Linux in a Windows Workstation Environment, Part II: Local Network Support

Setting up local network support for file shares, print serving and intranet services.

This article series covers the development of a Linux-based server that supports a number of workstations running the Microsoft Windows operating system in the computer laboratory of a 55+ RV Resort in Mesa, Arizona. Part I covered the background of our organization, the establishment of our Linux system and the rules for our iptables firewall. This article covers network functions such as IP address serving, a cache-only name server, an intranet Web server and print and file services using the service message block (SMB) protocol.

DHCP Server

As noted in the previous article, our computer lab is connected to the Internet by way of a T1 line, which is shared with the business and sales offices and the Wi-Fi connections of the RV resort, all of which share a single IP address. An upstream router handles the necessary network address translation (NAT) to and from non-routable addresses in the 10.10.x.0 networks. Before installation of our firewall, all machines in the computer lab were assigned addresses on the 10.10.4.0 net. Now, only the external interface of the firewall belongs to that network. The internal address of the firewall, the printers, all of the computers in the lab and any laptops temporarily connected to the network are assigned addresses of the form 10.10.10.x. The firewall/server interface has a fixed address of 10.10.10.1, and the printers are fixed at 10.10.10.253 and 10.10.10.254. All other machines get their IP addresses from the DHCP server running on the Linux system. For ease of maintenance, I prefer to control the addresses of the desktop computers. Thus, our DHCP control file assigns fixed addresses based on the MAC address of the client.

The DHCP server in the SuSE distribution is controlled by the file etc/dhcpd.conf. An annotated listing of part of our file is shown below. The first statement defines the name for the network. This name is registered; however, no external DNS entries point to this system. Its use here, therefore, is fictitious.


option domain-name "mesaregalcc.org";

The next entry enumerates the name servers for this network, starting with the IP address of our server, which caches DNS entries. The configuration of this facility is described later in this article. The backslash (\) indicates that the command is continued on the next line.


option domain-name-servers 10.10.10.1, 198.6.1.4, 198.6.1.5, \
        198.6.1.195;

Next we define the gateway/router for the network.


option routers 10.10.10.1;

The next stanza defines the network and the range of dynamic addresses to be used. As shown, we have 50 IP numbers that are dynamically assigned. These addresses are issued to notebook computers that are brought into the computer room and temporarily attached to the wired network.


subnet 10.10.10.0 netmask 255.255.255.0 {
  option broadcast-address 10.10.10.255;
  range 10.10.10.50 10.10.10.199;
  max-lease-time 3600;
}

The next stanza keeps the DHCP server from issuing any addresses on the external interface. The upstream router handles this function.


subnet 10.10.4.0 netmask 255.255.255.0 {
}

The final group of statements defines the fixed addresses for the workstations, which are assigned as follows: the instructor's computer has an IP address equal to 10.10.10.200; the computer named mrlab1.mesaregalcc.net has an IP address of 10.10.10.201; and so on. The # character starts a comment.


group {
  option subnet-mask 255.255.255.0;
  option broadcast-address 10.10.10.255;
  max-lease-time 100000;
#
host MRLAB1 {
    hardware ethernet 00:0F:FE:02:C2:12;
    fixed-address 10.10.10.201;
  }
...
}

Cache-Only Name Server

As noted above, the workstation clients first contact the Linux computer when they attempt to resolve a network address. Our name server does not attempt to resolve any unknown addresses, but caches the addresses resolved by the external name servers. This facility is used for two reason. First, it speeds name serving for the external machines frequently accessed. Second, the SuSE distribution configures this functionality with essentially no changes. The only line of the configuration file, /etc/named.conf, that needed to be changed is presented below:


# The forwarders record contains a list of servers to which unsatisfied queries
# should be forwarded.  Enable this line and modify the IP address to
# your provider's name server.  Up to three servers may be listed.
# ******* This next line is the only one changed at Mesa Regal.
forwarders { 198.6.1.4, 198.6.1.5, 198.6.1.195; };

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hello my name is josh and i w

Anonymous's picture

hello my name is josh and i was wandering how you put out comment

wput link is down .... :(

Anonymous's picture

wput link is down .... :(

It works now - must have been

Larry's picture

It works now - must have been temporary.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix