From: lee <[email protected].> Date: Sat, 30 Oct 2010 17:09:36 +0200 > What's the purpose of having "various machines" connected via a modem?
There are two sites from which I use a dial-up modem connection. There is a machine at each site. The diagram does not depict these machines individually. > Then I'd change the cabling, i. e. get a switch or, if none is > available, use the hub instead. Plug the switch/hub into eth1 on > Dalton. > > Simplify IPs, ... Most cpu cycles on Dalton and Joule are idle. I wouldn't be surpised to find that 99% of cycles are unused. My intention is to let Dalton and Joule do the routing and to minimize the hardware running 24/7. That is why NetworkProposed.jpg shows Dalton bridging to Carnot and no AT 3612TR hub. The arrangement of subnets 172.23.n.1-172.23.n.2 on Joule and 172.24.n.1-172.24.n.2 on Dalton was suggested in this list a few years back. If you are interested I can hunt for the message. > Set up a nameserver on Dalton. dnsmasq has been running on Dalton and Joule for at least a year. > I take it that 142.103.107.137 is the public IP ... 142.103.107.137, 142.103.107.138 and 142.103.107.139 are for my use. Currently Dalton uses 142.103.107.137 and Carnot uses 142.103.107.138. 142.103.107.139 isn't used routinely. > Then for Dalton it's > > zones: ... Shorewall works well on Dalton and Joule as it is, but yes, reviewing to find further simplifications is a good idea. > Now for the VPN, it is most important to remember that every machine > that needs to be reachable through the VPN MUST have (a second) IP > address for that. You can give several IPs to the same physical > interface. In the Extant Network, Curie is the only subnetted machine which runs a server; it has an FTP server. Documentation gave me the impression that routing would allow Cantor to FTP a file from Curie. The routing is specified in the OpenVPN configuration files. Here are extracts. # dalton:/etc/openvpn/myvpn.conf # Curie route 172.23.4.2 # joule:/etc/openvpn/myvpn.conf # Cantor. route 172.24.1.2 I've never tested this connection but can test later this week. > You could use another subnet for the VPN, like 192.168.150.0/24. I have no complaints against the VPN as it is. > Carnot would have an interface eth0:1 with the IP > 192.168.150.10 and Dalton would have eth1:1 with 192.168.150.1. Dalton > would be the gateway for Carnot for eth0:1. As mentioned previously, the bridge to Carnot suggested by Jesus Navarro worked, although a problem appeared for Cantor. I'll try it again when there is time to spare and will pay attention to virtual interfaces. I've tried to reply to all of your comments and suggestions in message <[email protected]>. If you find that I've missed something please let me know. Thanks for the ideas, ... Peter E. -- Telephone 1 360 450 2132. 7785886232 is gone. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive; installation of NetBSD on new drives pending. Personal pages, http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
