Setting up a Private LAN on skynet for the Trainee VMs
A private LAN is required, as a cluster of trainee admin Xen VMs are going to be created. Rather than giving the trainee admin VMs an external ip, a Private LAN is going to be setup, and dom0 is going to be the Default Gateway for the Private LAN.
The Private LAN IP Range on skynet is: 172.20.20.0/24
Setup on Firewalls
vi /etc/network/interfaces #add the following line: up route add -net 172.20.20.0 netmask 255.255.255.0 gw 220.127.116.11 dev intif #where 18.104.22.168 is dom0. This allows all skynet machines to ping the VMs. #had to add "dev intif" to explicitly put route in the internal ethernet card. --steviewdr 17-Nov-08
Settings for a machine on the Private LAN
auto eth0 iface eth0 inet static address 172.20.20.10 gateway 172.20.20.1 netmask 255.255.255.0
With the above settings, machines on the Private LAN can only access "externally available" machines, such as skynet.skynet.ie and visa versa. To allow all skynet machines access the Private LAN, and visa versa, the following firewall rule is required:
iptables -A FORWARD -s 22.214.171.124/26 -d 172.20.20.0/24 -j ACCEPT iptables -A FORWARD -d 126.96.36.199/26 -s 172.20.20.0/24 -j ACCEPT bishop:/etc/init.d# svn commit -m "Update Firewall with latest rules on bishop. --steviewdr"
Note: this rule should be placed towards the bottom of the FORWARD table.
OLD Setup on the two Routers
Setup on Joshua
vi /etc/network/interfaces #Private LAN for Trainee Admin VMs on hex. --steviewdr 25-Jul-07 auto intif:1 iface intif:1 inet static address 172.20.20.1 netmask 255.255.255.0 broadcast 172.20.20.255 ifup intif:1 #check route with: route
Setup on Bishop
vi /etc/network/interfaces #Private LAN for Trainee Admin VMs on hex. --steviewdr 25-Jul-07 auto intif:1 iface intif:1 inet static address 172.20.20.2 netmask 255.255.255.0 broadcast 172.20.20.255 ifup intif:1 #check route with: route