SL:Topology und SL:Network Users: Unterschied zwischen den Seiten
(Unterschied zwischen Seiten)
Zur Navigation springen
Zur Suche springen
imported>Burghardt (→DNS) |
imported>Burghardt (Die Seite wurde neu angelegt: „ One basic idea was to work with the "normal" user accounts. The local computers are ''not'' prepared to work this way yet. But we have some pre-preparation, up u…“) |
||
Zeile 1: | Zeile 1: | ||
− | The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way. |
||
+ | One basic idea was to work with the "normal" user accounts. The local computers are ''not'' prepared to work this way yet. But we have some pre-preparation, up until now we have: |
||
− | == Topology == |
||
− | A <strike>small computer</strike> '''Virtual Machine''' works as a router. The allowed traffic is limited in some ways. The rules are managed by [[User:Burghardt|Udo Burghardt]]. |
||
− | <pre>root@slgw:~# lsb_release -a; ip a | grep global |
||
− | No LSB modules are available. |
||
− | Distributor ID: Ubuntu |
||
− | Description: Ubuntu 11.10 |
||
− | Release: 11.10 |
||
− | Codename: oneiric |
||
− | inet 172.22.255.253/16 brd 172.22.255.255 scope global eth0 |
||
− | inet 192.168.22.254/24 brd 192.168.22.255 scope global eth1 |
||
− | </pre> |
||
+ | === a user named <code>sensorlab</code> === |
||
+ | sensorlab@login:~$ id |
||
+ | uid=13433(sensorlab) gid=913(tmg) groups=913(tmg),6172(senslab),1093888628(AfsPag-336a74) |
||
+ | === a ''group'' named <code>senslab</code> === |
||
− | === IP Ranges === |
||
+ | dn: cn=senslab,ou=groups,dc=informatik,dc=uni-goettingen,dc=de |
||
− | We use a simple private address block of: |
||
+ | ... |
||
− | <pre> |
||
+ | memberUid: sensorlab |
||
− | ~# ipcalc 192.168.22.0/24 |
||
+ | memberUid: ashah |
||
− | Address: 192.168.22.0 11000000.10101000.00010110. 00000000 |
||
+ | memberUid: oalfandi |
||
− | Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000 |
||
+ | memberUid: brosenne |
||
− | Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111 |
||
+ | memberUid: kellner |
||
− | => |
||
− | Network: 192.168.22.0/24 11000000.10101000.00010110. 00000000 |
||
− | HostMin: 192.168.22.1 11000000.10101000.00010110. 00000001 |
||
− | HostMax: 192.168.22.254 11000000.10101000.00010110. 11111110 |
||
− | Broadcast: 192.168.22.255 11000000.10101000.00010110. 11111111 |
||
− | Hosts/Net: 254 Class C, Private Internet |
||
− | </pre> |
||
+ | This list may get extended with userids of students on request... |
||
− | === DNS === |
||
− | Dedicated ranges/naming convention: |
||
− | ;1... : former pool computers "wsxy" |
||
− | ;31... : "normal" computers "pcxy" |
||
− | ;60 : the server |
||
− | ;61... : virtual guests on the server |
||
− | ;101...: Raspberry Pis |
||
− | ;240...: infrastructure |
||
+ | === the user has a home directory ~sensorlab === |
||
− | ==== Zone file ==== |
||
+ | sensorlab@login:~$ pwd |
||
− | Actual snapshot 07. Feb. 2013: |
||
+ | /afs/informatik.uni-goettingen.de/user/s/sensorlab |
||
− | <pre> |
||
− | dig tmg.loc axfr | grep -e .sl.tmg |
||
− | esxsl.tmg.loc. 86400 IN CNAME tmg94.tmg.loc. |
||
− | nst.tmg.loc. 86400 IN CNAME tmgsim2.sl.tmg.loc. |
||
− | gw.sl.tmg.loc. 86400 IN A 192.168.22.254 |
