I have had a very busy month, and the computer-oriented parts of it have
raised some questions. I'm mostly writing this to get it all straight in
my head, but I know some very smart people hang out here who might have
some ideas for cleaning up this mess.
First a warning: some of my problems have arisen from use of a Linksys
NC100 version 2.1 (P/N E570 Rev.AA) 10/100 PCI NIC in my wife's
computer. With kernel 2.2 or 2.4 it caused kernel panics which
eventually caused file system corruption (ReiserFS is good, but some
abuse is over the top) which meant rebuilding the box. Damn good thing
I had /home on a separate file system, only important thing lost was
/var/spool/mail/[name].
Next, I now have two Internet connections -- a dedicated dial to tsoft
and a p2p wireless to sprint. Because my DNS points to the TSOFT IP, I
want mail and dns incoming to use the tsoft line. This is the quick and
dirty that I used to get it going.
TSOFT SPRINT
| |
| LRP(EigerSteinB2 with my kernel)
| |
| -----------hub---------
| | | | |
igor felix, gracie, &c.
igor (192.168.1.2) has mail and dns, felix (192.168.1.1) and gracie are
workstations with HTTP servers, Squid caches, and local MTAs.
Quick and dirty turned out to be long and ugly because igor was a Red
Hat 6.1 box with a 2.4 kernel, meaning that PPP wasn't gonna work via
RPM. I looked at compiling some of the PPP utilities to work with the
2.4 kernel's ppp.o, but they all required newer glibc, and that way lies
madness. So I backed up and wiped the littler bugger, then installed
from my favorite Mandrake 7.2 disk. 586 optimization makes a huge
difference on a Pentium 75. A nice thing here is ppp-watch, which keeps
the line alive without intervention. I installed portsentry and gShield,
then left it alone for a couple of weeks.
Unfortunately, this didn't fix everything because reverting to 2.2
kernel meant igor's carefully balanced chroot'ed BIND 9.1 split DNS
scheme didn't work any more. I tried moving the internal .prv network
onto felix, but then igor couldn't see those addresses (and therefore
wouldn't participate in rsync, mail, squid, ssh, we're talking
annoying). So I revisited DNS and switched to one of those annoying
merged DNS configs that put the RFC1918 addresses into the publically
accessible file and put that on igor. DNS worked then, but I still had
that "back door" connection into an important server. While I was at it,
I decided to use my two lines as backups to each other via DNS (for
inbound mail).
nslookup monkeynoodle.org to see the details, but the important things
are NS and MX:
NS ns ; igor name server
NS ns2 ; felix name server
NS ns.tsoft.net. ; ISP's DNS
NS dns.akropolys.com. ; Troy's DNS
MX 10 mail ; igor mail server
MX 20 mail2 ; felix mail server
MX 30 mail.akropolys.com. ; tertiary mail
...
ns A 198.144.201.9
ns2 A 66.1.155.123
mail A 198.144.201.9
mail2 A 66.1.155.123
So I moved the modem into my LRP box:
TSOFT SPRINT
| |
-------------- LRP
|
-----------hub---------
| | | |
igor felix, gracie, &c.
and configured network.conf so:
IF_AUTO="ppp0 eth0 eth1"
ppp0_IP_SPOOF=YES
ppp0_IP_KRNL_LOGMARTIANS=YES
ppp0_IP_SHARED_MEDIA=NO
ppp0_BRIDGE=NO
ppp0_PROXY_ARP=NO
ppp0_FAIRQ=YES
ppp0_TXQLEN=10
ppp0_BNDWIDTH=28800bit # Device bandwidth (my copper sucks)
ppp0_HNDL=1 # Queue Handle - must be unique
ppp0_IABURST=10 # Interactive Burst
ppp0_IARATE=10Kbit # Interactive Rate
ppp0_PXMTU=1500 # Physical MTU - includes Link Layer header
eth0_IPADDR=66.1.155.123
eth0_MASKLEN=24
eth0_BROADCAST=66.1.155.255
eth0_DEFAULT_GW=66.1.155.122
eth0_IP_SPOOF=YES
eth0_IP_KRNL_LOGMARTIANS=YES
eth0_IP_SHARED_MEDIA=NO
eth0_BRIDGE=NO
eth0_PROXY_ARP=NO
eth0_FAIRQ=YES
eth0_TXQLEN=100
eth0_BNDWIDTH=17kbps # Device bandwidth (upstream in bytes)
eth0_HNDL=2 # Queue Handle - must be unique
eth0_IABURST=10 # Interactive Burst
eth0_IARATE=100Kbit # Interactive Rate
eth0_PXMTU=1500 # Physical MTU - includes Link Layer header
eth1_IPADDR=192.168.1.254
eth1_MASKLEN=24
eth1_BROADCAST=192.168.1.255
eth1_IP_SPOOF=YES
eth1_IP_KRNL_LOGMARTIANS=YES
eth1_IP_SHARED_MEDIA=NO
eth1_BRIDGE=NO
eth1_PROXY_ARP=NO
eth1_FAIRQ=YES
eth1_TXQLEN=100
eth1_BNDWIDTH=178kbps # Device bandwidth (downstream in bytes)
eth1_HNDL=3 # Queue Handle - must be unique
eth1_IABURST=10 # Interactive Burst
eth1_IARATE=100Kbit # Interactive Rate
eth1_PXMTU=1500 # Physical MTU - includes Link Layer header
EXTERN_IF="eth0" # External Interface
IF_DHCP=ppp0
EXTERN_DYNADDR=NO # - YES/NO
# -- OR --
EXTERN_IP=$eth0_IPADDR # External Interface IP number
PPP0_IPADDR=`ip addr list label $IF_DHCP | \
grep inet | \
sed '1!d' | \
sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
echo ppp0 IP: $PPP0_IPADDR
INTERN_SERVERS="tcp_${PPP0_IPADDR}_smtp_192.168.1.2_smtp
tcp_${PPP0_IPADDR}_domain_192.168.1.2_domain
udp_${PPP0_IPADDR}_domain_192.168.1.2_domain"
INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
INTERN_POP3_SERVER=192.168.1.2 # Internal POP3 server to make available
INTERN_IMAP_SERVER=192.168.1.2 # Internal IMAP server to make available
INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
INTERN_DNS_SERVER=192.168.1.1 # Internal DNS server to make available
Now all this seems to work fairly well, sort of:
* PPP doesn't start properly until I log in and do 'svi network reload'.
* Portsentry has to be manually started.
* PPP dies without warning, despite the ip-check script I posted last
month, which used to work :-(
* the PPP line doesn't get used in an outbound direction at all because
the only route using that interface is a point to point to tsoft's
gateway. I need to isolate the networks run by TSOFT and add them in ip
route statements before that will work perfectly.
Slashdot is down right now (Saturday 23rd at 8:30pm PST) so I thought I
had somehow screwed up outbound web until it occurred to me to try
another site :-)
How would all you smart people suggest improving this? My router is a
486/33 with 24mb RAM and an unused 341mb drive, booting from (2) 1680kb
floppies (92% and 68% full). I would like:
* updated version, like Dachenstein or Oxygen -- these haven't been
focussing on PPP though.
* a PPP watcher that works
* failover of the default route without using floating static routes
(there's a script for this in the archives which I haven't tried).
I have to admit that the option which has looked best to date is
FTP installing a full Linux distro or FreeBSD on that little hard drive
:-( A regular Unix toolkit instead of busybox and a packaging system
would be pretty handy.
So, any ideas or suggestions are greatly appreciated.
Thanks,
--
Jack Coates
Monkeynoodle: It's what's for dinner!
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
