Changing networking Setup in Solar System

Introduction

This usually takes a day should only take an hour, but always miss something and have to troubleshoot for at least 5 hours. Made these instructions just in case, god forbid when have to do it again i might not screw it up.

Using the setting below they are pretty obscure and leaves room for some different subnets so a great choice for avoiding VPN IP clashes. Also the subnet mask works with most of the router mentioned above learned this the hard way you have to redo or learn routing on the fly both sucked.

Not going to go into a ton of details as this post is already taking up too much of my time, and noticing how complex my netowrk is. Writing this mostly for my own notes, but since i have had alot of help from others on forums and blogs like this one, to get these types of things going figure it is time to start to give something back. Here is the future nework infos to get you started;

Network 10.22.16.0
Broadcast 10.22.31.255
Netmast 255.255.240.0 or /22
Gateway 10.22.20.254

Best to do everything from the main server less chance of disconnecting yourself from the network, or at least on the LAN. Not to brag but I can and have done this remotely before, but it is a bit of a nail biter.

Hyper-visor

Setup the main server its the most important and changes do not have to take effect until you reboot. My server is a Debian based hyper-visor so i add this to /etc/network/interfaces just the vmbr0 things need to be messed with.

/etc/network/interfaces

auto lo
iface lo inet loopback

# This is WAN
iface eth0 inet manual

# This is LAN
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.22.20.200
netmask 255.255.240.0
# These are correct sometime i comment them out so do not have to change them defaults are fine
network 10.22.16.0
broadcast 10.22.31.255
gateway 10.22.20.254
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet manual
bridge_ports eth1
bridge_stp off
bridge_fd

Routers

Setup Routers example Cisco, Linksys, Dlink, or others wireless or not. Set these up first so you donot  loss it having to plug a cable in, and mess with network setting on laptop to match things back up boo nobody like a newbie.

Domain Name Server and Dynamic Host Protocol

Mercury the DNS and DHCP server this is probably the most time consuming however i have done it enough times now there should be a bunch of template files for different network lying around already. First thing to do is setup the network interfaces file see below.

/etc/network/interfaces
… snip

subnet 10.22.16.0 netmask 255.255.240.0 {
  range 10.22.20.30 10.22.20.99;
  option routers 10.22.20.254;
  option ntp-servers 10.22.20.200;
  option domain-name "solar.lan";
  option domain-name-servers 10.22.20.201, 8.8.8.8, 8.8.4.4;
}

snip …

DNS

Now that old black magic DNS several files get edited here /etc/bind/named.conf.local and new zone files get created by copying the old ones that how i end up with template files. Pretty strait forward unless something goes wrong however me being a self certified DNS wizard that never happens anymore, as always remember to update the serial number in the db files.

/etc/bind/named.conf.local
…. snip

zone "solar.lan" {
        type master;
        file "/etc/bind/db.solar.lan";
        allow-update { key DYNAMICDNS; };
};

zone "20.22.10.in-addr.arpa" {
        type master;
        file "/etc/bind/db.20.22.10";
        allow-update { key DYNAMICDNS; };
};

… snip

/etc/bind/db.solar.lan

$ORIGIN .
$TTL 172800     ; 2 days
solar.lan               IN SOA  ns1.solar.lan. hostmaster.solar.lan. (
                                2012101902 ; serial
                                21600      ; refresh (6 hours)
                                900        ; retry (15 minutes)
                                1814400    ; expire (3 weeks)
                                10800      ; minimum (3 hours)
                                )
                        NS      ns1.solar.lan.
                        NS      ns2.solar.lan.
                        A       10.22.20.201
                        MX      10 mx1.solar.lan.
$ORIGIN solar.lan.
sun                     A       10.22.20.200
earth                   A       10.22.20.203
gw1                     A       10.22.20.254

snip ….

/etc/bind/db.10.22.20

$ORIGIN .
$TTL 172800     ; 2 days
22.22.10.in-addr.arpa   IN SOA  ns1.solar.lan. hostmaster.solar.lan. (
                                2012091601 ; serial
                                21600      ; refresh (6 hours)
                                900        ; retry (15 minutes)
                                1814400    ; expire (3 weeks)
                                10800      ; minimum (3 hours)
                                )
                        NS      ns1.solar.lan.
                        NS      ns2.solar.lan.
$ORIGIN 22.22.10.in-addr.arpa.
$TTL 600        ; 10 minutes
$TTL 172800     ; 2 days
200                     PTR     gw1.solar.lan.
                        PTR     sun.solar.lan.
201                     PTR     ns1.solar.lan.

snip …

DHCP

Finally editing the /etc/dhcp/dhcpd.conf relevant bits should be like this you could also reset the DHCP server after the changes below, watching the logs to see if you made errors.

/etc/dhcp/dhcpd.conf
… snip

subnet 10.22.16.0 netmask 255.255.240.0 {
  range 10.22.20.30 10.22.20.99;
  option routers 10.22.20.254;
  option ntp-servers 10.22.20.200;
  option domain-name "solar.lan";
  option domain-name-servers 10.22.20.201, 8.8.8.8, 8.8.4.4;
}

snip …

Virtual Machines

VM’s some are vnet so only require setting things up in the GUI, others are venet or KVM so have their own /etc/network/interfaces files. You have to go through one at a time as they are all static an will probably stay that way i do have a DHCP server, might setup on day? They should look something like below.
DO NOT forget to change the name servers either in the GUI or /etc/network/interfaces or /etc/resolv.conf

/etc/network/interfaces

# Auto generated lo interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.22.20.202
netmask 255.255.240.0
gateway 10.22.20.254
# Might be good to assign name servers here as i forgot to edit /etc/resolv.conf once and caused me hours of grief
nameservers 10.22.20.201 8.8.8.8
# This is new and needed, but i have not tried it yet
# ntp server 10.22.20.200

/etc/resolve.conf

domain solar.lan
search solar.lan
nameserver 10.22.20.201
# can i use a hostname here would be best
# namserver ns1.solar.lan
nameserver 8.8.8.8
nameserver 8.8.4.4

Firewall and Router

I have saved this for last as my firewall is GUI based i know a lame, but it is really pretty and i like the eye candy it does sucks for creating new rules not cut and paste like text files. More importantly that means that changes take effect immediately so you can knock yourself and everyone else off the LAN. However if you have done everything else and restarted DNS, and especially the DHCP servers you can reconnect to the LAN. We will not be adjusting the WAN so if you are remote you should be safe. The Routers can also be a bit of a gotcha here think it threw!

Restart Things

Ok this is the last step, now is a fabulous time to double check, or triple check everything if you are remote right now cross your fingers, reboot the router(s), then the hyper-visor.

You’re still goin’ strong

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.