In the process I bumped up my networking skill quite significantly. The network layout looks something like this:

[Border Router]
| |
[Switches for Subnet 0]
| |
{eth0}[Server]{eth1}
| |
[Switches for Subnet 1]
| |
[Border Router]

Each switch is connected to about 8 desktops and two wireless access points, forming their own network. The idea is that each apartment (thus each subnet) has its own internet access point, but the fileserver is accessible from both apartments, and also routes between the two apartments so that it appears that they are both on the same network to things like SMB and the like.

I use DHCP on the server itself to set the correct information on all the hosts. Here is my dhcpd.conf file:

# Custom DHCP3 server for the EECS House
# Niels Joubert njoubert@gmail.com

### Add classless-static-routes option:
option classless-static-routes code 121 = array of { ip-address, ip-address };
option new-static-routes code 249 = string;
###

#This is to get the machines on the two subnets to talk:
option new-static-routes 18:c0:a8:00:c0:a8:01:0a;


}

There is a couple of hacks in here:
- to get machines from the one subnet to see the other subnet, i use the classless-static-routes DHCP option, that puts an entry into any host that gets a DHCP offer from this box. Unfortunately this only works for windows hosts! This is a huge caveat that I have not been able to solve.
For SMB use, I set the server itself as the netbios name server (more on this later). For each subnet, I set the default route as its border router. With this setup it is enough that each subnet has internet and should be able to talk to the other subnet through the server.

IPTABLES

To forward anything through the server itself, I use a custom iptables setup that resides in a script that gets automatically run, as follows:

# NIELS JOUBERT
# Custom iptables script

# Clean up iptables (flush it)
iptables -F
iptables -t nat -F
iptables -X

# Enable IP MASQUERADING/NAT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


# Set firewall policies (default behaviour)
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

The idea here is to set up a nat table to masquerade ips, and the forwarding table to accept all forwarding. Simple, straight-forward and general. Possibly not the best security, but we are self-contained within the border routers right now, so if one of my roommates wants to be an ass and attack someone else, its easy enough to go hit him physically, right?

SAMBA

Samba itself also needs to be configured. Now, Samba is HUGE, as are its config files. I recommend a good book on Samba if you are going to do anything more than the most basic sharing with it. I personally prefer “The Official Samba-3 HOWTO and Reference Guide”.

The gist of my smb.conf setup looks like this:

[global]
workgroup = workgroup
netbios name = ubuntu
server string = Niels Server
dns proxy = no
name resolve order = lmhosts wins host bcast
smb ports = 139 240
# This tells Samba to use a separate log file for each machine
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0

####### WINS Services ######
wins support = yes

# Cache TTL
max ttl = 86400
max wins ttl = 86400


The important thing to note is that samba works on all interfaces and is the local wins browser (netbios name server).

This is the setup! It works fairly well too.

Reliability through two interfaces!

The one apartment’s internet died today because we’re in the middle of switching from ComCast (ewww) to DSLExtreme (YAY!). I remedied 7 very angry internet-less engineers by a very simple change in routing.

1) Change the subnet without border router to use the server as border router
2) Change the server to use as default route the border router of the other subnet

This took about 5 minutes, and we were piping the internet through the other apartment into our without a hiccup. Hooray for networking!

Feel free to ask me about my setup or use my config files.