Installing Systems on a Simulated Subnet North Carolina System Administrators.

Slides:

Advertisements

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

Advertisements

DHCP -Ameeta and Haripriya -cmsc 691x. DHCP ► Dynamic Host Configuration Protocol ► It controls vital networking parameters of hosts with the help of.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Precept 3 Host Configuration 1 Peng Sun. What TCP conn. running? Commands netstat [-n] [-p] [-c] (Linux) lsof -i -P (Mac) ss (newer version of netstat)

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

Packet Filtering CS-480b Dick Steflik. Stateless Packet Filters A border router configured to pass or reject packets based on information in the header.

Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.

LİNUX-ROUTER-1 Gw1: GW2: ISP1 eth eth /30 LİNUX-ROUTER-2 Gw1: Gw2: eth1.

INFO 320 Server Technology I Week 6 Networking 1INFO 320 week 6.

DHCP server & Client Objectives Contents

Installing and maintaining clusters of FreeBSD servers using PXE and Rsync Cor Bosman XS4ALL

COMS W COMS W Lecture 8. NAT, DHCP & Firewalls.

DHC P Dynamic Host Configuration Protocol

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.

IPtables Objectives –to learn the basics of iptables Contents –Start and stop IPtables –Checking IPtables status –Input and Output chain –Pre and Post.

1 How to Enable IPv6 in Your Subnet Quincy Wu March 10, 2004.

Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.

DHCP Ana Chanaba Robert Huylo. DHCP Background / Server dhcpd - Dynamic Host Configuration Protocol Server allows hosts on a TCP/IP network to request.

DHCP server & Client Objectives –to learn how to setup dhcp servers Contents –Download and Install The DHCP Package –The /etc/dhcpd.conf File –Upgrading.

Firewalls A device that screens incoming and outgoing network traffic and allows or disallows traffic based on a set of rules The “device” –Needs at least.

Links and LANs Link between two computers via cross cable The most simple way to connect two hosts is to link the two hosts with a cross cable.

1 TCP/IP Networking. 2 TCP/IP TCP/IP is the networking protocol suite most commonly used with UNIX, Windows, NT and most other OS’s. TCP/IP defines a.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

IPtables Objectives Contents Practicals Summary

Le firewall Technofutur. Table des matières Schémas du réseau Routage sans VPN Routage avec VPN Le NAT Le firewall.

Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.

Hands On Networking IPv4 Routing Veena S (MCA Dept) Shruti Kadam, MCA Dept Arpita Kulkarni, MCA Dept June 28, 2012.

1 COP 4343 Unix System Administration Unit 11: Networking – basic concepts: IP, TCP, UDP, DHCP – devices: setup, status.

INFSO-RI Enabling Grids for E-sciencE Installation of an APT+kickstart server Giuseppe Platania INFN Catania EMBRACE Tutorial Clermont-Ferrand,

Firewalls & Network Monitoring Advanced Registry Operations Curriculum.

1 TCP/IP Networking Yue Cui 06/13/02. 2 Presentation Outline Introduction Packets and Encapsulation IP Addresses, Routing ARP, DHCP and PPP Security Issue.

ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7 Dynamic Host Protocol.

1 Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP) Relates to Lab 7. Module about private networks and NAT.

Linux Operations and Administration Chapter Eight Network Communications.

Sample DNS configurations. Example 1: Master 'master' DNS and is authoritative for this zone for example.com provides 'caching' services for all other.

DHCP as server. What is Dynamic Host Configuration Protocol (DHCP)? Dynamic Host Configuration Protocol (DHCP) is network protocol for automatically assigning.

Ethernet switch Hosts Can talk using Ethernet addresses only.

Review of IPv4 Routing Veena S, MCA Dept, PESIT Mar 09-10, 2013.

 Router Configurations part2 2 nd semester

Juan Ortega 10/7/09 NTW342. Setting up the Configuration File ddns-update-style interim; Ignore client-updates; Subnet netmask

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

Wireless Access Point. What is a WAP?  A Wireless access point (WAP) is a device that allows a wireless device to connect to a wired network.

Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.

Routing with Linux 'cause you really love the command line

LINUX Network Concepts M.S.Dibay Moghaddam Second Linux Festival Amir Kabir University of Technology Computer & IT Department.

Managing and Directing Network Traffic with Linux

Dynamic Host Configuration Protocol

Network Configuration

Introduction An introduction to the software and organization of the Internet Lab.

Network Layer, and Logical Addresses

Virtual Private Networking with OpenVPN

Network Address Translation (NAT)

ECE 544: Middlebox lab Abhigyan Sharma.

LINUX ADMINISTRATION

Switch Setup Connectivity to Other locations Via MPLS/LL etc

Course Review 2015 Computer networks 赵振刚

DHCP server & Client Objectives Contents

Network Address Translation (NAT)

Unix Linux Administration I

Packet Filtering Dick Steflik.

Introduction An introduction to the software and organization of the Internet Lab.

Setting Up Firewall using Netfilter and Iptables

COP 4343 Unix System Administration

The “FREE” WiFi by Chandan.

WireGuard zswu.

Presentation transcript:

Installing Systems on a Simulated Subnet North Carolina System Administrators

Why? ● The server needs a static IP address. ● DHCP address assignment is inappropriate or unavailable. ● Some quasi-permanent configuration is determined by examining subnet number.

Network Install Steps ● DHCP ● TFTP – pxeconfig, kernel, initrd ● DHCP ● DNS ● HTTP – kickstart file ● DHCP ● HTTP/NFS - packages

Network Install Steps (cont'd) ● DNS - “local” ● NIS, kerberos ● NFS - “local”

Two Interfaces ● p35p1: the “default” interface What you'd normally use on the company network Could be wireless Typically configured by company DHCP ● eth0: assigned the address and netmask of the default router on the subnet to be simulated

Hardware Layer ● USB ethernet port plus: ● Dumb switch, or ● Crossover cable ● Unreliable:fancy corporate brouter

Be a Router ● /etc/sysctl.conf: ● net.ipv4.ip_forward = 1 ● Dynamically: ● echo 1 | sudo dd of=/proc/sys/net/ipv4/ip_forward

DHCP ● Limited to simulated subnet only ● kill -STOP `ps -o pid --no-headers -C dnsmasq` ● ISC dhcp

/etc/dhcp/dhcpd.conf option domain-name-servers , ; option domain-name "local.rfmd.com"; # Jumpstart support.. shared-network lan { subnet netmask { option routers ; option broadcast-address ;

dhcpd.conf (cont'd) # Solaris machines... } subnet netmask { option routers ; option broadcast-address ; host bilbo {

dhcpd.conf (cont'd) host bilbo { fixed-address ; hardware ethernet 00:0d:60:1c:00:82; next-server ; filename "linux-install/pxelinux.0"; }

dhcpd.conf (cont'd) } # more hosts... } # subnet } # lan

iptables NAT ● /etc/sysconfig/iptables-config ● IPTABLES_MODULES="nf_conntrack_tftp nf_nat_tftp" ● /etc/modprobe.conf/netfilter.conf ● options nf_conntrack_tftp ports=69

iptables NAT ● /etc/sysconfig/iptables ●... ● *nat ● -A POSTROUTING -m udp -p udp -s /16 -o p35p1 -j SNAT --to-source ● -A POSTROUTING -m tcp -p tcp -s /16 -o p35p1 -j SNAT --to-source ● -A POSTROUTING -s /16 -o p35p1 -j SNAT --to- source ● COMMIT

Proxying “local” servers ● Host route ● sudo ip route add via dev p35p1 ● ARP ● sudo arp -Ds eth0 pub

Debugging: Wireshark ● You're going to miss something Servers Services ● Especially with non-Linux Solaris: ICMP Netmask ● Use wireshark on the second interface (eth0) What happened just before the hang?

The Big Script bash-4.2$ cat virt10.11 #!/bin/bash echo ===routes:before sudo ip route list sudo ip route add via dev p35p1 sudo ip route add via dev p35p1 sudo ip route add via dev p35p1

The Big Script bash-4.2$ cat virt10.11 #!/bin/bash echo ===routes:before sudo ip route list sudo ip route add via dev p35p1 sudo ip route add via dev p35p1 sudo ip route add via dev p35p1

The Big Script sudo ip route add via dev p35p1 sudo ip route add via dev p35p1 echo ===routes:after sudo ip route list echo ===iptables:before sudo iptables -t nat -L -v

The Big Script sudo ip route add via dev p35p1 sudo ip route add via dev p35p1 echo ===routes:after sudo ip route list echo ===iptables:before sudo iptables -t nat -L -v

The Big Script sudo ip route add via dev p35p1 sudo ip route add via dev p35p1 echo ===routes:after sudo ip route list echo ===iptables:before sudo iptables -t nat -L -v

