(no commit message)

[wiki] / examples / simple-bridging-with-dhcp-server-side.mdwn

>     [[!meta title="simple-bridging-with-dhcp-server-side"]]
>     
>     # Company:  PowerCraft Technology
>     # Author:   Copyright Jelle de Jong <jelledejong@powercraft.nl>
>     # Note:     Please send me an email if you enhanced the document
>     # Date:     2010-05-24 / 2010-07-04
>     # License:  CC-BY-SA
>     
>     # This document is free documentation; you can redistribute it and/or
>     # modify it under the terms of the Creative Commons Attribution Share
>     # Alike as published by the Creative Commons Foundation; either version
>     # 3.0 of the License, or (at your option) any later version.
>     #
>     # This document is distributed in the hope that it will be useful,
>     # but WITHOUT ANY WARRANTY; without even the implied warranty of
>     # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>     # Creative Commons BY-SA License for more details.
>     #
>     # http://creativecommons.org/licenses/by-sa/
>     
>     #-----------------------------------------------------------------------
>     
>     # for commercial support contact me, part of the revenue go back to tinc
>     
>     #-----------------------------------------------------------------------
>     
>     # http://www.tinc-vpn.org/
>     # http://www.tinc-vpn.org/examples/bridging
>     # http://www.tinc-vpn.org/documentation/tinc_toc
>     
>     #-----------------------------------------------------------------------
>     
>     # <@guus> Well all the tinc daemons together act like a single switcch
>     # <@guus> And each node in the VPN is connected to a port of that switch
>     # <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch
>     
>     #-----------------------------------------------------------------------
>     
>     unset LANG LANGUAGE LC_ALL
>     apt-get update; apt-get dist-upgrade
>     
>     apt-cache show tinc
>     apt-get install tinc
>     apt-get install bridge-utils
>     
>     #-----------------------------------------------------------------------
>     
>     /etc/init.d/tinc stop
>     
>     #-----------------------------------------------------------------------
>     
>     # ls -hal /dev/net/tun
>     crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun
>     
>     # grep tinc /etc/services
>     tinc        655/tcp             # tinc control port
>     tinc        655/udp
>     
>     cat /usr/share/doc/tinc/README.Debian
>     zcat /usr/share/doc/tinc/README.gz | less
>     zcat /usr/share/doc/tinc/NEWS.gz | less
>     cat /usr/share/doc/tinc/examples/tinc-up
>     w3m /usr/share/doc/tinc/tinc_0.html
>     
>     cat /etc/default/tinc
>     less /etc/init.d/tinc
>     
>     #-----------------------------------------------------------------------
>     
>     vim /etc/default/tinc
>     EXTRA="-d"
>     cat /etc/default/tinc
>     
>     #-----------------------------------------------------------------------
>     
>     cat /etc/tinc/nets.boot
>     echo 'powercraft01' | tee --append /etc/tinc/nets.boot
>     cat /etc/tinc/nets.boot
>     
>     #-----------------------------------------------------------------------
>     
>     ls -hal /etc/tinc/scallab01/
>     mkdir --verbose /etc/tinc/powercraft01/
>     mkdir --verbose /etc/tinc/powercraft01/hosts/
>     touch /etc/tinc/powercraft01/tinc.conf
>     
>     #-----------------------------------------------------------------------
>     
>     vim /etc/network/interfaces
>     
>     # tinc-vpn: dhcp bridge
>     auto br0
>       iface br0 inet static
>       address 192.168.3.1
>       netmask 255.255.255.0
>     # pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7
>     # pre-up /sbin/ifconfig eth2 0.0.0.0
>     # bridge_ports eth2
>       bridge_ports tun1
>       bridge_maxwait 1
>       bridge_fd 2.5
>       post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp
>     
>     cat /etc/network/interfaces
>     
>     #-----------------------------------------------------------------------
>     
>     echo 'interface "br0" {
>       request subnet-mask, broadcast-address, time-offset,
>         host-name, netbios-scope, interface-mtu, ntp-servers;
>     }' | tee --append /etc/dhcp3/dhclient.conf
>     
>     cat /etc/dhcp3/dhclient.conf
>     
>     #-----------------------------------------------------------------------
>     
>     vim /etc/dhcp3/dhcpd.conf
>     
>     subnet 192.168.3.0 netmask 255.255.255.0 {
>         range 192.168.3.200 192.168.3.240;
>         option routers 192.168.3.1;
>         option domain-name-servers 192.168.3.1;
>     }
>     
>     #-----------------------------------------------------------------------
>     
>     ifdown br0
>     ifup br0
>     
>     #-----------------------------------------------------------------------
>     
>     vim /etc/default/dhcp3-server
>         INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location
>     
>     /etc/init.d/dhcp3-server restart
>     ps aux | grep dhcp
>     tail -n 400 -f /var/log/syslog
>     
>     #-----------------------------------------------------------------------
>     
>     ifconfig br0
>     route -n
>     brctl show
>     
>     #-----------------------------------------------------------------------
>     
>     # ifconfig br0
>     br0       Link encap:Ethernet  HWaddr 00:00:00:00:00:00
>               inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
>               inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
>               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>               RX packets:12 errors:0 dropped:0 overruns:0 frame:0
>               TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
>               collisions:0 txqueuelen:0
>               RX bytes:2568 (2.5 KB)  TX bytes:1536 (1.5 KB)
>     
>     # route -n
>     Kernel IP routing table
>     Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>     192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
>     192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan2
