Linux in a Windows Workstation Environment, Part II: Local Network Support

This article series covers the development of a Linux-based server that supports a number of workstations running the Microsoft Windows operating system in the computer laboratory of a 55+ RV Resort in Mesa, Arizona. Part I covered the background of our organization, the establishment of our Linux system and the rules for our iptables firewall. This article covers network functions such as IP address serving, a cache-only name server, an intranet Web server and print and file services using the service message block (SMB) protocol.

As noted in the previous article, our computer lab is connected to the Internet by way of a T1 line, which is shared with the business and sales offices and the Wi-Fi connections of the RV resort, all of which share a single IP address. An upstream router handles the necessary network address translation (NAT) to and from non-routable addresses in the 10.10.x.0 networks. Before installation of our firewall, all machines in the computer lab were assigned addresses on the 10.10.4.0 net. Now, only the external interface of the firewall belongs to that network. The internal address of the firewall, the printers, all of the computers in the lab and any laptops temporarily connected to the network are assigned addresses of the form 10.10.10.x. The firewall/server interface has a fixed address of 10.10.10.1, and the printers are fixed at 10.10.10.253 and 10.10.10.254. All other machines get their IP addresses from the DHCP server running on the Linux system. For ease of maintenance, I prefer to control the addresses of the desktop computers. Thus, our DHCP control file assigns fixed addresses based on the MAC address of the client.

The DHCP server in the SuSE distribution is controlled by the file etc/dhcpd.conf. An annotated listing of part of our file is shown below. The first statement defines the name for the network. This name is registered; however, no external DNS entries point to this system. Its use here, therefore, is fictitious.

option domain-name "mesaregalcc.org";

The next entry enumerates the name servers for this network, starting with the IP address of our server, which caches DNS entries. The configuration of this facility is described later in this article. The backslash (\) indicates that the command is continued on the next line.

option domain-name-servers 10.10.10.1, 198.6.1.4, 198.6.1.5, \
        198.6.1.195;

Next we define the gateway/router for the network.

option routers 10.10.10.1;

The next stanza defines the network and the range of dynamic addresses to be used. As shown, we have 50 IP numbers that are dynamically assigned. These addresses are issued to notebook computers that are brought into the computer room and temporarily attached to the wired network.

subnet 10.10.10.0 netmask 255.255.255.0 {
  option broadcast-address 10.10.10.255;
  range 10.10.10.50 10.10.10.199;
  max-lease-time 3600;
}

The next stanza keeps the DHCP server from issuing any addresses on the external interface. The upstream router handles this function.

subnet 10.10.4.0 netmask 255.255.255.0 {
}

The final group of statements defines the fixed addresses for the workstations, which are assigned as follows: the instructor's computer has an IP address equal to 10.10.10.200; the computer named mrlab1.mesaregalcc.net has an IP address of 10.10.10.201; and so on. The # character starts a comment.

group {
  option subnet-mask 255.255.255.0;
  option broadcast-address 10.10.10.255;
  max-lease-time 100000;
#
host MRLAB1 {
    hardware ethernet 00:0F:FE:02:C2:12;
    fixed-address 10.10.10.201;
  }
...
}

As noted above, the workstation clients first contact the Linux computer when they attempt to resolve a network address. Our name server does not attempt to resolve any unknown addresses, but caches the addresses resolved by the external name servers. This facility is used for two reason. First, it speeds name serving for the external machines frequently accessed. Second, the SuSE distribution configures this functionality with essentially no changes. The only line of the configuration file, /etc/named.conf, that needed to be changed is presented below:

# The forwarders record contains a list of servers to which unsatisfied queries
# should be forwarded.  Enable this line and modify the IP address to
# your provider's name server.  Up to three servers may be listed.
# ******* This next line is the only one changed at Mesa Regal.
forwarders { 198.6.1.4, 198.6.1.5, 198.6.1.195; };