Sidebar
This is an old revision of the document!
Table of Contents
Router Configuration
The following are the steps taken to properly run a new router, cist.lan.
setting up DHCP and DNS
Add a zone in '/var/named/etc/named.conf' for “cist.lan”
zone "cist.lan" {
type master;
file "master/cist.lan";
//don't allow transfers, cist.lan will not be allowed to get out.
}
Hardware Preparation
The cist.lan router will be connecting directly to projects.lan, so in order to make this happen, we had to add an extra NIC card to projects.lan. All of our machines are the basic setup, just with enough NIC cards to properly connect to the machines necessary.
Down to Brass Tax
We have specific routes that we need to assign to each NIC so that we can serve a subnet of 10.80.11/24 as well as a connection to the projects.lan router, which will give us access to the outside world. The following is a list of the interfaces and their details:
cist.lan interfaces
bge0
inet 10.50.100.11 255.255.255.0 10.50.100.255 !route add -net default 10.80.11.1
- This interface connects directly to projects.lan.
- The IP address for this interface has been statically assigned as 10.50.100.11.
fxp0
inet 10.80.11.1 255.255.255.0 10.80.11.255
- This interface serves the 10.80.11/24 subnet.
- The static IP address of this interface is 10.80.11.1.
projects.lan
fxp0
inet 10.50.100.3 255.255.255.255 10.50.100.255 !route add -net 10.80.11.0/24 10.50.100.11
- This interface connects directly to cist.lan.
- The IP address for this interface has been statically assigned to as 10.50.100.3.
* Note: An “issue” appears when someone pings the router from, for example, the pods where you can successfully ping the 10.80.11/24 subnet, but, when you try to ping an address besides the projects.lan addresses, it does not successfully send packets to the destination. This is due to the 10.50.100.3 and 10.50.100.4 connection between projects.lan (10.50.100.3) and cist.lan (10.50.100.4); only projects.lan knows about the address, so when someone tries to ping from cist.lan to caprisun, juicebox, or offbyone, the packets do not reach those machines. It is possible to ping 10.80.11/24 and ping from that subnet, however.
