Sidebar
lair:cist.lan:start:routerconfig
Table of Contents
Router Configuration
The following are the steps taken to properly run a new router, cist.lan.
Setting up DHCP and DNS cist.lan in /var/named/master Add a zone in '/var/named/etc/named.conf' for “cist.lan” and “10.80.1.11”
zone "cist.lan" {
type master;
file "master/cist.lan";
//don't allow transfers, cist.lan will not be allowed to get out.
};
cist.lan
$TTL 3d
$ORIGIN cist.lan.
@ IN SOA cist.lan. root.cist.lan. (
201404201 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
IN NS ns1.cist.lan.
IN MX 5 mail
@ IN A 10.80.11.1
ns1 IN A 10.80.11.1
router IN CNAME @
dns IN CNAME router
;cist.lan.servers (001 - 029)
server-001 IN CNAME router
server-002 IN A 10.80.11.002
server-003 IN A 10.80.11.003
server-004 IN A 10.80.11.004
server-005 IN A 10.80.11.005
server-006 IN A 10.80.11.006
server-007 IN A 10.80.11.007
server-008 IN A 10.80.11.008
server-009 IN A 10.80.11.009
server-010 IN A 10.80.11.010
server-011 IN A 10.80.11.011
server-012 IN A 10.80.11.012
server-013 IN A 10.80.11.013
server-014 IN A 10.80.11.014
server-015 IN A 10.80.11.015
server-016 IN A 10.80.11.016
server-017 IN A 10.80.11.017
server-018 IN A 10.80.11.018
server-019 IN A 10.80.11.019
server-020 IN A 10.80.11.020
server-021 IN A 10.80.11.021
server-022 IN A 10.80.11.022
server-023 IN A 10.80.11.023
server-024 IN A 10.80.11.024
server-025 IN A 10.80.11.025
server-026 IN A 10.80.11.026
server-027 IN A 10.80.11.027
server-028 IN A 10.80.11.028
server-029 IN A 10.80.11.029
;//cist.lan.future (.030 - .039)
future-030 IN A 10.80.11.030
future-031 IN A 10.80.11.031
future-032 IN A 10.80.11.032
future-033 IN A 10.80.11.033
future-034 IN A 10.80.11.034
future-035 IN A 10.80.11.035
future-036 IN A 10.80.11.036
future-037 IN A 10.80.11.037
future-038 IN A 10.80.11.038
future-039 IN A 10.80.11.039
;cist.lan.ubuntu (.040.069)
ubuntu-040 IN A 10.80.11.040
ubuntu-041 IN A 10.80.11.041
ubuntu-042 IN A 10.80.11.042
ubuntu-043 IN A 10.80.11.043
ubuntu-044 IN A 10.80.11.044
ubuntu-045 IN A 10.80.11.045
ubuntu-046 IN A 10.80.11.046
ubuntu-047 IN A 10.80.11.047
ubuntu-048 IN A 10.80.11.048
ubuntu-049 IN A 10.80.11.049
ubuntu-050 IN A 10.80.11.050
ubuntu-051 IN A 10.80.11.051
ubuntu-052 IN A 10.80.11.052
ubuntu-053 IN A 10.80.11.053
ubuntu-054 IN A 10.80.11.054
ubuntu-055 IN A 10.80.11.055
ubuntu-056 IN A 10.80.11.056
ubuntu-057 IN A 10.80.11.057
ubuntu-058 IN A 10.80.11.058
ubuntu-059 IN A 10.80.11.059
ubuntu-060 IN A 10.80.11.060
ubuntu-061 IN A 10.80.11.061
ubuntu-062 IN A 10.80.11.062
ubuntu-063 IN A 10.80.11.063
ubuntu-064 IN A 10.80.11.064
ubuntu-065 IN A 10.80.11.065
ubuntu-066 IN A 10.80.11.066
ubuntu-067 IN A 10.80.11.067
ubuntu-068 IN A 10.80.11.068
ubuntu-069 IN A 10.80.11.069
;cist.lan.debian (.070- .099)
debian-070 IN A 10.80.11.070
debian-071 IN A 10.80.11.071
debian-072 IN A 10.80.11.072
