Copyright (C) 1998, 1999 by Steve Litt, All rights reserved. Material provided as-is, use at your own risk.
Steve Litt is the author of Troubleshooting Techniques of the Successful Technologist, Rapid Learning: Secret Weapon of the Successful Technologist, and Samba Unleashed. |
In the rest of this document, we will be discussing the following configuration:
This information was obtained using the RH5.1 official bluebox Linux
distribution:
I have the following configuration using RH5.1 official bluebox: ______________ ______________ ___________________ |win98 |-----|eth0 | |eth1 | |192.168.100.1 | |192.168.100.3 |--|192.168.200.3 | |______________| |______________| |ip alias | |192.168.200.110-149| |___________________| |
All netmasks are 255.255.255.0
192.168.200.110 thru 149 are used for virtual web hosting -- they represent
different websites.
The object here is to allow the Windows 98 machine to access IP addresses 192.168.200.110-149, either through the IP address or through DNS, without the Windows 98 machine knowing details of the network or various subnets.
DEVICE="eth1" IPADDR="192.168.200.3" NETWORK="192.168.200.0" NETMASK="255.255.255.0" BROADCAST=192.168.200.255 ONBOOT="yes" |
I think it's pretty self-explanatory why.
IPADDR="192.168.200.110-149" |
NETWORKING=yes FORWARD_IPV4="yes" HOSTNAME="linuxhost.mydomain.cxm" DOMAINNAME=mydomain.cxm GATEWAY="192.168.100.254" GATEWAYDEV="eth0" |
Of course, you'll use your domain name and your host.domain. CAUTION!!! WARNING!!! Note the 254 on the end of the gateway address. USE IT!!! 254 is a magic number that does the right things. DO NOT user 192.168.100.3 here -- it will appear to work but will cause IP forwarding failure.
CAUTION!!! WARNING!!! Even though you define the gateway in /etc/sysconfig/network
as 192.168.100.254, on the Windows machine you must define it as 192.168.100.3.
It's the gateway combination of 192.168.100.3 in Windows and 192.168.100.254
that allows IP forwarding. 254 is a magic number.
[root@linuxhost sysconfig]# /sbin/ipfwadm -F -l IP firewall forward rules, default policy: accept |
[root@linuxhost sysconfig]# /sbin/ipfwadm -A -l IP accounting rules |
[root@linuxhost sysconfig]# /sbin/ipfwadm -M -l IP masquerading entries |
If you see anything in the output of the commands that seems to preclude any communication to or from 192.168.200, ESPECIALLY a default policy of deny or reject in the IP firewall forward rules, you must add ipfwadm commands to /etc/rc.d/rc.local to enable forwarding to and from that subnet.
NOTE: A default policy of accept is a security risk that's acceptable for tutorial purposes only. For an actual functioning network it's far better to default to deny, then individually enable ip forwarding on a subnet by subnet basis.
|
/etc/named.boot | Starting point. Must contain a reference for each domain name, telling what file contains its DNS info. As a practical matter, usually all will point to file /var/named/named.forward. |
/var/named/named.forward | This contains the SOA statement, and other statements that map domain names to ip addresses. |
/var/named/named.reverse | This is the reverse DNS file. It maps IP addresses to domain names. |
primary 200.168.192.in-addr.arpa named.reverseThis tells the system to look in /var/named/named.reverse for any names relating to the 192.168.200 subnet. Obviously if your reverse DNS file is under a different filename, use that filename.
troubleshooters.mydomain.cxm. IN A 192.168.200.113Troubleshooters.mydomain.cxm is called the canonical name. You'll probably fit it with a couple aliases using the IN CNAME statements:
www.troubleshooters.cxm. IN CNAME troubleshooters.mydomain.cxm. troubleshooters.cxm. IN CNAME troubleshooters.mydomain.cxm.You WILL NOT add a new IN SOA statement.
Be sure to increase the serial number (yyyymmdd##) in the IN SOA statement before exiting the editor.
200.168.192.in-addr.arpa. IN SOA linuxhost.mydomain.cxm. hostmaster.mydomain. cxm. ( 1999010702 10800 3600 604800 86400 ) IN NS linuxhost.mydomain.cxm.This allows everything below it (until the next IN SOA statement) to simply use the least significant IP byte. Note that the SOA is for linuxhost, which is located at 192.168.100.3, rather than on the 192.168.200 subnet. That's perfectly OK. Linuxhost is the DNS server for both subnets.
For each 192.168.200 subnet domain name in named.forward, both canonical and aliased (IN A and IN CNAME), add a line below the 192.168.200 IN SOA. Here are 2 examples:
113 IN PTR troubleshooters.cxm. 113 IN PTR troubleshooters.mydomain.cxm.Once again, be sure to increase the serial number (yyyymmdd##) in every IN SOA statement in named.reverse before exiting the editor.
You must change /etc/dhcpd.conf, adding a dummy entry for the 192.168.200
subnet, and upgrading your existing entry for the 192.168.100 subnet (the
one your Windows clients are actually on) to feed them information like
default gateway, dns, etc. Here's an example of /etc/dhcpd.conf:
subnet 192.168.100.0 netmask 255.255.255.0 { range 192.168.100.200 192.168.100.240; option subnet-mask 255.255.255.0; option broadcast-address 192.168.100.255; option routers 192.168.100.3; option domain-name-servers 192.168.100.3; option domain-name "mydomain.cxm"; option ip-forwarding on; option netbios-node-type 8; } subnet 192.168.200.0 netmask 255.255.255.0 { range 192.168.200.200 192.168.200.240; } |
Note that the subnet 192.168.200.0 entry has less information because it's not expected to be used. If it were expected to be used, it would contain the same info as the 192.168.100 entry.
Most contents of the subnet 192.168.100.0 entry are self-explanatory.
Note that the option routers is the Windows machine's default gateway (overriding
whatever's on Windows' gateway tab, while the option domain-name-servers
is the DNS list, overriding or adding to (I'm not sure) the contents of
Windows' DNS tab.