The router that the ISP gave to me acts as DHCP server to the LAN and it assigns addresses in class 192.168.1.0/24. Furthermore, it acts as default gateway and DNS server and does NAT.
My desktop computer (mini tower case) is connected to it via eth0. I want it to be able to access both the netsukuku network and the Internet.
Installing pyntk and its dependencies
I installed all the dependencies of pyntk in my desktop pc. There is a page in the project's wiki where all details of these operations are described, though at the moment it is only in Italian. I will post in the blog when a version in English will be ready. For the moment you can try and use Google Translate on it. The page is http://lab.dyne.org/Netsukuku/ita/TestWithNetkit.
Then I downloaded from the repository the current version of my netsukuku branch (the one with latest updates to the code). I typically use another laptop to code and debug. The repository can be browsed here http://dev.hinezumi.org/browser/netsukuku/sandbox/lukisi/branches/multipleip.
Disabling Network Manager
It is necessary that the network parameters of the host are managed by pyntk.
Hence, I decide to disable other managers implemented by the operating system.
Beforehand I examine the parameters which were set via DHCP. I will set these values statically:
- IP: 192.168.1.151
- Subnet 192.168.1.0/24 on device eth0
- Default Gateway 192.168.1.1 on device eth0
- DNS 8.8.8.8
Modern desktop linux distributions use NetworkManager to handle the network parameters.
We can disable it with the command "sudo stop network-manager", though we'll have to re-do at each reboot. I still have to investigate for the clean way to disable it permanently.
On my machine I also see a running process of "dhclient". Probably it has been launched by NetworkManager itself, however disabling NetworkManager has not terminated that process. Its documentation says it stays in background and it periodically refreshes the lease from the DHCP server.
This process does change the network parameters too, so I terminate it with a "killall dhclient" and I will repeat this operation at each reboot.
To summarize, after the boot of my desktop pc, I open a terminal and issue the following commands:
sudo stop network-manager sudo killall dhclient sudo ip a del 192.168.1.151/24 dev eth0 sudo ip r flush table main sudo ip a add 192.168.1.151/24 dev eth0 sudo ip r add default via 192.168.1.1 dev eth0 sudo tee /etc/resolv.conf <<EOF >/dev/null nameserver 8.8.8.8 EOF
ANDNA
ANDNA service is implemented in the current version of pyntk!
At first, ANDNA reads the name saved in the file /etc/hostname. Further, one can specify more names and details in the file /etc/netsukuku/snsd_nodes.
My file /etc/hostname contains luca-desktop. For now I do not intend to specify more in the other one.
Then ANDNA registers the names assigned to the host into the network-distributed database. The registration of each name fails if the name has already been registered by someone else or the host exceeded the maximum number of registered names.
When the registration is complete, ANDNA is able to lookup an host's name into the distributed database and retrieve its numerical address.
How do we submit a query to ANDNA? We have implemented, inside the daemon pyntk, a DNS-wrapper which listens to requests on DNS service's port. When it receives a lookup request, if the name ends with ".ntk" then the request is considered to be about the netsukuku realm, otherwise it is about the Internet realm. For reverse lookup requests, if the address is in the class 10.0.0.0/8 then the request is considered to be about the netsukuku realm, otherwise it is about the Internet realm.
If the query is about the netsukuku realm, the DNS-wrapper translates the DNS query in a ANDNA query, submits it to ANDNA, translates the answer back in a DNS answer and returns it to the caller.
If the query is about the Internet realm, the DNS-wrapper acts as a proxy to a real DNS server.
The DNS-wrapper lives inside the pyntk daemon, so it can listen only when pyntk is running. Hence, we must set the "nameserver" parameter in the file /etc/resolv.conf to 127.0.0.1 right before starting pyntk, and set it back to a real DNS server when pyntk terminates.
Furthermore ANDNA reads configuration details in other files (which I'm not going to explain right now).
