Hello:
I want to subnetwork the current flat IP network at my office to further
segregate our own office network from our clients' networks. Upon
testing, I was able to resolve DNS queries on our own LAN segment but
not on our clients' networks.
Here is the scheme I tried used:
Internet
^
|
|
gateway (has local IP 192.168.0.1/255.255.255.240,
^ network 192.168.0.0 broadcast 192.168.0.15)
|
|
PC router using virtual interfaces
^
|
|
client networks (each with different network and broadcast IPs)
* netmask /29 network 192.168.0.128 broadcast 192.168.0.135
* netmask /29 network 192.168.0.136 broadcast 192.168.0.151
...
The clients get their IP via DHCP (w/c is mapped to their machines' MAC
addresses) from 192.168.0.2 (authoritative), while internal nameserver
requests are served by the machines 192.168.0.2 and 192.168.0.4,
belonging to our "office" LAN segment (/28) network 192.168.0.0
broadcast 192.168.0.15. Here's a snippet of /etc/dhcpd.conf:
ddns-update-style none;
option domain-name-servers 192.168.0.2, 192.168.0.4;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
shared-network mynetwork {
# our office segment
subnet 192.168.0.0 netmask 255.255.255.240 {
option broadcast-address 192.168.0.15;
option routers 192.168.0.1;
host host1 {
hardware ethernet 0:0a:e6:64:01:32;
fixed-address 192.168.0.3;
}
host host2 {
hardware ethernet 0:40:d0:28:0b:c8;
fixed-address 192.168.0.6;
}
}
# client #1 network configuration
subnet 192.168.0.128 netmask 255.255.255.248 {
option broadcast-address 192.168.0.135;
option routers 192.168.0.129;
host apex1 {
hardware ethernet 0:00:c8:e3:86:f9;
fixed-address 192.168.0.130;
}
host apex2 {
hardware ethernet 0:02:44:3d:fd:f5;
fixed-address 192.168.0.131;
}
...
}
.....
}
Fortunately DHCP works as our clients were able to get their IP lease
given they come from different network segments.
I'm still in doubt with my subnet computations as I've used all 0's and
1's subnets, though it's reportedly safe to use in local networks.
Anyway, I know that the problem would be simple to solve if only I have
additional machines to deploy as routers... sadly this wasn't the case
so I used my own machine to be a router for the client networks. I
mapped additional IP's to the sole network interface card on my machine.
Here is a snippet of my /etc/network/interfaces:
auto lo eth0 eth0:0 eth0:1 eth0:2 eth0:3 eth0:4 eth0:5
# The loopback interface
iface lo inet loopback
iface eth0 inet static
address 192.168.0.4
netmask 255.255.255.240
network 192.168.0.0
broadcast 192.168.0.255
broadcast 192.168.0.15
gateway 192.168.0.1
iface eth0:0 inet static
address 192.168.0.129
netmask 255.255.255.248
network 192.168.0.128
broadcast 192.168.0.135
gateway 192.168.0.1
iface eth0:1 inet static
address 192.168.0.137
netmask 255.255.255.248
network 192.168.0.136
broadcast 192.168.0.143
gateway 192.168.0.1
As I've mentioned, our LAN segment can resolve DNS requests coming from
our own nameservers, but our clients can't, as they belong to other
network segments. My question - is this a routing problem caused by a
mistake in the interfaces/DHCP configuration or a mistake in our
nameserver configuration? Suggestions and corrections are most welcome.
Thanks!
Paolo Alexis Falcone
[EMAIL PROTECTED]
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
