Network » History » Version 1
Joseph Foley, 2015-09-05 03:02
| 1 | 1 | Joseph Foley | h1. Network |
|---|---|---|---|
| 2 | |||
| 3 | h2. Configuration |
||
| 4 | |||
| 5 | Our networks: |
||
| 6 | * 130.208.209.33 -- 130.208.209.62 Main DevDNS, DMZ, adjustable firewall |
||
| 7 | * 172.16.0.1 -- 172.16.0.254 NAT through 130.208.209.46 |
||
| 8 | |||
| 9 | Important! DHCP gets a little confused sometime. Make sure that DHCP_HOST= |
||
| 10 | is set in the @ifconfig-eth0@ files or you make get random results! |
||
| 11 | |||
| 12 | h2. Router |
||
| 13 | |||
| 14 | @eir.dev.ru.is@ is our gateway/firewall running shorewall. |
||
| 15 | If you have to reconnect the machine, consult @/etc/shorewall/interfaces@ |
||
| 16 | Then to make sure it is the right port, use: @ethtool -p <portname>@ and that port will blink |
||
| 17 | |||
| 18 | As of 2012-10-04: |
||
| 19 | * eth0 external network (to RU router) |
||
| 20 | * eth1 dmz (internal segment) |
||
| 21 | * eth2 private network |
||
| 22 | * eth3 Not connected |
||
| 23 | |||
| 24 | h2. Testing |
||
| 25 | |||
| 26 | * [[Bandwidth]] foley |
||
| 27 | |||
| 28 | h2. Security |
||
| 29 | |||
| 30 | For some added security, denyhosts (http://denyhosts.sourceforge.net/) is installed on servers that allow for ssh login using password. |
||
| 31 | If you enter the wrong password too often on ssh login your IP address may be blocked (added to /etc/hosts.deny on the respective machine). More information at [[denyhosts]] |
||
| 32 | |||
| 33 | We are migrating to Kerberos logins to improve security and lessen the impact of a breakin, this project is underway. |
||
| 34 | |||
| 35 | |||
| 36 | h2. [[Kerberos/AFS Server]] |
||
| 37 | |||
| 38 | h2. [[Backups]] |
||
| 39 | |||
| 40 | |||
| 41 | |||
| 42 | h2. Connecting to the network |
||
| 43 | |||
| 44 | h3. Linux |
||
| 45 | |||
| 46 | * Note: If DHCP is working, you don't need to do this* |
||
| 47 | |||
| 48 | # Login as root |
||
| 49 | # edit @/etc/network/interfaces@ |
||
| 50 | ## Add these lines <pre>iface eth0 inet static |
||
| 51 | address 130.208.209.your_ip |
||
| 52 | netmask 255.255.255.224 |
||
| 53 | gateway 130.208.209.33 |
||
| 54 | </pre> |
||
| 55 | ## Of note, 130.208.209.35 is our bridge and dns |
||
| 56 | ## The bridge has a DNS alias of @bridge.dev.ru.ist@ |
||
| 57 | # Edit @/etc/resolv.conf@ to<pre>nameserver 130.208.209.35</pre> |
||
| 58 | |||
| 59 | h3. Poking holes in the firewall |
||
| 60 | |||
| 61 | # login to the bridge (from within the network, e.g., from gryla.dev.objid.net, ssh login to bridge is blocked from outside) |
||
| 62 | # ssh root@bridge.dev.objid.net |
||
| 63 | ## password 42temp (for now) |
||
| 64 | # Examine the interfaces <pre> ip addr show </pre> |
||
| 65 | # Edit @/etc/shorewall/rules@ |
||
| 66 | ## format should be obvious from existing entries |
||
| 67 | # restart shorewall |
||
| 68 | <pre> service shorewall restart</pre> |