Difference between revisions of "Configure LAN"

From Organic Design wiki
 
(integrate a newly installed server into a LAN as a DHCP server and firewall)
Line 1: Line 1:
 
+
{{procedure
Skip this section if the server is a dedicated Internet server, this section covers the steps required to set the server up as a firewall between the internal LAN and the external WAN.
+
|description = This procedure defines the steps required to integrate a newly installed server into a LAN as a DHCP server and firewall.
 +
|role = Sysop
 +
|status = in use
 +
}}
  
 
== Network interfaces ==
 
== Network interfaces ==
Line 46: Line 49:
  
 
== Next ==
 
== Next ==
Back to [[Install a new server#Next steps]]
+
*Back to [[Install a new server#Next steps]]
 +
*[[Configure DNS]]

Revision as of 06:11, 12 May 2009

Procedure.svg Configure LAN
Organic Design procedure

Network interfaces

Typically when running on a LAN we'll have two LAN cards on the server with the following /etc/network/interfaces:

auto eth0
iface eth0 inet static
	address 192.168.0.1
	netmask 255.255.255.0
	broadcast 192.168.0.255
	gateway 192.168.0.254

auto eth1
iface eth1 inet static
	address 192.168.1.1
	netmask 255.255.255.0
	broadcast 192.168.1.255

Firewall

The 192.168.0 subnet is on eth0 and connects to the Internet router (which should have no wireless on it), and the 192.168.1 subnet is on eth1 and connects to the internal LAN hub. These network interfaces must then be configured as a firewall which can be done by copying the firewall script to /etc/network/if-up.d/00-firewall so that it executes whenever the networking starts up. Don't forget to restart the networking after making changes with /etc/init.d/networking restart.

DHCP Server

A DHCP server should be installed to be authoritative on the internal (192.168.1) subnet, and should specify the gateway and DNS server as itself. First install it with apt-get install dhcp3-server, then add the following configuration to /etc/dhcp/dhcpd.conf:

ddns-update-style none;
option domain-name-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;

# External subnet
subnet 192.168.0.0 netmask 255.255.255.0 {
}

# Internal subnet
subnet 192.168.1.0 netmask 255.255.255.0 {
	range 192.168.1.50 192.168.1.200;
	option routers 192.168.1.1;
	option broadcast-address 192.168.1.255;
	option subnet-mask 255.255.255.0;
}

Next