||
− | gw.sl.tmg.loc. 86400 IN TXT "Sensorlab Router eth1" |
||
− | pc01.sl.tmg.loc. 86400 IN A 192.168.22.31 |
||
− | pc02.sl.tmg.loc. 86400 IN A 192.168.22.32 |
||
− | pc03.sl.tmg.loc. 86400 IN A 192.168.22.33 |
||
− | pc04.sl.tmg.loc. 86400 IN A 192.168.22.34 |
||
− | ps1.sl.tmg.loc. 86400 IN A 192.168.22.241 |
||
− | ps2.sl.tmg.loc. 86400 IN A 192.168.22.242 |
||
− | rpi01.sl.tmg.loc. 86400 IN A 192.168.22.41 |
||
− | rpi02.sl.tmg.loc. 86400 IN A 192.168.22.42 |
||
− | sw.sl.tmg.loc. 86400 IN A 192.168.22.244 |
||
− | tmgsim1.sl.tmg.loc. 86400 IN A 192.168.22.61 |
||
− | tmgsim1.sl.tmg.loc. 86400 IN TXT "Windows 7" |
||
− | tmgsim2.sl.tmg.loc. 86400 IN A 192.168.22.62 |
||
− | tmgsim2.sl.tmg.loc. 86400 IN TXT "NST" |
||
− | tmgsim3.sl.tmg.loc. 86400 IN A 192.168.22.63 |
||
− | tmgsim3.sl.tmg.loc. 86400 IN TXT "Ubuntu" |
||
− | tmgsim4.sl.tmg.loc. 86400 IN A 192.168.22.64 |
||
− | tmgsim4.sl.tmg.loc. 86400 IN TXT "Win 7 english" |
||
− | tmgsim5.sl.tmg.loc. 86400 IN A 192.168.22.65 |
||
− | tmgsim5.sl.tmg.loc. 86400 IN TXT "Natty Roman Seibel" |
||
− | tmgsim6.sl.tmg.loc. 86400 IN A 192.168.22.66 |
||
− | tmgsim6.sl.tmg.loc. 86400 IN TXT "Natty Udo " |
||
− | tmgsim7.sl.tmg.loc. 86400 IN A 192.168.22.67 |
||
− | tmgsim7.sl.tmg.loc. 86400 IN TXT "Natty Ansgar Kellner" |
||
− | tmgsim8.sl.tmg.loc. 86400 IN A 192.168.22.68 |
||
− | tmgsim8.sl.tmg.loc. 86400 IN TXT "Oneiric Youssef" |
||
− | tmgsim9.sl.tmg.loc. 86400 IN A 192.168.22.69 |
||
− | tmgsim9.sl.tmg.loc. 86400 IN TXT "Oneiric Saleh" |
||
− | ws1.sl.tmg.loc. 86400 IN A 192.168.22.1 |
||
− | ws10.sl.tmg.loc. 86400 IN A 192.168.22.10 |
||
− | ws11.sl.tmg.loc. 86400 IN A 192.168.22.11 |
||
− | ws12.sl.tmg.loc. 86400 IN A 192.168.22.12 |
||
− | ws2.sl.tmg.loc. 86400 IN A 192.168.22.2 |
||
− | ws3.sl.tmg.loc. 86400 IN A 192.168.22.3 |
||
− | ws4.sl.tmg.loc. 86400 IN A 192.168.22.4 |
||
− | ws5.sl.tmg.loc. 86400 IN A 192.168.22.5 |
||
− | ws6.sl.tmg.loc. 86400 IN A 192.168.22.6 |
||
− | ws7.sl.tmg.loc. 86400 IN A 192.168.22.7 |
||
− | ws8.sl.tmg.loc. 86400 IN A 192.168.22.8 |
||
− | ws9.sl.tmg.loc. 86400 IN A 192.168.22.9 |
||
− | </pre> |
||
− | Nachtrag: 22.70 + 22.71 ist belegt |
||
+ | === obligatory home page === |
||
− | ;Example: the gateway is known as: |
||
+ | http://user.informatik.uni-goettingen.de/~sensorlab/ |
||
− | ~# host gw.sl.tmg.loc |
||
− | gw.sl.tmg.loc has address 192.168.22.254 |
||
+ | The account "sensorlab" should '''not''' be used by any member of the group "senslab". Instead use your own account - that's what group membership is for! |
||
− | ;Reverse Zone:...is ''not'' prepared as it is not required. |
||
− | |||
− | <small> |
||
− | ---- |
||
− | ''Important:'' This is the view from ''inside'' that network. From outside it looks this way: |
||
− | ~$ host slgw.tmg.loc |
||
− | slgw.tmg.loc has address 172.22.255.253 |
||
− | </small> |
||
− | |||
− | == Service Availability == |
||
− | === [[DHCP]] === |
||
− | The router offers dhcp services using <code>ISC dhcpd</code>. It will deliver the usual information to the clients: address, netmask, gateway, nameservers. Event though the protocol is "dynamic" the configuration is ''static'' to be able to know exactly "who is who". Each computer will always get the same address. |
