Presentation is loading. Please wait.

Presentation is loading. Please wait.

Installing Systems on a Simulated Subnet North Carolina System Administrators.

Published byAudra Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "Installing Systems on a Simulated Subnet North Carolina System Administrators."— Presentation transcript:

1 Installing Systems on a Simulated Subnet North Carolina System Administrators

2 Why? ● The server needs a static IP address. ● DHCP address assignment is inappropriate or unavailable. ● Some quasi-permanent configuration is determined by examining subnet number.

3 Network Install Steps ● DHCP ● TFTP – pxeconfig, kernel, initrd ● DHCP ● DNS ● HTTP – kickstart file ● DHCP ● HTTP/NFS - packages

4 Network Install Steps (cont'd) ● DNS - “local” ● NIS, kerberos ● NFS - “local”

5 Two Interfaces ● p35p1: the “default” interface What you'd normally use on the company network Could be wireless Typically configured by company DHCP ● eth0: assigned the address and netmask of the default router on the subnet to be simulated

6 Hardware Layer ● USB ethernet port plus: ● Dumb switch, or ● Crossover cable ● Unreliable:fancy corporate brouter

7 Be a Router ● /etc/sysctl.conf: ● net.ipv4.ip_forward = 1 ● Dynamically: ● echo 1 | sudo dd of=/proc/sys/net/ipv4/ip_forward

8 DHCP ● Limited to simulated subnet only ● kill -STOP `ps -o pid --no-headers -C dnsmasq` ● ISC dhcp

9 /etc/dhcp/dhcpd.conf option domain-name-servers 10.11.0.254, 10.11.0.253; option domain-name "local.rfmd.com"; # Jumpstart support.. shared-network lan { subnet 10.10.0.0 netmask 255.255.0.0 { option routers 10.10.254.254; option broadcast-address 10.10.255.255;

10 dhcpd.conf (cont'd) # Solaris machines... } subnet 10.11.0.0 netmask 255.255.0.0 { option routers 10.11.254.254; option broadcast-address 10.11.255.255; host bilbo {

11 dhcpd.conf (cont'd) host bilbo { fixed-address 10.11.13.114; hardware ethernet 00:0d:60:1c:00:82; next-server 10.13.13.168; filename "linux-install/pxelinux.0"; }

12 dhcpd.conf (cont'd) } # more hosts... } # subnet } # lan

13 iptables NAT ● /etc/sysconfig/iptables-config ● IPTABLES_MODULES="nf_conntrack_tftp nf_nat_tftp" ● /etc/modprobe.conf/netfilter.conf ● options nf_conntrack_tftp ports=69

14 iptables NAT ● /etc/sysconfig/iptables ●... ● *nat ● -A POSTROUTING -m udp -p udp -s 10.11.0.0/16 -o p35p1 -j SNAT --to-source 10.10.9.99 ● -A POSTROUTING -m tcp -p tcp -s 10.11.0.0/16 -o p35p1 -j SNAT --to-source 10.10.9.99 ● -A POSTROUTING -s 10.11.0.0/16 -o p35p1 -j SNAT --to- source 10.10.9.99 ● COMMIT

15 Proxying “local” servers ● Host route ● sudo ip route add 10.11.0.191 via 10.10.254.254 dev p35p1 ● ARP ● sudo arp -Ds 10.11.0.191 eth0 pub

16 Debugging: Wireshark ● You're going to miss something Servers Services ● Especially with non-Linux Solaris: ICMP Netmask ● Use wireshark on the second interface (eth0) What happened just before the hang?

17 The Big Script bash-4.2$ cat virt10.11 #!/bin/bash echo ===routes:before sudo ip route list sudo ip route add 10.11.0.104 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.159 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.204 via 10.10.254.254 dev p35p1

18 The Big Script bash-4.2$ cat virt10.11 #!/bin/bash echo ===routes:before sudo ip route list sudo ip route add 10.11.0.104 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.159 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.204 via 10.10.254.254 dev p35p1

19 The Big Script sudo ip route add 10.11.0.59 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.191 via 10.10.254.254 dev p35p1 echo ===routes:after sudo ip route list echo ===iptables:before sudo iptables -t nat -L -v

20 The Big Script sudo ip route add 10.11.0.59 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.191 via 10.10.254.254 dev p35p1 echo ===routes:after sudo ip route list echo ===iptables:before sudo iptables -t nat -L -v

21 The Big Script sudo ip route add 10.11.0.59 via 10.10.254.254 dev p35p1 sudo ip route add 10.11.0.191 via 10.10.254.254 dev p35p1 echo ===routes:after sudo ip route list echo ===iptables:before sudo iptables -t nat -L -v