>     192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
>     84.245.3.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
>     0.0.0.0         84.245.3.1      0.0.0.0         UG    100    0        0 eth1
>     
>     # brctl show
>     bridge name bridge id       STP enabled interfaces
>     br0     8000.000000000000   no
>     
>     #-----------------------------------------------------------------------
>     
>     echo 'AddressFamily = ipv4
>     Device = /dev/net/tun
>     Interface = tun1
>     Mode = switch
>     Name = server01' | tee /etc/tinc/powercraft01/tinc.conf
>     
>     cat /etc/tinc/powercraft01/tinc.conf
>     chmod 640 /etc/tinc/powercraft01/tinc.conf
>     ls -hal /etc/tinc/powercraft01/tinc.conf
>     
>     echo '#!/bin/sh
>     ifconfig $INTERFACE 0.0.0.0
>     brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up
>     
>     cat /etc/tinc/powercraft01/tinc-up
>     chmod 750 /etc/tinc/powercraft01/tinc-up
>     ls -hal /etc/tinc/powercraft01/tinc-up
>     
>     echo '#!/bin/sh
>     brctl delif br0 $INTERFACE
>     ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down
>     
>     cat /etc/tinc/powercraft01/tinc-down
>     chmod 750 /etc/tinc/powercraft01/tinc-down
>     ls -hal /etc/tinc/powercraft01/tinc-down
>     
>     #-----------------------------------------------------------------------
>     
>     rm /etc/tinc/powercraft01/rsa_key.priv
>     rm /etc/tinc/powercraft01/hosts/server01
>     tincd -n powercraft01 -K
>     
>     #-----------------------------------------------------------------------
>     
>     getent services | grep 656
>     
>     #-----------------------------------------------------------------------
>     
>     vim /etc/tinc/powercraft01/hosts/server01
>     
>     # add on head of file
>     Compression = 9
>     PMTU = 1492
>     PMTUDiscovery = yes
>     Port = 656
>     
>     cat /etc/tinc/powercraft01/hosts/server01
>     
>     #-----------------------------------------------------------------------
>     
>     /etc/init.d/tinc stop
>     fg
>     /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
>     
>     #-----------------------------------------------------------------------
>     
>     /etc/init.d/tinc restart
>     tail --line=500 --follow /var/log/syslog
>     
>     #-----------------------------------------------------------------------
>     
>     ifconfig br0
>     ifconfig tun1
>     route -n
>     brctl show br0
>     brctl showmacs br0
>     
>     #-----------------------------------------------------------------------
>     
>     # ifconfig br0
>     br0       Link encap:Ethernet  HWaddr 1e:eb:95:c3:04:d8
>               inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
>               inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
>               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>               RX packets:17 errors:0 dropped:0 overruns:0 frame:0
>               TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>               collisions:0 txqueuelen:0
>               RX bytes:3328 (3.3 KB)  TX bytes:2408 (2.4 KB)
>     
>     # ifconfig tun1
>     tun1      Link encap:Ethernet  HWaddr 1e:eb:95:c3:04:d8
>               inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link
>               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>               RX packets:8 errors:0 dropped:0 overruns:0 frame:0
>               TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
>               collisions:0 txqueuelen:500
>               RX bytes:2627 (2.6 KB)  TX bytes:1340 (1.3 KB)
>     
>     # route -n
>     Kernel IP routing table
>     Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>     192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
>     192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan2
>     192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
>     84.245.3.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
>     0.0.0.0         84.245.3.1      0.0.0.0         UG    100    0        0 eth1
>     
>     # brctl show br0
>     bridge name bridge id       STP enabled interfaces
>     br0     8000.1eeb95c304d8   no      tun1
>     
>     # brctl showmacs br0
>     port no mac addr        is local?   ageing timer
>       1 1e:eb:95:c3:04:d8   yes        0.00
>       1 86:03:27:21:2e:60   no        44.19
>     
>     #-----------------------------------------------------------------------
>     
>     ps aux | grep tincd
>     tincd -n powercraft01 -kUSR2
>     tail -n 100 /var/log/syslog
>     
>     #-----------------------------------------------------------------------
>     
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
>     May 24 17:29:31 ashley tinc.powercraft01[11557]:  total bytes in:         468
>     May 24 17:29:31 ashley tinc.powercraft01[11557]:  total bytes out:          0
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes:
>     May 24 17:29:31 ashley tinc.powercraft01[11557]:  server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518)
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes.
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges:
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges.
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list:
>     May 24 17:29:31 ashley tinc.powercraft01[11557]:  a2:63:0:96:a:c8#10 owner server01
>     May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list.
>     
>     #-----------------------------------------------------------------------
>     
>     tcpdump -n -i br0 broadcast
>     tcpdump -n -i tun0 broadcast
>     
>     #-----------------------------------------------------------------------
>     
>     tcpdump -n -e -i br0 icmp
>     tcpdump -A -p -n -i br0 port 80
>     tcpdump -A -p -n -i br0
>     
>     tcpdump -i br0 host 84.245.3.195 -l
>     
>     #-----------------------------------------------------------------------
>     
>     cat /var/lib/dhcp3/dhcpd.leases
>     
>     #-----------------------------------------------------------------------