Jonathan's Contribution

Note that this section only focuses on getting the network connection working so that henry can be used as a virual server. Name serving and other TCP/IP functionality needs to be configured in tandem with Gateway for things to start working correctly. At a minimum, both Henry and Gateway should be configured past the name serving sections to operate correctly.

What do we want to achieve?

Henry, an internal virtual server (serving ftp, http, pop3 and smtp for multiple domains) is behind the IP masquerading firewall Gateway. See Network Topology. There is a relationship between the two boxes where:

• Gateway forwards traffic to specific aliased IP addresses on Henry depending on the protocol (ftp, http, etc), and
• which domain the traffic was destined (cmex.org or novatek.co.nz).

The local network uses ip addresses 192.168.0.200 and higher for its virtual servers as outilend in the topology.

This configuration is very Redhat distribution dependant.

Do not use the configuration tools such as netcfg, control-panel, linuxconf. This is a "real" configuration exercise, not for the meek who cower behind gui tools!

 

References

• Net-HOWTO
• RedHat's Reference Guide, Ch 2 on Boot Process, Init and Shutdown.
• LDP's Network Administration Project, Ch's on Issues of TCP/IP networking and Configuring TCP Networking. A bit dated, and "Slackware-ish", but insightful, none the less.

Network Configuration Files

HOSTNAME

>>>>>>>>>>>>>>>>>>>>/etc/HOSTNAME

henry.novatek.co.nz

<<<<<<<<<<<<<<<<<<</etc/HOSTNAME

 

hosts

>>>>>>>>>>>>>>>>>>>/etc/hosts

127.0.0.1               localhost.localdomain localhost

<<<<<<<<<<<<<<<<<</etc/hosts

Only include the localhost in the hosts file.  All names to ip address relations will be created using bind.

 
hosts.conf

>>>>>>>>>>>>>>>>>>>/etc/host.conf

order hosts,bind
multi on

<<<<<<<<<<<<<<<<<</etc/host.conf

I'm not sure if this is still required.  I think it is depreciated and replaced by nsswitch.conf, but I leave it in just incase.  It tells the name resolver to first look in the /etc/hosts file, be for making a dns request through bind, the name serving daemon.  The last line enables multiple domain names to be associated with an IP address.
 

resolv.conf

>>>>>>>>>>>>>>>>>>/etc/resolv.conf

domain novatek.co.nz
nameserver 127.0.0.1

<<<<<<<<<<<<<<<<<</etc/resolve.conf

We use Henry (192.168.0.3) as our internal name server for the network. We should have a secondary internal DNS for security - perhaps some time in the future.  Note that name serving is not going to work properly until both Gateway's and Henry's name serving is set up.
 

nsswitch.conf

>>>>>>>>>>>>>>>>>>>>/etc/nsswitch.conf

passwd:     files nisplus nis
shadow:     files nisplus nis
group:      files nisplus nis
hosts:      files nisplus nis dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   nisplus
publickey:  nisplus
automount:  files nisplus
aliases:    files nisplus

<<<<<<<<<<<<<<<<<<<</etc/nsswitch.conf

The important line in this file is  hosts:      files nisplus nis dns. This file gives instructions to the resolver to first look in files (/etc/hosts), then nis before dns.  Because we are not installing nis, if a host name is not found in the /etc/hosts file, it will be looked up using DNS (Domain Name Server).
 

RedHat's sysconfig stuff

These files define environment variables used by RedHat's startup scripts.  (See  RedHat's Reference Guide, section on Boot Process, Init and Shutdown.  Also it is worthwhile reading the startup scripts /etc/rc.d/init.d/network, /etc/sysconfig/network-scripts/ifup, /etc/sysconfig/network-scripts/ifup-aliases).

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network

NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=`cat /etc/HOSTNAME`
GATEWAY=192.168.0.254
GATEWAYDEV=eth0

<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network/scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.0.3
NETMASK=255.255.255.0
ONBOOT=yes
#NETWORK=192.168.0.0.0
#BROADCAST=192.168.0.255
USERCTL=no

<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network/scripts/ifcfg-eth0

>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network-scripts/ipcfg-eth0-range0

IPADDR_START=192.168.0.200
IPADDR_END=192.168.0.207
CLONENUM_START=0

<<<<<<<<<<<<<<<<<<</etc/sysconfig/network-scripts/ipcfg-eth0-range0
Read the header of /etc/sysconfig/network-scripts/ifup-aliases for an explaination.
After  changing HOSTNAME, it is necessary to reboot (with shutdown now) for the changes to take effect.

 

When the system has booted, check that networking is working.  Issue the following commands, and observe the corresponding results:

 
ifconfig should give:

------------------------------------------
eth0      Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1045495 errors:0 dropped:12 overruns:0 frame:188
          TX packets:869100 errors:2 dropped:0 overruns:0 carrier:3
          collisions:5213 txqueuelen:100 
          Interrupt:12 Base address:0xe400 

eth0:0    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.200  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:1    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.201  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:2    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.202  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:3    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.203  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:4    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.204  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:5    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.205  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:6    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.206  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

eth0:7    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
          inet addr:192.168.0.207  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xe400 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:39108 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39108 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
------------------------------------------

route -n should give:
This routing table is generated correctly when the BROADCAST and NETWORK variables in ifcfg-eth0 are commented out.

------------------------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.207   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.206   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.205   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.204   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.203   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.202   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.201   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.200   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.3     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.254   0.0.0.0         UG    0      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
------------------------------------------

 

I wonder why so many gateway entries, anyway it works. I guess they get introduced with the inclusion of each aliased ip. At this stage pinging ip addresses (not ip names) on both the internal and external network should work.

Last modified: Tue Feb 8 22:00:00 PST 2000
Copyright © Jonathan Marks, 1999, 2000. All rights reserved.
http://jon.novatek.co.nz/linux/config/henry-net.html.