FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-07-2010, 07:11 PM
 
Default My LANs and WAN; was Re (4): routing

From: lee <lee@yun.yagibdah.d.>
Date: Sat, 30 Oct 2010 17:09:36 +0200
> What's the purpose of having "various machines" connected via a modem?

There are two sites from which I use a dial-up modem connection.
There is a machine at each site. The diagram does not depict
these machines individually.

> Then I'd change the cabling, i. e. get a switch or, if none is
> available, use the hub instead. Plug the switch/hub into eth1 on
> Dalton.
>
> Simplify IPs, ...

Most cpu cycles on Dalton and Joule are idle. I wouldn't be surpised
to find that 99% of cycles are unused. My intention is to let
Dalton and Joule do the routing and to minimize the hardware
running 24/7. That is why NetworkProposed.jpg shows Dalton bridging
to Carnot and no AT 3612TR hub.

The arrangement of subnets 172.23.n.1-172.23.n.2 on Joule and
172.24.n.1-172.24.n.2 on Dalton was suggested in this list a few
years back. If you are interested I can hunt for the message.

> Set up a nameserver on Dalton.

dnsmasq has been running on Dalton and Joule for at least a year.

> I take it that 142.103.107.137 is the public IP ...

142.103.107.137, 142.103.107.138 and 142.103.107.139 are for
my use. Currently Dalton uses 142.103.107.137 and Carnot uses
142.103.107.138. 142.103.107.139 isn't used routinely.

> Then for Dalton it's
>
> zones: ...

Shorewall works well on Dalton and Joule as it is, but yes,
reviewing to find further simplifications is a good idea.

> Now for the VPN, it is most important to remember that every machine
> that needs to be reachable through the VPN MUST have (a second) IP
> address for that. You can give several IPs to the same physical
> interface.

In the Extant Network, Curie is the only subnetted machine which
runs a server; it has an FTP server. Documentation gave me the
impression that routing would allow Cantor to FTP a file from
Curie. The routing is specified in the OpenVPN configuration
files. Here are extracts.
# dalton:/etc/openvpn/myvpn.conf
# Curie
route 172.23.4.2
# joule:/etc/openvpn/myvpn.conf
# Cantor.
route 172.24.1.2
I've never tested this connection but can test later this week.

> You could use another subnet for the VPN, like 192.168.150.0/24.

I have no complaints against the VPN as it is.

> Carnot would have an interface eth0:1 with the IP
> 192.168.150.10 and Dalton would have eth1:1 with 192.168.150.1. Dalton
> would be the gateway for Carnot for eth0:1.

As mentioned previously, the bridge to Carnot suggested by Jesus Navarro
worked, although a problem appeared for Cantor. I'll try it again
when there is time to spare and will pay attention to virtual interfaces.

I've tried to reply to all of your comments and suggestions in message
<20101030150936.GP4736@yun.yagibdah.de>. If you find that I've missed
something please let me know.

Thanks for the ideas, ... Peter E.

--
Telephone 1 360 450 2132. 7785886232 is gone.
Shop pages http://carnot.yi.org/ accessible as long as the old
drives survive; installation of NetBSD on new drives pending.
Personal pages, http://members.shaw.ca/peasthope/ .


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 171056679.54004.43851.@heaviside.invalid">http://lists.debian.org/171056679.54004.43851.@heaviside.invalid
 
Old 11-08-2010, 01:44 PM
"Jesús M. Navarro"
 
Default My LANs and WAN; was Re (4): routing

Hi, Sthu:

On Sunday 07 November 2010 21:11:52 peasthope@shaw.ca wrote:
[...]
>
> As mentioned previously, the bridge to Carnot suggested by Jesus Navarro
> worked, although a problem appeared for Cantor. I'll try it again
> when there is time to spare and will pay attention to virtual interfaces.

Yes, but please pay attention that I told bridging was the way to go not
because I found it the best idea but because you wanted to avoid a switch
while retaining public IPs on the "inner side".

Unless your time is for free, try to asses how much time did you expend on
this (maybe without proper serviceability in the meantime) versus the cost of
a cheap switching hub plus the risk and recovery time in case of failure.

Cheers.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201011081544.48724.jesus.navarro@undominio.net">ht tp://lists.debian.org/201011081544.48724.jesus.navarro@undominio.net
 

Thread Tools




All times are GMT. The time now is 05:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org