debian-073 IN A 10.80.11.073
debian-074 IN A 10.80.11.074
debian-075 IN A 10.80.11.075
debian-076 IN A 10.80.11.076
debian-077 IN A 10.80.11.077
debian-078 IN A 10.80.11.078
debian-079 IN A 10.80.11.079
debian-080 IN A 10.80.11.080
debian-081 IN A 10.80.11.081
debian-082 IN A 10.80.11.082
debian-083 IN A 10.80.11.083
debian-084 IN A 10.80.11.084
debian-085 IN A 10.80.11.085
debian-086 IN A 10.80.11.086
debian-087 IN A 10.80.11.087
debian-088 IN A 10.80.11.088
debian-089 IN A 10.80.11.089
debian-090 IN A 10.80.11.090
debian-091 IN A 10.80.11.091
debian-092 IN A 10.80.11.092
debian-093 IN A 10.80.11.093
debian-094 IN A 10.80.11.094
debian-095 IN A 10.80.11.095
debian-096 IN A 10.80.11.096
debian-097 IN A 10.80.11.097
debian-098 IN A 10.80.11.098
debian-099 IN A 10.80.11.099
;cist.lan.centos (.100 - .129)
centos-100 IN A 10.80.11.100
centos-101 IN A 10.80.11.101
centos-102 IN A 10.80.11.102
centos-103 IN A 10.80.11.103
centos-104 IN A 10.80.11.104
centos-105 IN A 10.80.11.105
centos-106 IN A 10.80.11.106
centos-107 IN A 10.80.11.107
centos-108 IN A 10.80.11.108
centos-109 IN A 10.80.11.109
centos-110 IN A 10.80.11.110
centos-111 IN A 10.80.11.111
centos-112 IN A 10.80.11.112
centos-113 IN A 10.80.11.113
centos-114 IN A 10.80.11.114
centos-115 IN A 10.80.11.115
centos-116 IN A 10.80.11.116
centos-117 IN A 10.80.11.117
centos-118 IN A 10.80.11.118
centos-119 IN A 10.80.11.119
centos-120 IN A 10.80.11.120
centos-121 IN A 10.80.11.121
centos-122 IN A 10.80.11.122
centos-123 IN A 10.80.11.123
centos-124 IN A 10.80.11.124
centos-125 IN A 10.80.11.125
centos-126 IN A 10.80.11.126
centos-127 IN A 10.80.11.127
centos-128 IN A 10.80.11.128
centos-129 IN A 10.80.11.129
;cist.lan.windows (.130 - 159)
windows-130 IN A 10.80.11.130
windows-131 IN A 10.80.11.131
windows-132 IN A 10.80.11.132
windows-133 IN A 10.80.11.133
windows-134 IN A 10.80.11.134
windows-135 IN A 10.80.11.135
windows-136 IN A 10.80.11.136
windows-137 IN A 10.80.11.137
windows-138 IN A 10.80.11.138
windows-139 IN A 10.80.11.139
windows-140 IN A 10.80.11.140
windows-141 IN A 10.80.11.141
windows-142 IN A 10.80.11.142
windows-143 IN A 10.80.11.143
windows-144 IN A 10.80.11.144
windows-145 IN A 10.80.11.145
windows-146 IN A 10.80.11.146
windows-147 IN A 10.80.11.147
windows-148 IN A 10.80.11.148
windows-149 IN A 10.80.11.149
windows-150 IN A 10.80.11.150
windows-151 IN A 10.80.11.151
windows-152 IN A 10.80.11.152
windows-153 IN A 10.80.11.153
windows-154 IN A 10.80.11.154
windows-155 IN A 10.80.11.155
windows-156 IN A 10.80.11.156
windows-157 IN A 10.80.11.157
windows-158 IN A 10.80.11.158
windows-159 IN A 10.80.11.159
;cist.lan.other (.160 - .189)
other-160 IN A 10.80.11.160
other-161 IN A 10.80.11.161
other-162 IN A 10.80.11.162
other-163 IN A 10.80.11.163
other-164 IN A 10.80.11.164
other-165 IN A 10.80.11.165
other-166 IN A 10.80.11.166
other-167 IN A 10.80.11.167
