Enhancement #2743
Base: split 'local networks' into 'static routes' and 'trusted networks'
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-base | |||
| Target version: | v6.5 | |||
| Resolution: | NEEDINFO: | No |
Description
A local network can access local resources (like Samba). If the local network has a configured Router, a new route will be created for the network itself.
- trusted networks: networks with access to local resources, without Router. No route will be created for this kind of networks.
- static routes: networks with Router will describe static routes. This networks will not have access to local resources
- create a trusted network to grant access to local resources
- create a static network to route the traffic via the right interface
Static routes are saved inside the routes database with a record of type static. Example:
8.8.4.4=static
Description=My route
Mask=255.255.255.255
Router=89.97.245.225
Each record has following properties:
- key: network address
- Mask: network mask
- Router: gateway for the network
- Description: a custom description (optional)
Trusted networks are saved inside the networks database with a record of type network. Example:
192.168.3.0=network
Description=My VPN network
Mask=255.255.255.0
Each record has following properties:
- key: network address
- Mask: network mask
- Description: a custom description (optional)
Related issues
Associated revisions
createlinks: remove route creation from network-* events. Refs #2743
Web UI: refactor local networks and static routes Refs #2743
Web UI: rename 'Web Access' to 'Server Manager'. Refs #2743
Migration: add migration fragments. Refs #2743
Migrate exisiting local networks.
Migrate old database from SME/NethService.
Manual: update Local Networks and Static Routes. Refs #2743
interface-config-write: support static routes without interface. Refs #2743
History
#1
Updated by Giacomo Sanchietti about 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2
Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#3
Updated by Giacomo Sanchietti about 7 years ago
- Target version set to v6.5
#4
Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Wait merge into master branch before testing or create a package from b2719 branch.
Test case 1: static route- Open the web interface and create a static route
- Use
ip rocommand to display the new static route
- Install nethserver-samba
- Open the web interface and create a trusted route
- Check if the new network is among allowed hosts:
grep 'hosts allow' /etc/samba/smb.conf
- Install old nethserver-base
- Create a local network with a router (A)
- Create a local network without a router (B)
- Update network-base package
- Check the network A is inside the networks db without the Router property, and a symmetric static routes has been created inside the routes db
- Check the network B is only on networks db
- Import a backup from old server or create a test database for migration:
mkdir -p /var/lib/nethserver/migration/home/e-smith/db mkdir -p /var/lib/nethserver/migration/root echo > /var/lib/nethserver/migration/home/e-smith/db/accounts cat <<EOF > /var/lib/nethserver/migration/home/e-smith/db/configuration ConsoleMode=login ContactEmail= ContactName= ContactOrg= MinUid=500 SystemName=demo ldap=service|TCPPorts|389,636|access|private|defaultCity|Ottawa|defaultCompany|XYZ Corporation|defaultDepartment|Main|defaultPhoneNumber|555-5555|defaultStreet|123 Main Street|status|enabled maxAcctNameLength=31 maxGroupNameLength=31 maxIbayNameLength=12 modSSL=service|CipherSuite|ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM|TCPPort|443|access|public|status|enabled passwordstrength=configuration|Admin|strong|Ibays|strong|MaxPassAge|180|MinPassAge|0|PassExpires|yes|PassWarning|7|Users|strong syslog=service|LogAll2VT6|no|status|enabled EOF cat <<EOF > /var/lib/nethserver/migration/home/e-smith/db/networks 3.3.3.3=network|Mask|255.255.255.0|Router|192.168.1.2 4.4.4.4=network|Mask|255.255.255.0|SystemLocalNetwork|yes 5.5.5.5=network|Mask|255.255.255.0 EOF
- Start the migration for nethserver-base package:
/etc/e-smith/events/actions/nethserver-base-migrate migration-import /var/lib/nethserver/migration/
- Check network 3.3.3.3 has a corresponding static route and trusted network
- Check network 4.4.4.4 is NO present
- Check network 5.5.5.5 is present only in trusted network
#5
Updated by Giacomo Sanchietti about 7 years ago
Merged on master.
#6
Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
Packages in nethserver-testing:
- nethserver-firewall-base-1.1.0-66.0git67ac1559.ns6.noarch.rpm
- nethserver-lsm-0.0.3-7.0gitd4a46e58.ns6.noarch.rpm
- nethserver-squid-1.1.1-3.0git37fbdd7c.ns6.noarch.rpm (già su testing)
- nethserver-snort-0.0.1-5.0git32850266.ns6.noarch.rpm
- nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
- nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm
#7
Updated by Stefano Fancello about 7 years ago
- Assignee set to Stefano Fancello
#8
Updated by Stefano Fancello about 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Stefano Fancello) - % Done changed from 70 to 90
Verified:
on test case 4 (3.3.3.3 address) router has to belong to a reachable network or won't be added. Be sure that gateway belong to a reachable address
#9
Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-base-2.3.0-1.ns6.noarch.rpm