added security, denyhosts (http://denyhosts.sourceforge.net/) is installed on servers that allow for ssh login using password.
If you enter the wrong password too often on ssh login your IP address may be blocked (added to /etc/hosts.deny on the respective machine). More information at denyhosts
We are migrating to Kerberos logins to improve security and lessen the impact of a breakin, this project is underway.
Kerberos/AFS Server¶
Backups¶
Connecting to the network¶
Linux¶
- Note: If DHCP is working, you don't need to do this*
- Login as root
- edit
/etc/network/interfaces- Add these lines
iface eth0 inet static address 130.208.209.your_ip netmask 255.255.255.224 gateway 130.208.209.33
- Of note, 130.208.209.35 is our bridge and dns
- The bridge has a DNS alias of
bridge.dev.ru.ist
- Add these lines
- Edit
/etc/resolv.conftonameserver 130.208.209.35
Poking holes in the firewall¶
- login to the bridge (from within the network, e.g., from gryla.dev.objid.net, ssh login to bridge is blocked from outside)
- ssh root@bridge.dev.objid.net
- password 42temp (for now)
- Examine the interfaces
ip addr show
- Edit
/etc/shorewall/rules- format should be obvious from existing entries
- restart shorewall
service shorewall restart
Updated by Joseph Foley over 9 years ago · 1 revisions