40m QIL Cryo_Lab CTN SUS_Lab TCS_Lab OMC_Lab CRIME_Lab FEA ENG_Labs OptContFac Mariner WBEEShop
  40m Log  Not logged in ELOG logo
Entry  Wed Jun 27 19:37:16 2018, Koji, Configuration, Computers, New NAT router installed P_20180627_193357.jpg
    Reply  Wed Jul 25 22:46:15 2018, gautam, Configuration, Computers, NDS access from outside 
Message ID: 14026     Entry time: Wed Jun 27 19:37:16 2018     Reply to this: 14104
Author: Koji 
Type: Configuration 
Category: Computers 
Subject: New NAT router installed 

[Larry, Koji]

We replaced the NAT router between martian and the campus net. We have the administrative web page available for the NAT router, but it is accessible from inside (=martian) as expected.

We changed the IP address registration of nodus for the internet so that the packets to nodus is directed to the NAT router. Then the NAT router forwards the packets to actual nodus only for the allowed ports. Because of this change of the IP we had a few confusions. First of all, martian net, which relies on chiara for DNS resolution. The 40m wifi router seemed to have internal DNS cache and required to reboot to make the IP change effective.

The WAN side cable of nodus was removed.

We needed to run "sudo rndc flush" to force chiara's bind9 to refresh the cache. We also needed to restart httpd ("sudo systemctl restart httpd") on nodus to make the port 8081 work properly. 

So far, ssh (22), web services (30889), and elog (8081, 8080) were tested. We also need to test megatron NDS port forwarding and rsync for nodus, too.

Finally I turned off the firewall rules of shorewall on nodus as it is no longer necessary.

More details are found on the wiki page. https://wiki-40m.ligo.caltech.edu/FirewallSetting

Attachment 1: P_20180627_193357.jpg  6.780 MB  Uploaded Wed Jun 27 20:59:08 2018  | Hide | Hide all
P_20180627_193357.jpg
ELOG V3.1.3-