22 The Big Script [ -f /etc/sysconfig/iptables-normal ] || \ sudo mv /etc/sysconfig/iptables /etc/sysconfig/iptables- normal sudo dd of=/etc/sysconfig/iptables <<'EOIPTABLES' *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]

23 The Big Script [ -f /etc/sysconfig/iptables-normal ] || \ sudo mv /etc/sysconfig/iptables /etc/sysconfig/iptables- normal sudo dd of=/etc/sysconfig/iptables <<'EOIPTABLES' *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]

24 The Big Script -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p udp --dport 69 -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *nat

25 The Big Script -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p udp --dport 69 -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *nat

26 The Big Script *nat -A POSTROUTING -m udp -p udp -s 10.11.0.0/16 -o p35p1 -j SNAT --to-source 10.10.9.99 -A POSTROUTING -m tcp -p tcp -s 10.11.0.0/16 -o p35p1 -j SNAT --to-source 10.10.9.99 -A POSTROUTING -s 10.11.0.0/16 -o p35p1 -j SNAT --to- source 10.10.9.99 COMMIT

27 The Big Script *nat -A POSTROUTING -m udp -p udp -s 10.11.0.0/16 -o p35p1 -j SNAT --to-source 10.10.9.99 -A POSTROUTING -m tcp -p tcp -s 10.11.0.0/16 -o p35p1 -j SNAT --to-source 10.10.9.99 -A POSTROUTING -s 10.11.0.0/16 -o p35p1 -j SNAT --to- source 10.10.9.99 COMMIT

28 The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

29 The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

30 The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

31 The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

32 The Big Script EOIPTABLES sudo systemctl restart iptables.service echo ===iptables:after sudo iptables -t nat -L -v echo ===eth0:before sudo ip addr show dev eth0 set - `sudo ip addr show dev eth0 scope global` prevaddr=${17}

33 The Big Script sudo ip addr del $prevaddr dev eth0 sudo ip addr add 10.11.254.254/16 dev eth0 echo ===eth0:after sudo ip addr show dev eth0 echo ===arp:before sudo arp -a

34 The Big Script sudo ip addr del $prevaddr dev eth0 sudo ip addr add 10.11.254.254/16 dev eth0 echo ===eth0:after sudo ip addr show dev eth0 echo ===arp:before sudo arp -a

35 The Big Script sudo ip addr del $prevaddr dev eth0 sudo ip addr add 10.11.254.254/16 dev eth0 echo ===eth0:after sudo ip addr show dev eth0 echo ===arp:before sudo arp -a

36 The Big Script sudo arp -Ds 10.11.0.104 eth0 pub sudo arp -Ds 10.11.0.159 eth0 pub sudo arp -Ds 10.11.0.191 eth0 pub sudo arp -Ds 10.11.0.204 eth0 pub sudo arp -Ds 10.11.0.59 eth0 pub echo ===arp:after sudo arp -a

37 The Big Script sudo arp -Ds 10.11.2.104 eth0 pub sudo arp -Ds 10.11.2.159 eth0 pub sudo arp -Ds 10.11.0.191 eth0 pub sudo arp -Ds 10.11.0.204 eth0 pub sudo arp -Ds 10.11.0.59 eth0 pub echo ===arp:after sudo arp -a

38 The Big Script echo ===start dns sudo kill -STOP `ps -o pid --no-headers -C dnsmasq` sudo systemctl start dhcpd.service echo ===start routing echo 1 | sudo of=/proc/sys/net/ipv4/ip_forward

39 The Big Script echo ===start dns sudo kill -STOP `ps -o pid --no-headers -C dnsmasq` sudo systemctl start dhcpd.service echo ===start routing echo 1 | sudo of=/proc/sys/net/ipv4/ip_forward

40 Questions ?

41 BONUS: Solaris ok boot net:dhcp - install /etc/dhcp/dhcpd.conf: # Jumpstart Support option space SUNW; option SUNW.root-mount-options code 1 = text; option SUNW.root-server-ip-address code 2 = ip-address; option SUNW.root-server-hostname code 3 = text;

42 BONUS: Solaris option SUNW.root-path-name code 4 = text; option SUNW.swap-server-ip-address code 5 = ip-address; option SUNW.swap-file-path code 6 = text; option SUNW.boot-file-path code 7 = text; option SUNW.posix-timezone-string code 8 = text; option SUNW.boot-read-size code 9 = unsigned integer 16;

