My LANs and WAN; was Re (4): routing
- From: peasthope@xxxxxxx
- Date: Sun, 7 Nov 2010 13:11:52 -0700
From: lee <lee@xxxxxxxxxxxxxxx>
Date: Sat, 30 Oct 2010 17:09:36 +0200
What's the purpose of having "various machines" connected via a modem?
There are two sites from which I use a dial-up modem connection.
There is a machine at each site. The diagram does not depict
these machines individually.
Then I'd change the cabling, i. e. get a switch or, if none is
available, use the hub instead. Plug the switch/hub into eth1 on
Dalton.
Simplify IPs, ...
Most cpu cycles on Dalton and Joule are idle. I wouldn't be surpised
to find that 99% of cycles are unused. My intention is to let
Dalton and Joule do the routing and to minimize the hardware
running 24/7. That is why NetworkProposed.jpg shows Dalton bridging
to Carnot and no AT 3612TR hub.
The arrangement of subnets 172.23.n.1-172.23.n.2 on Joule and
172.24.n.1-172.24.n.2 on Dalton was suggested in this list a few
years back. If you are interested I can hunt for the message.
Set up a nameserver on Dalton.
dnsmasq has been running on Dalton and Joule for at least a year.
I take it that 142.103.107.137 is the public IP ...
142.103.107.137, 142.103.107.138 and 142.103.107.139 are for
my use. Currently Dalton uses 142.103.107.137 and Carnot uses
142.103.107.138. 142.103.107.139 isn't used routinely.
Then for Dalton it's
zones: ...
Shorewall works well on Dalton and Joule as it is, but yes,
reviewing to find further simplifications is a good idea.
Now for the VPN, it is most important to remember that every machine
that needs to be reachable through the VPN MUST have (a second) IP
address for that. You can give several IPs to the same physical
interface.
In the Extant Network, Curie is the only subnetted machine which
runs a server; it has an FTP server. Documentation gave me the
impression that routing would allow Cantor to FTP a file from
Curie. The routing is specified in the OpenVPN configuration
files. Here are extracts.
# dalton:/etc/openvpn/myvpn.conf
# Curie
route 172.23.4.2
# joule:/etc/openvpn/myvpn.conf
# Cantor.
route 172.24.1.2
I've never tested this connection but can test later this week.
You could use another subnet for the VPN, like 192.168.150.0/24.
I have no complaints against the VPN as it is.
Carnot would have an interface eth0:1 with the IP
192.168.150.10 and Dalton would have eth1:1 with 192.168.150.1. Dalton
would be the gateway for Carnot for eth0:1.
As mentioned previously, the bridge to Carnot suggested by Jesus Navarro
worked, although a problem appeared for Cantor. I'll try it again
when there is time to spare and will pay attention to virtual interfaces.
I've tried to reply to all of your comments and suggestions in message
<20101030150936.GP4736@xxxxxxxxxxxxxxx>. If you find that I've missed
something please let me know.
Thanks for the ideas, ... Peter E.
--
Telephone 1 360 450 2132. 7785886232 is gone.
Shop pages http://carnot.yi.org/ accessible as long as the old
drives survive; installation of NetBSD on new drives pending.
Personal pages, http://members.shaw.ca/peasthope/ .
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/171056679.54004.43851.@xxxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: My LANs and WAN; was Re (4): routing
- From: Jesús M. Navarro
- Re: My LANs and WAN; was Re (4): routing
- Prev by Date: Re: UPS on USB not detected
- Next by Date: Re: HP Laserjet not printing.
- Previous by thread: HP Laserjet not printing.
- Next by thread: Re: My LANs and WAN; was Re (4): routing
- Index(es):
Relevant Pages
|