||
− | |||
− | The system wide configuration includes: |
||
− | <pre> |
||
− | subnet 192.168.22.0 netmask 255.255.255.0 { |
||
− | # range 192.168.22.201 192.168.22.211; |
||
− | option domain-name-servers 134.76.81.212, 134.76.81.104; |
||
− | option domain-name "sl.tmg.loc"; |
||
− | option routers 192.168.22.254; |
||
− | option broadcast-address 192.168.22.255; |
||
− | }</pre> |
||
− | |||
− | Additionally for ''every single'' system which should benefit from dhcp we need an entry like this: |
||
− | |||
− | <pre> |
||
− | host ws1 { |
||
− | hardware ethernet 00:13:72:8a:bc:41; |
||
− | fixed-address ws1.sl.tmg.loc; |
||
− | } |
||
− | </pre> |
||
− | |||
− | |||
− | You might verify the actual host definitions via |
||
− | |||
− | * http://gw.sl.tmg.loc/sensorlab.conf |
||
− | |||
− | === [[OpenAFS]] / [[Kerberos]] / [[LDAP]] === |
||
− | Should work as expected. |
||
− | |||
− | === [[SSH]] === |
||
− | * enabled in all directions - especially also ''from outside into the lab'' |
||
− | |||
− | === [[ICMP]] === |
||
− | * all Types enabled |
||
− | |||
− | === Web === |
||
− | * Port 80 and 443 allowed |
||
== See also == |
== See also == |
||
+ | * [[SL:tmg94]] -- ESXi Server for hosting Virtual Machines |
||
− | * [[SL:Introduction]] |
||
+ | * [[SL:Virtual Machines]] |
||
− | * Schematic: <br /><code>/afs/informatik.uni-goettingen.de/user/s/sensorlab/documents/Documentation/sensorlab-network.dia</code> <br />bzw. "falschrum:" <br /><code>\\afs\informatik.uni-goettingen.de\user\s\sensorlab\documents\Documentation\sensorlab-network.dia</code> <br />... which is accessible only for project members |
||
+ | * [[SL:Remote Access]] -- reach in from the outside world |
||
+ | * [[SL:Topology]] -- the network address ranges, machine names... |
||
+ | * [[SL:Network_Users]] |
||
− | == Links == |
||
− | * http://gw.sl.tmg.loc/sensorlab.conf -- configuration of the Hosts |
||
[[Category:Sensorlab]] |
[[Category:Sensorlab]] |
Version vom 23. Oktober 2012, 09:30 Uhr
One basic idea was to work with the "normal" user accounts. The local computers are not prepared to work this way yet. But we have some pre-preparation, up until now we have:
a user named sensorlab
sensorlab@login:~$ id uid=13433(sensorlab) gid=913(tmg) groups=913(tmg),6172(senslab),1093888628(AfsPag-336a74)
a group named senslab
dn: cn=senslab,ou=groups,dc=informatik,dc=uni-goettingen,dc=de ... memberUid: sensorlab memberUid: ashah memberUid: oalfandi memberUid: brosenne memberUid: kellner
This list may get extended with userids of students on request...
the user has a home directory ~sensorlab
sensorlab@login:~$ pwd /afs/informatik.uni-goettingen.de/user/s/sensorlab
obligatory home page
http://user.informatik.uni-goettingen.de/~sensorlab/
The account "sensorlab" should not be used by any member of the group "senslab". Instead use your own account - that's what group membership is for!
See also
- SL:tmg94 -- ESXi Server for hosting Virtual Machines
- SL:Virtual Machines
- SL:Remote Access -- reach in from the outside world
- SL:Topology -- the network address ranges, machine names...
- SL:Network_Users