43 BONUS: Solaris option SUNW.install-server-ip-address code 10 = ip- address; option SUNW.install-server-hostname code 11 = text; option SUNW.install-path code 12 = text; option SUNW.sysid-config-file-server code 13 = text; option SUNW.JumpStart-server code 14 = text; option SUNW.terminal-name code 15 = text;

44 BONUS: Solaris # Solaris Jumpstart Grub support option space Site; option Site.Grubmenu code 150 = text;

45 BONUS: Solaris host bombadil { fixed-address 10.11.9.120; hardware ethernet 00:03:BA:2A:67:82; next-server valar; filename "0A0B0978.SUN4U"; option host-name "bombadil"; vendor-option-space SUNW; option SUNW.root-server-ip-address 10.10.13.12;

46 BONUS: Solaris option SUNW.root-server-hostname "valar"; option SUNW.root-path-name "/jumpstart/Live/OS/Solaris_10.0_07- 06/Solaris_10/Tools/Boot"; option SUNW.sysid-config-file-server "10.10.13.12:/jumpstart/Live/Sysidcfg/Solaris_10/Greensb oro"; option SUNW.JumpStart-server "10.10.13.12:/jumpstart/Live"; option SUNW.install-server-hostname "valar";

47 BONUS: Solaris option SUNW.install-server-ip-address 10.10.13.12; option SUNW.install-path "/jumpstart/Live/OS/Solaris_10.0_07-06"; }

Download ppt "Installing Systems on a Simulated Subnet North Carolina System Administrators."

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
DHCP -Ameeta and Haripriya -cmsc 691x. DHCP ► Dynamic Host Configuration Protocol ► It controls vital networking parameters of hosts with the help of.

DHCP -Ameeta and Haripriya -cmsc 691x. DHCP ► Dynamic Host Configuration Protocol ► It controls vital networking parameters of hosts with the help of.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Precept 3 Host Configuration 1 Peng Sun. What TCP conn. running? Commands netstat [-n] [-p] [-c] (Linux) lsof -i -P (Mac) ss (newer version of netstat)

Precept 3 Host Configuration 1 Peng Sun. What TCP conn. running? Commands netstat [-n] [-p] [-c] (Linux) lsof -i -P (Mac) ss (newer version of netstat)
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Packet Filtering CS-480b Dick Steflik. Stateless Packet Filters A border router configured to pass or reject packets based on information in the header.

Packet Filtering CS-480b Dick Steflik. Stateless Packet Filters A border router configured to pass or reject packets based on information in the header.
Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.

Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.
LİNUX-ROUTER-1 Gw1: 74.90.92.1 GW2: 95.111.62.129 ISP1 eth0 74.90.92.246 95.111.62.136 eth1 10.3.3.1/30 LİNUX-ROUTER-2 Gw1:192.168.198.2 Gw2:10.3.3.1 eth1.

LİNUX-ROUTER-1 Gw1: GW2: ISP1 eth eth /30 LİNUX-ROUTER-2 Gw1: Gw2: eth1.
Www.ischool.drexel.edu INFO 320 Server Technology I Week 6 Networking 1INFO 320 week 6.

INFO 320 Server Technology I Week 6 Networking 1INFO 320 week 6.
DHCP server & Client Objectives Contents

DHCP server & Client Objectives Contents
Installing and maintaining clusters of FreeBSD servers using PXE and Rsync Cor Bosman XS4ALL

Installing and maintaining clusters of FreeBSD servers using PXE and Rsync Cor Bosman XS4ALL
COMS W4995-1 COMS W4995-1 Lecture 8. NAT, DHCP & Firewalls.

COMS W COMS W Lecture 8. NAT, DHCP & Firewalls.
DHC P Dynamic Host Configuration Protocol

DHC P Dynamic Host Configuration Protocol
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
IPtables Objectives –to learn the basics of iptables Contents –Start and stop IPtables –Checking IPtables status –Input and Output chain –Pre and Post.

IPtables Objectives –to learn the basics of iptables Contents –Start and stop IPtables –Checking IPtables status –Input and Output chain –Pre and Post.
1 How to Enable IPv6 in Your Subnet Quincy Wu March 10, 2004.

1 How to Enable IPv6 in Your Subnet Quincy Wu March 10, 2004.
Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.

Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.
DHCP Ana Chanaba Robert Huylo. DHCP Background / Server dhcpd - Dynamic Host Configuration Protocol Server allows hosts on a TCP/IP network to request.

DHCP Ana Chanaba Robert Huylo. DHCP Background / Server dhcpd - Dynamic Host Configuration Protocol Server allows hosts on a TCP/IP network to request.

Similar presentations

Ads by Google