[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] dhcpd og IPtables load balance og fail over



Michael Motet wrote:
Jeg er ved at saette en router op med 3 interfaces:
eth1 (intern) 192.168.2.215
eth0 (wan1) 10.0.0.17 gw: 10.0.0.138
eth2 (wan2) 192.168.1.17 gw: 192.168.1.1

Ved dhcp har vi erfaret at clienterne nu og da taber forbindelsen. her er
dhcpd.conf:

-----

default-lease-time 86400;
option routers 10.0.0.138, 192.168.2.215, 192.168.1.1;
ddns-update-style interim;
key "rndckey" {
       algorithm hmac-md5;
       secret "qpQTYHHSoQ3KFtFtX7eTVQ==";
};

option root-path "/root/path";
default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 192.168.5.0 netmask 255.255.255.0 {
#}





# dotnet
shared-network dotnet {
# mitcnet
subnet 192.168.2.0 netmask 255.255.255.0 {
 range 192.168.2.150 192.168.2.210;
 option routers 192.168.2.215 , 10.0.0.138 , 192.168.1.1;
 option domain-name "mitcoffice";
 option domain-name-servers 192.168.2.215 , 202.123.2.6 , 10.0.0.138 ,
192.168.1.1;
 # set.
 host Meenackshi {
  hardware ethernet 00:14:85:CD:DA:79;
  fixed-address 192.168.2.11;
  }
 host Chajeeta {
  hardware ethernet 00:14:85:CD:C8:06;
  fixed-address 192.168.2.12;
  }
 host Sona {
  hardware ethernet 00:14:85:CD:DA:72;
  fixed-address 192.168.2.13;
  }
 host Jane {
  hardware ethernet 00:14:85:CD:C7:E4;
  fixed-address 192.168.2.14;
  }
 host Nisha_VMWare1 {
  hardware ethernet 00:0C:29:92:02:C7;
  fixed-address 192.168.2.15;
  }
 host Deshal {
  hardware ethernet 00:14:85:CD:58:53;
  fixed-address 192.168.2.16;
  }
 host Nisha {
  hardware ethernet 00:14:2A:BF:58:5E;
  fixed-address 192.168.2.17;
  }
 host Roma {
  hardware ethernet 00:14:85:CD:C7:E1;
  fixed-address 192.168.2.18;
  }
 host Munawarrah {
  hardware ethernet 00:14:85:CD:DE:2E;
  fixed-address 192.168.2.29;
  }
 host Pritam {
  hardware ethernet 00:14:85:CD:C7:DE;
  fixed-address 192.168.2.19;
  }
 host Pritam_VMware1 {
  hardware ethernet 00:0C:29:CD:5C:74;
  fixed-address 192.168.2.20;
  }
 host Hemant_VMWare2 {
  hardware ethernet 00:0C:29:A8:2C:B7;
  fixed-address 192.168.2.21;
  }
 host yogesh {
  hardware ethernet 00:14:A5:0E:9A:AF;
  fixed-address 192.168.2.22;
  }
 host michael {
  hardware ethernet 00:16:CF:45:73:20;
  fixed-address 192.168.2.24;
  }
 host Nathalie {
  hardware ethernet 00:0E:35:A6:04:75;
  fixed-address 192.168.2.23;
  }
 host Gaetan_laptop {
  hardware ethernet 00:0D:9D:90:90:BB;
  fixed-address 192.168.2.25;
  }
 host Christophe {
  hardware ethernet 00:40:CA:D8:30:93;
  fixed-address 192.168.2.26;
  }
 host Hemant_laptop {
  hardware ethernet 00:12:F0:14:45:4D;
  fixed-address 192.168.2.27;
  }
 host Hemant_VMWare1 {
  hardware ethernet 00:0C:29:23:75:AB;
  fixed-address 192.168.2.28;
  }
 # Mailserver
 host mailserver {
  hardware ethernet 00:14:85:CD:CF:AD;
  fixed-address 192.168.2.215;
  }
 # Shivam
 host ShivamPC {
  hardware ethernet 00:01:6C:E5:88:65;
  fixed-address 192.168.2.10;
  }
 # PrintServer
 host PrintServer {
  hardware ethernet 00:01:2e:08:85:ab;
  fixed-address 192.168.2.115;
  }
 }
}
----

pt er der kun en wan forbindelse, der bruges (wan2)

Er der nogen der kan give nogle hints til at vi har 2 subnets, saa en gruppe
paa forex 7 clienter benytter den ene wan samt har VPN ud.
og en anden benytter andet wan.


vores router er endnu ikke sat op med firewall, og har foelgende:


sslug@sslug iptables-rules]# more network.sh #!/bin/sh

IF1=eth0
IF2=eth2
IP1=10.0.0.5
IP2=192.168.1.17
P1_NET=10.0.0.0
P2_NET=192.168.1.0

IPTAB=/sbin/iptables
$IPTAB --flush

#$IPTAB -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#$IPTAB -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j
ACCEPT
#$IPTAB -A FORWARD -i eth1 -o eth0 -j ACCEPT


$IPTAB -t nat -A POSTROUTING -o eth2 -j MASQUERADE
$IPTAB -A FORWARD -i eth2 -o eth1 -m state --state RELATED,ESTABLISHED -j
ACCEPT
$IPTAB -A FORWARD -i eth1 -o eth2 -j ACCEPT

Ville det vaere muligt at I kan sende mig nogle script til IPTABLES firewall
accept DNS,ssh og web samt nogle ideer til loadbalance og failover ?


Vi er ved at teste om den nuvaerende dhcpd.conf er stabil. nogle af
clienterne taber stadig forbindelsen.


Der er en fejl med det du skriver om jeg ser det:

mellem dette:

eth2 (wan2) 192.168.1.17 gw: 192.168.1.1

og dette:

Subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.150 192.168.2.210;
option routers 192.168.2.215 , 10.0.0.138 , 192.168.1.1;


og hvorfor skal 192.168.x.x snakke sammen med en gateway ala denne: 10.0.0.13 ? den vil de aldir kunne ramme med denne ip/net: Subnet 192.168.2.0 netmask 255.255.255.0


/Frank

 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2007-06-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *