Loading
Linux in a Windows Workstation Environment, Part II: Local Network Support
Setting up local network support for file shares, print serving and intranet services.
This article series covers the development of a Linux-based server that supports a number of workstations running the Microsoft Windows operating system in the computer laboratory of a 55+ RV Resort in Mesa, Arizona. Part I covered the background of our organization, the establishment of our Linux system and the rules for our iptables firewall. This article covers network functions such as IP address serving, a cache-only name server, an intranet Web server and print and file services using the service message block (SMB) protocol.
As noted in the previous article, our computer lab is connected to the Internet by way of a T1 line, which is shared with the business and sales offices and the Wi-Fi connections of the RV resort, all of which share a single IP address. An upstream router handles the necessary network address translation (NAT) to and from non-routable addresses in the 10.10.x.0 networks. Before installation of our firewall, all machines in the computer lab were assigned addresses on the 10.10.4.0 net. Now, only the external interface of the firewall belongs to that network. The internal address of the firewall, the printers, all of the computers in the lab and any laptops temporarily connected to the network are assigned addresses of the form 10.10.10.x. The firewall/server interface has a fixed address of 10.10.10.1, and the printers are fixed at 10.10.10.253 and 10.10.10.254. All other machines get their IP addresses from the DHCP server running on the Linux system. For ease of maintenance, I prefer to control the addresses of the desktop computers. Thus, our DHCP control file assigns fixed addresses based on the MAC address of the client.
The DHCP server in the SuSE distribution is controlled by the file etc/dhcpd.conf. An annotated listing of part of our file is shown below. The first statement defines the name for the network. This name is registered; however, no external DNS entries point to this system. Its use here, therefore, is fictitious.
option domain-name "mesaregalcc.org";
The next entry enumerates the name servers for this network, starting with the IP address of our server, which caches DNS entries. The configuration of this facility is described later in this article. The backslash (\) indicates that the command is continued on the next line.
option domain-name-servers 10.10.10.1, 198.6.1.4, 198.6.1.5, \
198.6.1.195;
Next we define the gateway/router for the network.
option routers 10.10.10.1;
The next stanza defines the network and the range of dynamic addresses to be used. As shown, we have 50 IP numbers that are dynamically assigned. These addresses are issued to notebook computers that are brought into the computer room and temporarily attached to the wired network.
subnet 10.10.10.0 netmask 255.255.255.0 {
option broadcast-address 10.10.10.255;
range 10.10.10.50 10.10.10.199;
max-lease-time 3600;
}
The next stanza keeps the DHCP server from issuing any addresses on the external interface. The upstream router handles this function.
subnet 10.10.4.0 netmask 255.255.255.0 {
}
The final group of statements defines the fixed addresses for the workstations, which are assigned as follows: the instructor's computer has an IP address equal to 10.10.10.200; the computer named mrlab1.mesaregalcc.net has an IP address of 10.10.10.201; and so on. The # character starts a comment.
group {
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
max-lease-time 100000;
#
host MRLAB1 {
hardware ethernet 00:0F:FE:02:C2:12;
fixed-address 10.10.10.201;
}
...
}
As noted above, the workstation clients first contact the Linux computer when they attempt to resolve a network address. Our name server does not attempt to resolve any unknown addresses, but caches the addresses resolved by the external name servers. This facility is used for two reason. First, it speeds name serving for the external machines frequently accessed. Second, the SuSE distribution configures this functionality with essentially no changes. The only line of the configuration file, /etc/named.conf, that needed to be changed is presented below:
# The forwarders record contains a list of servers to which unsatisfied queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
# ******* This next line is the only one changed at Mesa Regal.
forwarders { 198.6.1.4, 198.6.1.5, 198.6.1.195; };
______________________
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
- RSS Feeds
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Developer Poll
- Trying to Tame the Tablet
- not living upto the mobile revolution
26 min 7 sec ago - Deceptive Advertising and
1 hour 1 min ago - Let\'s declare that you have
1 hour 2 min ago - Alterations in Contest Due
1 hour 3 min ago - At a numbers mindset, your
1 hour 4 min ago - Do not get Just Almost any
1 hour 8 min ago - A fantastic rule-of-thumb to
1 hour 9 min ago - Keren mastah..
Penting,
2 hours 7 min ago - mini tablet compare
3 hours 26 min ago - Looking Good
6 hours 59 min ago
Poll
Comments
hello my name is josh and i w
hello my name is josh and i was wandering how you put out comment
wput link is down .... :(
wput link is down .... :(
It works now - must have been
It works now - must have been temporary.