Hi Giorgio and others,
On Mon, Apr 09, 2012 at 11:21:37AM +0200, Giorgio Pioda wrote:
> In my case is not a matter of randomizing.
>
> We have an internal 10.x.x.x/23 provided by the
> national telecom and we are not able to
> change the subnet, otherwise we would collide
> with other schools.
>
I had a look into the issue of modifying the IP addresses.
The following files contain an IP address:
debian-lan/fai/config$ rgrep -l
'[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' *
files/etc/dhcp/dhcpd.conf/INT_GATEWAY
files/etc/dhcp/dhcpd.conf/EXT_GATEWAY
files/etc/network/interfaces/INT_GATEWAY
files/etc/network/interfaces/EXT_GATEWAY
files/etc/hosts/diskless
files/etc/hosts/mainserver
files/etc/networks/FAIBASE
files/etc/fai/grub.cfg/SERVER_A
files/etc/bind/db.intern/INT_GATEWAY
files/etc/bind/db.intern/EXT_GATEWAY
scripts/NTP_SERVER/10-ntp.conf
scripts/NFS_SERVER/10-config
scripts/PROXY/10-config
scripts/FAISERVER/30-exports
scripts/DISKLESS_SERVER/10-setup
If we remove DNS and DHCP configuration files and files that contain
no specific I addresses, we are left with:
files/etc/network/interfaces/INT_GATEWAY
files/etc/network/interfaces/EXT_GATEWAY
scripts/NTP_SERVER/10-ntp.conf
scripts/NFS_SERVER/10-config
scripts/PROXY/10-config
scripts/FAISERVER/30-exports
scripts/DISKLESS_SERVER/10-setup
So appart from DHCP, DNS and your interface configuration, you are
left to modify:
scripts/NTP_SERVER/10-ntp.conf: ReplaceAll "#broadcast 192.168.123.255" With
"broadcast 10.255.255.255"
scripts/NFS_SERVER/10-config: AppendIfNoSuchLine "/srv/nfs4
10.0.0.0/8(sec=krb5p:krb5i:sys,rw,sync,fsid=0,crossmnt,no_subtree_check)"
scripts/NFS_SERVER/10-config: AppendIfNoSuchLine "/srv/nfs4/home0
10.0.0.0/8(sec=krb5p:krb5i:sys,rw,sync,no_subtree_check)"
scripts/PROXY/10-config: ReplaceAll "#acl localnet src 10.0.0.0/8"
With "acl localnet src 10.0.0.0/8"
scripts/FAISERVER/30-exports:ainsl $target/etc/exports "/srv/fai/nfsroot
10.0.0.0/24(async,ro,no_subtree_check,no_root_squash)"
scripts/FAISERVER/30-exports:ainsl $target/etc/exports "/srv/fai/config
10.0.0.0/24(async,ro,no_subtree_check,no_root_squash)"
scripts/DISKLESS_SERVER/10-setup:ainsl $target/etc/exports "/opt
10.0.0.0/8(async,ro,no_subtree_check,no_root_squash)"
So that does not look too terrible. The automatic solution would be
to generate DNS and DHCP configuration automatically and use variables
in the scripts.
Best regards,
Andi
> On Sun, Apr 08, 2012 at 05:15:27PM +0100, Steven Chamberlain wrote:
> > Hi,
> >
> > On 08/04/12 10:13, Giorgio Pioda wrote:
> > > 1) Subnet switch to an arbitrary 10.x.x.x/24 or even better 10.x.x.x/23
> > > and
> > > also 192.169.x.x networks
> >
> > I agree, that aspect of Debian Edu's network architecture has always
> > bugged me too, but I imagine it's because an address had to be hardcoded
> > in some of the configs.
> >
> >
> > Using a randomly-chosen 10.x.x.0/24 subnet means you can link several of
> > these subnets together with straightforward routing between gateway
> > machines, without resorting to awkward NAT.
> >
> > It would be easy and very fun to link together neighbouring Debian-LANs
> > between homes/offices with wireless meshes and fast wired links.
> >
> > Randomising as much as you can in network address avoids the chance of a
> > collision and having to renumber (and the chance is higher than you
> > might think, due to the birthday paradox).
> >
> > This is similar in principle to RFC4193 unique local IPv6 subnets.
> > (Debian-LAN could implement those too!)
> >
> >
> > Or, you can run as many /24's as you need off the same mainserver and it
> > can still route traffic between hosts, so I doubt there's a need for a
> > /23 subnet or larger. (Unless you really need for a broadcast domain to
> > span more than 254 hosts...).
> >
> > Regards,
> > --
> > Steven Chamberlain
> > ste...@pyro.eu.org
> >
--
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120409113651.GA11569@flashgordon