other-168 IN A 10.80.11.168
other-169 IN A 10.80.11.169
other-170 IN A 10.80.11.170
other-171 IN A 10.80.11.171
other-172 IN A 10.80.11.172
other-173 IN A 10.80.11.173
other-174 IN A 10.80.11.174
other-175 IN A 10.80.11.175
other-176 IN A 10.80.11.176
other-177 IN A 10.80.11.177
other-178 IN A 10.80.11.178
other-179 IN A 10.80.11.179
other-180 IN A 10.80.11.180
other-181 IN A 10.80.11.181
other-182 IN A 10.80.11.182
other-183 IN A 10.80.11.183
other-184 IN A 10.80.11.184
other-185 IN A 10.80.11.185
other-186 IN A 10.80.11.186
other-187 IN A 10.80.11.187
other-188 IN A 10.80.11.188
other-189 IN A 10.80.11.189
;cist.lan.reserved (.190 - .219)
reserved-190 IN A 10.80.11.190
reserved-191 IN A 10.80.11.191
reserved-192 IN A 10.80.11.192
reserved-193 IN A 10.80.11.193
reserved-194 IN A 10.80.11.194
reserved-195 IN A 10.80.11.195
reserved-196 IN A 10.80.11.196
reserved-197 IN A 10.80.11.197
reserved-198 IN A 10.80.11.198
reserved-199 IN A 10.80.11.199
reserved-200 IN A 10.80.11.200
reserved-201 IN A 10.80.11.201
reserved-202 IN A 10.80.11.202
reserved-203 IN A 10.80.11.203
reserved-204 IN A 10.80.11.204
reserved-205 IN A 10.80.11.205
reserved-206 IN A 10.80.11.206
reserved-207 IN A 10.80.11.207
reserved-208 IN A 10.80.11.208
reserved-209 IN A 10.80.11.209
reserved-210 IN A 10.80.11.210
reserved-211 IN A 10.80.11.211
reserved-212 IN A 10.80.11.212
reserved-213 IN A 10.80.11.213
reserved-214 IN A 10.80.11.214
reserved-215 IN A 10.80.11.215
reserved-216 IN A 10.80.11.216
reserved-217 IN A 10.80.11.217
reserved-218 IN A 10.80.11.218
reserved-219 IN A 10.80.11.219
;cist.lan.freerange (.220 - .239)
freeRange-220 IN A 10.80.11.220
freeRange-221 IN A 10.80.11.221
freeRange-222 IN A 10.80.11.222
freeRange-223 IN A 10.80.11.223
freeRange-224 IN A 10.80.11.224
freeRange-225 IN A 10.80.11.225
freeRange-226 IN A 10.80.11.226
freeRange-227 IN A 10.80.11.227
freeRange-228 IN A 10.80.11.228
freeRange-229 IN A 10.80.11.229
freeRange-230 IN A 10.80.11.230
freeRange-231 IN A 10.80.11.231
freeRange-232 IN A 10.80.11.232
freeRange-233 IN A 10.80.11.233
freeRange-234 IN A 10.80.11.234
freeRange-235 IN A 10.80.11.235
freeRange-236 IN A 10.80.11.236
freeRange-237 IN A 10.80.11.237
freeRange-238 IN A 10.80.11.238
freeRange-239 IN A 10.80.11.239
;cist.lan.serverReserved (.240 - .254)
serverReserve-240 IN A 10.80.11.240
serverReserve-241 IN A 10.80.11.241
serverReserve-242 IN A 10.80.11.242
serverReserve-243 IN A 10.80.11.243
serverReserve-244 IN A 10.80.11.244
serverReserve-245 IN A 10.80.11.245
serverReserve-246 IN A 10.80.11.246
serverReserve-247 IN A 10.80.11.247
serverReserve-248 IN A 10.80.11.248
serverReserve-249 IN A 10.80.11.249
serverReserve-250 IN A 10.80.11.250
serverReserve-251 IN A 10.80.11.251
serverReserve-252 IN A 10.80.11.252
serverReserve-253 IN A 10.80.11.253
serverReserve-254 IN A 10.80.11.254
10.80.11
$TTL 3d
$ORIGIN cist.lan.
