Network
From Smop.co.uk
| IP | device | interface |
|---|---|---|
| 81.5.177.202 | netgear | main |
| 81.5.177.201 | ferro | ext0 |
| 192.168.100.1 | ferro | dmz0 |
| 192.168.100.2 | spunkmeyer | dmz0 |
| 192.168.100.3 | vasquez | dmz0 |
| 192.168.100.4 | burke | dmz0 |
| 192.168.101.1 | spunkmeyer | int0 |
| | | |
| 192.168.101.3 | ripley | int0 |
| 192.168.101.4 | bishop | int0 |
| 192.168.101.10 | ash | int0 |
| 192.168.101.21 | adrian | int0 |
| 192.168.101.22 | nokiae60 | wifi |
Machine naming convention
Names have been chosen from the movie Aliens (mostly). Names for future use:
- hicks
- apone
- dietrich
- frost
- crowe
- hudson
- gorman
- wierzbowski
Service names
Services names should always be used whenever possible. Some services have a master/slave relationship. Administration is normally carried out on the master. The slave synchronises with the master, all servers talk _only_ to the slave.
External services:
- www (webserver)
- mail (email server)
Internal services:
- ldap (master)
- ldap1 (slave)
- ns (master)
- ns1 (slave)
- ntp1 (master - no slave)
Internal names:
- mgmt (mgmt server)
- puppet (puppet server)
Currently most services names are aliases using CNAMEs rather than having dedicated service IPs. This will change if/when HA is implemented.
Network settings
I use /etc/iftab and ifrename to bind MAC addresses to interface names permanently:
dmz0 mac 00:16:3E:00:04:00
Alternatively you can now do this in udev using /etc/udev/rules.d/z25_persistent-net.rules:
# PCI device 0x1385:0x4100 (orinoco_plx)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:ab:09:5d:8d", NAME="eth2"
Where needed, I've added extra routes (e.g. the DMZ boxes need to know how to route back to the internal network). I've done this in /etc/network/interfaces, I'm not convinced it's the correct approach:
iface dmz0 inet static ... post-up route add -net 192.168.101.0/24 gw 192.168.100.2 pre-down route delete -net 192.168.101.0/24 gw 192.168.100.2
