updates the networking exercise

This commit is contained in:
waldek 2021-05-06 10:01:07 +02:00
parent 3d082a8e52
commit dbe6ebf72d
3 changed files with 63 additions and 10 deletions

View File

@ -91,6 +91,7 @@ iptables -t nat -A POSTROUTING -j MASQUERADE
These settings won't save themselves so next time you reboot they'll be missing.
For the kernel option you should have a look at `/etc/sysctl.conf`.
In this file you can enable, disable or set kernel values.
Changes to this file won't be automatically reloaded so we can execute `sudo sysctl -p /etc/sysctl.conf` to force a reload of that specific file.
To save `iptables` rules have a look online but [this](http://www.faqs.org/docs/iptables/iptables-save.html) and [this](https://zertrin.org/projects/iptables-persistent/).
@ -127,7 +128,7 @@ An `sudo apt install isc-dhcp-server` should sort you out but you'll get a bunch
Don't panic, this is pretty normal because we haven't configured the server yet.
A handy new command you'll learn here is `journalctl`.
This is the main interface towards all logging done by all services `systemd` manages.
The `-x` option will 'Augment log lines with explanation texts from the message catalog.' so will be more verbosen and the `-e` will jump to the end of the logs.
The `-x` option will 'Augment log lines with explanation texts from the message catalog.' so will be more verbose and the `-e` will jump to the end of the logs.
```bash
sudo journalctl -xe
@ -181,6 +182,9 @@ Now we can install dnsmasq with `sudo apt install dnsmasq`.
The configuration is done by creating a new file at `/etc/dnsmasq.d/`.
You're free to name this file however you want and you can also create multiple files to spread out your configuration.
This can be very handy for larger setups.
#### DHCP
At the bare minimum, to replace isc-dhcp-server, we need the following:
```bash
@ -190,6 +194,55 @@ dhcp-range=10.0.1.10,10.1.100,24h
The same 90 leases will be available for hand out and each lease is valid for 24 hours.
You restart the service in the same way you restart all other services we did up until now; `sudo systemctl restart dnsmasq.service`.
A slightly modified configuration can make things a bit clearer.
By default dnsmsq is smart enough to distribute on the right interfaces but we can specify this ourselves.
It won't change much to the operation, but will clear things up when we start offering different ranges on different interfaces.
```bash
dhcp-range=eth0,10.0.1.10,10.1.100,24h
```
#### DNS
The DNS aspect of dnsmsq requires a bit more configuration.
By just installing dnsmsq it already *is* a DNS server and you can test this with `nslookup`.
If you don't have that program installed you can install it with the `dnsutils` package.
We will need to add a few more lines of configuration though.
Again, don't just *copy/paste*, modify the lines to your need.
```bash
# specify the interfaces we will listen on to resolve DNS requests
interface=lo
interface=eth1
interface=eth2
# bind only to the interfaces we specify
bind-interfaces
# we can add out clients to our domain
domain=peperoni.lan
local=/peperoni.lan/
# we set which servers our dns uses to resolve
server=127.0.0.1
```
If we want to use our DNS server to [push routes](https://en.wikipedia.org/wiki/Routing) to our clients we need to add it to the configuration as well.
The syntax is as follows, `121,x.x.x.x/yy,z.z.z.z` where `x.x.x.x` is the IP range, `yy` the netmask and `z.z.z.z` is the via which IP address.
You can add as many as you want but there is a practical [limit](https://unix.stackexchange.com/questions/457572/use-dnsmasq-to-pushing-routes-to-my-clients-on-a-small-local-network).
Are wondering what the `121` [means](http://help.sonicwall.com/help/sw/eng/6800/26/2/3/content/Network_DHCP_Server.042.12.htm)?
```bash
dhcp-option=121,10.0.4.0/24,192.168.0.117
```
## Group labo
The goal of this exercise is to create a small network of VM's on each of our workstations and interconnect all of them over the LAN in the classroom.
Your responsibility is to create a functioning mini network of VM's on your workstation.
Once this is operational you can add routes to the mini networks of the other students.
You have to add routes for each student so maybe a script can come in handy.
As I'm running the DHCP and DNS of our LAN I can push these routes to your routers but first you should create them yourself!
![big network](./network_big.png)

View File

@ -1370,16 +1370,16 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O31">
<dia:attribute name="obj_pos">
<dia:point val="41.5,-1"/>
<dia:point val="41.2788,-1"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="41.45,-1.05;46.5425,0.95"/>
<dia:rectangle val="41.2288,-1.05;46.7638,0.95"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="41.5,-1"/>
<dia:point val="41.2788,-1"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="4.9924999999999997"/>
<dia:real val="5.4349999999999996"/>
</dia:attribute>
<dia:attribute name="elem_height">
<dia:real val="1.9000000000000004"/>
@ -1393,7 +1393,7 @@
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#dad's family#</dia:string>
<dia:string>#mum's family#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>

View File

@ -1610,7 +1610,7 @@
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#172.10.2.0/24#</dia:string>
<dia:string>#172.20.2.0/24#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>
@ -1790,7 +1790,7 @@
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#172.10.3.0/24#</dia:string>
<dia:string>#172.20.3.0/24#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>
@ -2015,7 +2015,7 @@
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#172.10.1.0/24#</dia:string>
<dia:string>#172.20.1.0/24#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>
@ -2245,7 +2245,7 @@
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#172.10.0.0/24#</dia:string>
<dia:string>#172.20.0.0/24#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>