@ IN SOA cist.lan. root.cist.lan. (
201404201 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
IN NS ns1.cist.lan.
IN MX 5 mail
@ IN A 10.80.11.1
ns1 IN A 10.80.11.1
router IN CNAME @
dns IN CNAME router
;cist.lan.servers (001 029)
server-001 IN CNAME router
2 IN PTR server-002.cist.lan.
3 IN PTR server-003.cist.lan.
4 IN PTR server-004.cist.lan.
5 IN PTR server-005.cist.lan.
6 IN PTR server-006.cist.lan.
7 IN PTR server-007.cist.lan.
8 IN PTR server-008.cist.lan.
9 IN PTR server-009.cist.lan.
10 IN PTR server-010.cist.lan.
11 IN PTR server-011.cist.lan.
12 IN PTR server-012.cist.lan.
13 IN PTR server-013.cist.lan.
14 IN PTR server-014.cist.lan.
15 IN PTR server-015.cist.lan.
16 IN PTR server-016.cist.lan.
17 IN PTR server-017.cist.lan.
18 IN PTR server-018.cist.lan.
19 IN PTR server-019.cist.lan.
20 IN PTR server-020.cist.lan.
21 IN PTR server-021.cist.lan.
22 IN PTR server-022.cist.lan.
23 IN PTR server-023.cist.lan.
24 IN PTR server-024.cist.lan.
25 IN PTR server-025.cist.lan.
26 IN PTR server-026.cist.lan.
27 IN PTR server-027.cist.lan.
28 IN PTR server-028.cist.lan.
29 IN PTR server-029.cist.lan.
;cist.lan.future (.030 - .039)
30 IN PTR future-030.cist.lan.
31 IN PTR future-031.cist.lan.
32 IN PTR future-032.cist.lan.
33 IN PTR future-033.cist.lan.
34 IN PTR future-034.cist.lan.
35 IN PTR future-035.cist.lan.
36 IN PTR future-036.cist.lan.
37 IN PTR future-037.cist.lan.
38 IN PTR future-038.cist.lan.
39 IN PTR future-039.cist.lan.
;cist.lan.ubuntu (.040 - .069)
40 IN PTR ubuntu-040.cist.lan.
41 IN PTR ubuntu-041.cist.lan.
42 IN PTR ubuntu-042.cist.lan.
43 IN PTR ubuntu-043.cist.lan.
44 IN PTR ubuntu-044.cist.lan.
45 IN PTR ubuntu-045.cist.lan.
46 IN PTR ubuntu-046.cist.lan.
47 IN PTR ubuntu-047.cist.lan.
48 IN PTR ubuntu-048.cist.lan.
49 IN PTR ubuntu-049.cist.lan.
50 IN PTR ubuntu-050.cist.lan.
51 IN PTR ubuntu-051.cist.lan.
52 IN PTR ubuntu-052.cist.lan.
53 IN PTR ubuntu-053.cist.lan.
54 IN PTR ubuntu-054.cist.lan.
55 IN PTR ubuntu-055.cist.lan.
56 IN PTR ubuntu-056.cist.lan.
57 IN PTR ubuntu-057.cist.lan.
58 IN PTR ubuntu-058.cist.lan.
59 IN PTR ubuntu-059.cist.lan.
60 IN PTR ubuntu-060.cist.lan.
61 IN PTR ubuntu-061.cist.lan.
62 IN PTR ubuntu-062.cist.lan.
63 IN PTR ubuntu-063.cist.lan.
64 IN PTR ubuntu-064.cist.lan.
65 IN PTR ubuntu-065.cist.lan.
66 IN PTR ubuntu-066.cist.lan.
67 IN PTR ubuntu-067.cist.lan.
68 IN PTR ubuntu-068.cist.lan.
69 IN PTR ubuntu-069.cist.lan.
;cist.lan.debian (.070 - .099)
