Jephe Wu - http://linuxtechres.blogspot.com
Environment: 2M lease line connecting office and datacenter. CentOS 5.5 bridge firewall with proxyarp enabled, ntop for monitor traffic
Objective: use the existing network segment without any changes, use ntop builtin web server at port 3000 to monitor traffic
Network diagram:
before:
___2M lease line__Router(10.0.0.254)___10.0.0.0/24 LAN
after:
__2M lease line__Router(10.0.0.254)__eth1:10.0.0.253 Firewall(CentOS 5.5) eth0:10.0.0.253__10.0.0.0/24 LAN
Steps:
1. Install CentOS 5.5 32bit on firewall
Use NFS installation(put DVD iso file under /root on NFS server, service nfs restart) and VNC remote install (type in: linux vnc vncconnect=10.0.0.200).
use same ip address on both eth1 and eth0.
2. enable proxyarp and ip_forward in /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.eth1.proxy_arp = 1
or
in /etc/rc.local as follows:
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forward
3. modify ip route
adding the following into /etc/rc.local
ip route del 10.0.0.0/24 dev eth0
ip route del 10.0.0.0/24 dev eth1
ip route add 10.0.0.254 dev eth1
ip route add 10.0.0.0/24 dev eth0
route add default gw 10.0.0.254 eth1
ntop -i eth1 >/dev/null 2>&1 &
4. OS update
vi /etc/yum.conf (put proxy=http://10.0.0.1:8080)
yum -y update
vi /etc/grub.conf to use the latest kernel without Xen
reboot
5. Install ntop
search google for 'DAG', go to http://dag.wieers.com/rpm/FAQ.php#B to install rpmforge rpm
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uvh rpmforge*.rpm
yum install ntop
6. test
use ping, arping, ssh etc to test server/pc in 10.0.0.0/24 can reach the other end, as well as datacenter servers.
If things are not working, you might need to delete arp entries for your gateway 10.0.0.254 from your own pc or gateways:
arp -d 10.0.0.254
arp -na
7. use browser to access http://10.0.0.253:3000
8. References:
1. http://alan.blog-city.com/linux_bridgefirewall_with_proxy_arp.htm
skip to main |
skip to sidebar
Total Pageviews
Posts
Bookmark
Search This Blog
Followers
keywords
oracle
mysql
clone
db2
linux
apache
lvm
rman
zabbix
RIP
hp
ms sql
openldap
openssl
ssh
Oracle VM
percona
expdp
freebsd
impdp
logshipping
pf
backup and restore
centos
dd
ilo
performance tuning
putty
snmp
vmware
vnc
NFS
RAC
ansible
aws
bash
cisco
cognos
dns
email
iscsi
ldap
nc
netapp
openssh
rsync
socat
tomcat
traceroute
udev
vsp
windows
FAQ
LUN
RHN
acl
awr
bonding
chage
chroot
clustering
clusterware
controlfile
dataguard
dbforbix
firewall
gmirror
gpg
grub
icmp
initrd
ipsec
iptables
kickstart
kpartx
leputty
mss
mtu
multipath
ntfs
ntfs-3g
ntfsclone
ntfsresize
ntp
oracle installation
partition
pga
raid
replicate
resize2fs
restore
screen
sendmail
serial console
serial port
setfacl
sftp
shrink
snapshot
snmptrap
sparse
sql server
sqldeveloper
ssl certificate
sssd
sudosh
tcptraceroute
telnet
tshark
ulimit
virtualization
vmstat
vpn
xfs
zmodem
63s
ASM
Amazon
DMS
DNSSEC
DR
EVA
MBR
MariaDB
OEL
ORA-03135
ORA-3135
Oracle Linux
RDS
SAM
SQL ALG
TSIG
VIM_VCDB
X port forwarding
ack
adcli
addm
alter session
amm
archive log
asmi
audittrail
awk
base64
bdb
best practice
bind
bios
blat
bostion
bsd
cable modem
carp
cd copy
certificate
checkpoint
chntpw
chrony
citidirect
console
core dump
corkroo
cpio
cpu
crs
cups
cygwin
datafile corruption
db2advis
dbua
ddclient
ddl
ddrescue
deflate
delegation
delete
dhcp
disaster recovery
disown
drac
dyndns
ebs
ec2
em
emctl
epel
erase
export
fdisk
foreman
fsck
ftp
ftp-proxy
fuser
getent
getfacl
gmail
gpart
halt
hardware
hugepage
hvm
ibm
import
innobackupex.
innodb
iops
ipmi
keepalive
kerberos
keystore
keytool
kvm
limits.conf
listener
load balancing
lockwait
logshiping
loop
lsof
lvextend
mailsend
map drive
md5sum
mdadm
mime
minicom
mmm
mmm2
mod_proxy
mount
mount options
movie
mp3
mrtg
msmtp
mtr
mutt
mwm
mysql-proxy
mysqldump
nagios
nat
netstat
network
networkmanager
nohup
ntop
ocr
octopussy
offset
opatch
openbsd
oracke
oracle names
oracle-validated
oradim
ossec
ovm
p5
packet loss
padsize
pageant
partprobe
partx
password
pfile
php
phpldapadmin
ping
pip
pmtu
port forwarding
poweroff
proxyarp
proxytunnel
pscp
psk
psp
pstree
pt-table-checksum
pvm
pvresize
qmail
qwinsta
racoon
ramfs
rbsu
rdr
readonly
realm
reboot
recover
remi
reset password
resize
resolv.conf
resource manager
rhel
rhn_register
rhnreg_ks
rmmod
rpm
rsa
rsyslog
rwinsta
scn
secure delete
security group
selinux
session cookie
setsid
sfdisk
shred
shutdown
size
smo
snapdrive
snapmanager
snare
socks
spfile
sql server management studio
sqlplus
squid
ssl
ssms
ssmtp
static-route
statistics
storage
stty
su
sudo
swap
swatch
syn
synonym
syslog-ng
sysman
tablespace
tar
tcp
tcpdump
terminal services
thunderbird
tiger
time since last restore
timeout
timestamp
timezone
tls
tmpfs
toad
trace
tracetcp
trigger
ttyS0
twm
undelete
undo
upgrade
uptime
usermod
validate
vcenter
verisign
vi
virt-manager
virtio
virtualbox
vlm
vpc
wget
winrm
wireless
wireshark
wscale
xauth
xhost
xtrabackup
yum
All Posts
-
▼
2010
(75)
-
▼
December
(8)
- Oracle DDL Trigger on Database
- Linux Clustering Concept
- How to use LVM snapshot to clone CentOS 5 server
- How to use ntop and proxyarp to monitor network t...
- How to access office server and admin desktop from...
- How to mount ntfs partition under CentOS
- How to map ftp/sftp drive for remote server from W...
- How to troubleshoot packet loss and latency for In...
-
▼
December
(8)
About me
Linux SysAdmin with 20+ years experience, Oracle/MySQL DBA, RHCE