My LANs and WAN; was Re (4): routing

To: debian-user@lists.debian.org
Cc: peasthope@shaw.ca
Subject: My LANs and WAN; was Re (4): routing
From: peasthope@shaw.ca
Date: Sun, 7 Nov 2010 13:11:52 -0700
Message-id: <[🔎] 171056679.54004.43851.@heaviside.invalid>
In-reply-to: <20101030150936.GP4736@yun.yagibdah.de>

From:	lee <lee@yun.yagibdah.d.>
Date:	Sat, 30 Oct 2010 17:09:36 +0200
> What's the purpose of having "various machines" connected via a modem?

There are two sites from which I use a dial-up modem connection.
There is a machine at each site.  The diagram does not depict 
these machines individually.

> Then I'd change the cabling, i. e. get a switch or, if none is
> available, use the hub instead. Plug the switch/hub into eth1 on
> Dalton.
> 
> Simplify IPs, ...

Most cpu cycles on Dalton and Joule are idle.  I wouldn't be surpised 
to find that 99% of cycles are unused.  My intention is to let 
Dalton and Joule do the routing and to minimize the hardware 
running 24/7.  That is why NetworkProposed.jpg shows Dalton bridging 
to Carnot and no AT 3612TR hub.

The arrangement of subnets 172.23.n.1-172.23.n.2 on Joule and 
172.24.n.1-172.24.n.2 on Dalton was suggested in this list a few 
years back.  If you are interested I can hunt for the message.

> Set up a nameserver on Dalton.

dnsmasq has been running on Dalton and Joule for at least a year.

> I take it that 142.103.107.137 is the public IP ...

142.103.107.137, 142.103.107.138 and 142.103.107.139 are for  
my use.  Currently Dalton uses 142.103.107.137 and Carnot uses 
142.103.107.138.  142.103.107.139 isn't used routinely.

> Then for Dalton it's
> 
> zones: ...

Shorewall works well on Dalton and Joule as it is, but yes, 
reviewing to find further simplifications is a good idea.  

> Now for the VPN, it is most important to remember that every machine
> that needs to be reachable through the VPN MUST have (a second) IP
> address for that. You can give several IPs to the same physical
> interface. 

In the Extant Network, Curie is the only subnetted machine which 
runs a server; it has an FTP server.  Documentation gave me the 
impression that routing would allow Cantor to FTP a file from 
Curie.   The routing is specified in the OpenVPN configuration 
files.  Here are extracts.
# dalton:/etc/openvpn/myvpn.conf 
# Curie
route 172.23.4.2
# joule:/etc/openvpn/myvpn.conf
# Cantor.
route 172.24.1.2
I've never tested this connection but can test later this week.

> You could use another subnet for the VPN, like 192.168.150.0/24. 

I have no complaints against the VPN as it is.

> Carnot would have an interface eth0:1 with the IP
> 192.168.150.10 and Dalton would have eth1:1 with 192.168.150.1. Dalton
> would be the gateway for Carnot for eth0:1.

As mentioned previously, the bridge to Carnot suggested by Jesus Navarro 
worked, although a problem appeared for Cantor.  I'll try it again 
when there is time to spare and will pay attention to virtual interfaces. 

I've tried to reply to all of your comments and suggestions in message 
<20101030150936.GP4736@yun.yagibdah.de>.  If you find that I've missed 
something please let me know.  

Thanks for the ideas,        ... Peter E.

-- 
Telephone 1 360 450 2132.  7785886232 is gone.
Shop pages http://carnot.yi.org/ accessible as long as the old 
drives survive; installation of NetBSD on new drives pending.
Personal pages, http://members.shaw.ca/peasthope/ .

Reply to:

Follow-Ups:
- Re: My LANs and WAN; was Re (4): routing
  - From: "Jesús M. Navarro" <jesus.navarro@undominio.net>

Prev by Date: Re: UPS on USB not detected
Next by Date: Re: HP Laserjet not printing.
Previous by thread: Re: HP Laserjet not printing.
Next by thread: Re: My LANs and WAN; was Re (4): routing
Index(es):
- Date
- Thread