70 IN PTR debian-070.cist.lan.
71 IN PTR debian-071.cist.lan.
72 IN PTR debian-072.cist.lan.
73 IN PTR debian-073.cist.lan.
74 IN PTR debian-074.cist.lan.
75 IN PTR debian-075.cist.lan.
76 IN PTR debian-076.cist.lan.
77 IN PTR debian-077.cist.lan.
78 IN PTR debian-078.cist.lan.
79 IN PTR debian-079.cist.lan.
80 IN PTR debian-080.cist.lan.
81 IN PTR debian-081.cist.lan.
82 IN PTR debian-082.cist.lan.
83 IN PTR debian-083.cist.lan.
84 IN PTR debian-084.cist.lan.
85 IN PTR debian-085.cist.lan.
86 IN PTR debian-086.cist.lan.
87 IN PTR debian-087.cist.lan.
88 IN PTR debian-088.cist.lan.
89 IN PTR debian-089.cist.lan.
90 IN PTR debian-090.cist.lan.
91 IN PTR debian-091.cist.lan.
92 IN PTR debian-092.cist.lan.
93 IN PTR debian-093.cist.lan.
94 IN PTR debian-094.cist.lan.
95 IN PTR debian-095.cist.lan.
96 IN PTR debian-096.cist.lan.
97 IN PTR debian-097.cist.lan.
98 IN PTR debian-098.cist.lan.
99 IN PTR debian-099.cist.lan.
;cist.lan.centos (.100 - 129)
100 IN PTR centos-100.cist.lan.
101 IN PTR centos-101.cist.lan.
102 IN PTR centos-102.cist.lan.
103 IN PTR centos-103.cist.lan.
104 IN PTR centos-104.cist.lan.
105 IN PTR centos-105.cist.lan.
106 IN PTR centos-106.cist.lan.
107 IN PTR centos-107.cist.lan.
108 IN PTR centos-108.cist.lan.
109 IN PTR centos-109.cist.lan.
110 IN PTR centos-110.cist.lan.
111 IN PTR centos-111.cist.lan.
112 IN PTR centos-112.cist.lan.
113 IN PTR centos-113.cist.lan.
114 IN PTR centos-114.cist.lan.
115 IN PTR centos-115.cist.lan.
116 IN PTR centos-116.cist.lan.
117 IN PTR centos-117.cist.lan.
118 IN PTR centos-118.cist.lan.
119 IN PTR centos-119.cist.lan.
120 IN PTR centos-120.cist.lan.
121 IN PTR centos-121.cist.lan.
122 IN PTR centos-122.cist.lan.
123 IN PTR centos-123.cist.lan.
124 IN PTR centos-124.cist.lan.
125 IN PTR centos-125.cist.lan.
126 IN PTR centos-126.cist.lan.
127 IN PTR centos-127.cist.lan.
128 IN PTR centos-128.cist.lan.
129 IN PTR centos-129.cist.lan.
;cist.lan.windows (.130 - .159)