The Big Script [ -f /etc/sysconfig/iptables-normal ] || \ sudo mv /etc/sysconfig/iptables /etc/sysconfig/iptables- normal sudo dd of=/etc/sysconfig/iptables <<'EOIPTABLES' *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]

The Big Script [ -f /etc/sysconfig/iptables-normal ] || \ sudo mv /etc/sysconfig/iptables /etc/sysconfig/iptables- normal sudo dd of=/etc/sysconfig/iptables <<'EOIPTABLES' *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]

The Big Script -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p udp --dport 69 -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *nat

The Big Script -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p udp --dport 69 -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *nat

The Big Script *nat -A POSTROUTING -m udp -p udp -s /16 -o p35p1 -j SNAT --to-source A POSTROUTING -m tcp -p tcp -s /16 -o p35p1 -j SNAT --to-source A POSTROUTING -s /16 -o p35p1 -j SNAT --to- source COMMIT

The Big Script *nat -A POSTROUTING -m udp -p udp -s /16 -o p35p1 -j SNAT --to-source A POSTROUTING -m tcp -p tcp -s /16 -o p35p1 -j SNAT --to-source A POSTROUTING -s /16 -o p35p1 -j SNAT --to- source COMMIT

The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

The Big Script sudo ip addr del $prevaddr dev eth0 sudo ip addr add /16 dev eth0 echo ===eth0:after sudo ip addr show dev eth0 echo ===arp:before sudo arp -a

The Big Script sudo ip addr del $prevaddr dev eth0 sudo ip addr add /16 dev eth0 echo ===eth0:after sudo ip addr show dev eth0 echo ===arp:before sudo arp -a

The Big Script sudo ip addr del $prevaddr dev eth0 sudo ip addr add /16 dev eth0 echo ===eth0:after sudo ip addr show dev eth0 echo ===arp:before sudo arp -a

The Big Script sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub echo ===arp:after sudo arp -a

The Big Script sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub sudo arp -Ds eth0 pub echo ===arp:after sudo arp -a

The Big Script echo ===start dns sudo kill -STOP `ps -o pid --no-headers -C dnsmasq` sudo systemctl start dhcpd.service echo ===start routing echo 1 | sudo of=/proc/sys/net/ipv4/ip_forward

The Big Script echo ===start dns sudo kill -STOP `ps -o pid --no-headers -C dnsmasq` sudo systemctl start dhcpd.service echo ===start routing echo 1 | sudo of=/proc/sys/net/ipv4/ip_forward

Questions ?

BONUS: Solaris ok boot net:dhcp - install /etc/dhcp/dhcpd.conf: # Jumpstart Support option space SUNW; option SUNW.root-mount-options code 1 = text; option SUNW.root-server-ip-address code 2 = ip-address; option SUNW.root-server-hostname code 3 = text;

BONUS: Solaris option SUNW.root-path-name code 4 = text; option SUNW.swap-server-ip-address code 5 = ip-address; option SUNW.swap-file-path code 6 = text; option SUNW.boot-file-path code 7 = text; option SUNW.posix-timezone-string code 8 = text; option SUNW.boot-read-size code 9 = unsigned integer 16;

BONUS: Solaris option SUNW.install-server-ip-address code 10 = ip- address; option SUNW.install-server-hostname code 11 = text; option SUNW.install-path code 12 = text; option SUNW.sysid-config-file-server code 13 = text; option SUNW.JumpStart-server code 14 = text; option SUNW.terminal-name code 15 = text;

BONUS: Solaris # Solaris Jumpstart Grub support option space Site; option Site.Grubmenu code 150 = text;

BONUS: Solaris host bombadil { fixed-address ; hardware ethernet 00:03:BA:2A:67:82; next-server valar; filename "0A0B0978.SUN4U"; option host-name "bombadil"; vendor-option-space SUNW; option SUNW.root-server-ip-address ;

BONUS: Solaris option SUNW.root-server-hostname "valar"; option SUNW.root-path-name "/jumpstart/Live/OS/Solaris_10.0_07- 06/Solaris_10/Tools/Boot"; option SUNW.sysid-config-file-server " :/jumpstart/Live/Sysidcfg/Solaris_10/Greensb oro"; option SUNW.JumpStart-server " :/jumpstart/Live"; option SUNW.install-server-hostname "valar";

BONUS: Solaris option SUNW.install-server-ip-address ; option SUNW.install-path "/jumpstart/Live/OS/Solaris_10.0_07-06"; }