130 IN PTR windows-130.cist.lan.
131 IN PTR windows-131.cist.lan.
132 IN PTR windows-132.cist.lan.
133 IN PTR windows-133.cist.lan.
134 IN PTR windows-134.cist.lan.
135 IN PTR windows-135.cist.lan.
136 IN PTR windows-136.cist.lan.
137 IN PTR windows-137.cist.lan.
138 IN PTR windows-138.cist.lan.
139 IN PTR windows-139.cist.lan.
140 IN PTR windows-140.cist.lan.
141 IN PTR windows-141.cist.lan.
142 IN PTR windows-142.cist.lan.
143 IN PTR windows-143.cist.lan.
144 IN PTR windows-144.cist.lan.
145 IN PTR windows-145.cist.lan.
146 IN PTR windows-146.cist.lan.
147 IN PTR windows-147.cist.lan.
148 IN PTR windows-148.cist.lan.
149 IN PTR windows-149.cist.lan.
150 IN PTR windows-150.cist.lan.
151 IN PTR windows-151.cist.lan.
152 IN PTR windows-152.cist.lan.
153 IN PTR windows-153.cist.lan.
154 IN PTR windows-154.cist.lan.
155 IN PTR windows-155.cist.lan.
156 IN PTR windows-156.cist.lan.
157 IN PTR windows-157.cist.lan.
158 IN PTR windows-158.cist.lan.
159 IN PTR windows-159.cist.lan.
;cist.lan.other (.160 -.189)
160 IN PTR other-160.cist.lan.
161 IN PTR other-161.cist.lan.
162 IN PTR other-162.cist.lan.
163 IN PTR other-163.cist.lan.
164 IN PTR other-164.cist.lan.
165 IN PTR other-165.cist.lan.
166 IN PTR other-166.cist.lan.
167 IN PTR other-167.cist.lan.
168 IN PTR other-168.cist.lan.
169 IN PTR other-169.cist.lan.
170 IN PTR other-170.cist.lan.
171 IN PTR other-171.cist.lan.
172 IN PTR other-172.cist.lan.
173 IN PTR other-173.cist.lan.
174 IN PTR other-174.cist.lan.
175 IN PTR other-175.cist.lan.
176 IN PTR other-176.cist.lan.
177 IN PTR other-177.cist.lan.
178 IN PTR other-178.cist.lan.
179 IN PTR other-179.cist.lan.
180 IN PTR other-180.cist.lan.
181 IN PTR other-181.cist.lan.
182 IN PTR other-182.cist.lan.
183 IN PTR other-183.cist.lan.
184 IN PTR other-184.cist.lan.
185 IN PTR other-185.cist.lan.
186 IN PTR other-186.cist.lan.
187 IN PTR other-187.cist.lan.
188 IN PTR other-188.cist.lan.
189 IN PTR other-189.cist.lan.
;cist.lan.reserved (.190 - .219)
190 IN PTR reserved-190.cist.lan.
191 IN PTR reserved-191.cist.lan.
192 IN PTR reserved-192.cist.lan.
193 IN PTR reserved-193.cist.lan.
194 IN PTR reserved-194.cist.lan.
195 IN PTR reserved-195.cist.lan.
196 IN PTR reserved-196.cist.lan.
197 IN PTR reserved-197.cist.lan.
198 IN PTR reserved-198.cist.lan.
199 IN PTR reserved-199.cist.lan.
200 IN PTR reserved-200.cist.lan.
201 IN PTR reserved-201.cist.lan.
202 IN PTR reserved-202.cist.lan.
203 IN PTR reserved-203.cist.lan.
204 IN PTR reserved-204.cist.lan.
205 IN PTR reserved-205.cist.lan.
206 IN PTR reserved-206.cist.lan.
207 IN PTR reserved-207.cist.lan.
208 IN PTR reserved-208.cist.lan.
209 IN PTR reserved-209.cist.lan.
210 IN PTR reserved-210.cist.lan.
211 IN PTR reserved-211.cist.lan.
212 IN PTR reserved-212.cist.lan.
213 IN PTR reserved-213.cist.lan.
214 IN PTR reserved-214.cist.lan.
215 IN PTR reserved-215.cist.lan.
216 IN PTR reserved-216.cist.lan.
217 IN PTR reserved-217.cist.lan.
218 IN PTR reserved-218.cist.lan.
219 IN PTR reserved-219.cist.lan.
;cist.lan.freeRange (.220 - .239)
220 IN PTR freeRange-220.cist.lan.
221 IN PTR freeRange-221.cist.lan.
222 IN PTR freeRange-222.cist.lan.
223 IN PTR freeRange-223.cist.lan.
224 IN PTR freeRange-224.cist.lan.
225 IN PTR freeRange-225.cist.lan.
226 IN PTR freeRange-226.cist.lan.
227 IN PTR freeRange-227.cist.lan.
228 IN PTR freeRange-228.cist.lan.
229 IN PTR freeRange-229.cist.lan.
230 IN PTR freeRange-230.cist.lan.
231 IN PTR freeRange-231.cist.lan.
232 IN PTR freeRange-232.cist.lan.
233 IN PTR freeRange-233.cist.lan.
234 IN PTR freeRange-234.cist.lan.
235 IN PTR freeRange-235.cist.lan.
236 IN PTR freeRange-236.cist.lan.
237 IN PTR freeRange-237.cist.lan.
238 IN PTR freeRange-238.cist.lan.
239 IN PTR freeRange-239.cist.lan.
;cist.lan.serverReserve (.240 - .254)
240 IN PTR serverReserve-240.cist.lan.
241 IN PTR serverReserve-241.cist.lan.
242 IN PTR serverReserve-242.cist.lan.
243 IN PTR serverReserve-243.cist.lan.
244 IN PTR serverReserve-244.cist.lan.
245 IN PTR serverReserve-245.cist.lan.
246 IN PTR serverReserve-246.cist.lan.
247 IN PTR serverReserve-247.cist.lan.
248 IN PTR serverReserve-248.cist.lan.
249 IN PTR serverReserve-249.cist.lan.
250 IN PTR serverReserve-250.cist.lan.
251 IN PTR serverReserve-251.cist.lan.
252 IN PTR serverReserve-252.cist.lan.
253 IN PTR serverReserve-253.cist.lan.
254 IN PTR serverReserve-254.cist.lan.
Hardware Preparation
The cist.lan router will be connecting directly to projects.lan, so in order to make this happen, we had to add an extra NIC card to projects.lan. All of our machines are the basic setup, just with enough NIC cards to properly connect to the machines necessary.
Down to Brass Tacks
We have specific routes that we need to assign to each NIC so that we can serve a subnet of 10.80.11/24 as well as a connection to the projects.lan router, which will give us access to the outside world. The following is a list of the interfaces and their details:
cist.lan interfaces
bge0
inet 10.50.100.11 255.255.255.0 10.50.100.255 !route add -net default 10.80.11.1
- This interface connects directly to projects.lan.
- The IP address for this interface has been statically assigned as 10.50.100.11.
fxp0
inet 10.80.11.1 255.255.255.0 10.80.11.255
- This interface serves the 10.80.11/24 subnet.
- The static IP address of this interface is 10.80.11.1.
projects.lan
fxp0
inet 10.50.100.3 255.255.255.255 10.50.100.255 !route add -net 10.80.11.0/24 10.50.100.11
- This interface connects directly to cist.lan.
- The IP address for this interface has been statically assigned to as 10.50.100.3.
* Note: An “issue” appears when someone pings the router from, for example, the pods where you can successfully ping the 10.80.11/24 subnet, but, when you try to ping an address besides the projects.lan addresses, it does not successfully send packets to the destination. This is due to the 10.50.100.3 and 10.50.100.4 connection between projects.lan (10.50.100.3) and cist.lan (10.50.100.4); only projects.lan knows about the address, so when someone tries to ping from cist.lan to caprisun, juicebox, or offbyone, the packets do not reach those machines. It is possible to ping 10.80.11/24 and ping from that subnet, however.
pf.conf configuration
# $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
# increase default state limit from 10'000 states on busy systems
#set limit states 100000
ext_if="bge0"
int_if="fxp0"
lnet="$int_if:network"
set skip on { lo }
# filter rules and anchor for ftp-proxy(8)
#anchor "ftp-proxy/*"
#pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021
# anchor for relayd(8)
#anchor "relayd/*"
block in on $ext_if # block stateless traffic
pass in on $int_if # establish keep-state
pass out on { $int_if } from any to any keep state
pass quick inet proto icmp from any to any keep state
antispoof quick for { $int_if, $ext_if } inet
pass in quick on { $int_if, $ext_if } proto tcp flags S/SA keep state
# rules for spamd(8)
#table <spamd-white> persist
#table <nospamd> persist file "/etc/mail/nospamd"
#pass in on egress proto tcp from any to any port smtp \
# rdr-to 127.0.0.1 port spamd
#pass in on egress proto tcp from <nospamd> to any port smtp
#pass in log on egress proto tcp from <spamd-white> to any port smtp
#pass out log on egress proto tcp to any port smtp
#block in quick from urpf-failed to any # use with care
# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010
lair/cist.lan/start/routerconfig.txt · Last modified: 2014/04/30 15:28 by eolson1
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