In conclusion, before starting pyntk I issue the following commands:
sudo tee /etc/resolv.conf <<EOF >/dev/null nameserver 127.0.0.1 EOF sudo mkdir -p /etc/netsukuku sudo tee /etc/netsukuku/dnswrapper.conf <<EOF >/dev/null andnsserver in-process EOF sudo tee /etc/netsukuku/andnsserver.conf <<EOF >/dev/null inetnameserver 8.8.8.8 EOF sudo tee /etc/netsukuku/libandns.conf <<EOF >/dev/null andnsserver 127.0.0.1 EOF
After pyntk terminates (in case of errors or for any other reason) I issue the following commands:
sudo tee /etc/resolv.conf <<EOF >/dev/null nameserver 8.8.8.8 EOF
Start pyntk
To start the daemon:
cd ~/netsukuku/pyntk sudo /opt/stackless/bin/python2.6 ntkd -i eth0 -vvvv
That command starts the daemon to handle interface eth0. It sets a very verbose output. The command will not put itself in background, so to carry on I will have to open another terminal.
Let's see what we achieved. [Scroll down to see the actual commands and their output as seen in my box]
The command "ip a" tells us that interface eth0 has 2 IP addresses. The first is the one we previously set, manually, with which we can use our ISP. The other, in the class 10.0.0.0/8, has been assigned automatically to us by netsukuku. Since this is the first node in a network, it will be absolutely random. In my case it is 10.101.92.210.
The command "dig www.google.com" proves that we can use Internet.
The server that is answering is 127.0.0.1, our DNS-wrapper inside pyntk. But actually the request has been forwarded to a real DNS server, the one we placed in the file /etc/netsukuku/andnsserver.conf in parameter inetnameserver, that is 8.8.8.8.
This confirms that we reached the Internet node 8.8.8.8. Among the answers for "www.google.com" we notice 74.125.232.113.
The command "dig -x 74.125.232.113", which should have done the reverse lookup, gives an unexpected error instead. I will debug later looking for the causes.
The command "ip r" shows that no routes have been added (nor removed) to the kernel's "main" routing table.
The command "ip rule" shows that a new routing table has been created, "ntk", which gets looked up for any packet right before the "main" routing table.
The command "ip r list table ntk" shows that a definition has been added to declare "unreachable" any destination in class 10.0.0.0/8. This rule will always be the last in the ntk table. It ensures that this table will be the exclusive responsible for routes to destinations inside netsukuku. In particular, it avoids that packets whose destination is inside netsukuku could be forwarded by this node to its default gateway, which is a router in the Internet realm.
As a result, the command "ping 10.1.1.1" will give immediately the error "connect: Network is unreachable". Whilst, of course, the command "ping 10.101.92.210" (my IP as seen before with "ip a") will work normally.
The command "dig luca-desktop.ntk" returns my IP, retrieved by ANDNA from its distributed database. The command "dig -x 10.101.92.210" shows that the reverse resolution works too inside netsukuk realm.
luca@luca-desktop:~/netsukuku/pyntk$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:76:b6:a7:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.151/24 scope global eth0
inet 10.101.92.210/32 scope global eth0
inet6 fe80::216:76ff:feb6:a724/64 scope link
valid_lft forever preferred_lft forever
luca@luca-desktop:~/netsukuku/pyntk$ dig www.google.com
; <<>> DiG 9.7.1-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41319
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 0 IN A 74.125.232.113
www.google.com. 0 IN A 74.125.232.115
www.google.com. 0 IN A 74.125.232.114
www.google.com. 0 IN A 74.125.232.112
www.google.com. 0 IN A 74.125.232.116
;; Query time: 73 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 10 10:15:35 2010
;; MSG SIZE rcvd: 112
luca@luca-desktop:~/netsukuku/pyntk$ dig -x 74.125.232.113
; <<>> DiG 9.7.1-P2 <<>> -x 74.125.232.113
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33110
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;113.232.125.74.in-addr.arpa. IN PTR
;; Query time: 151 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 10 10:22:06 2010
;; MSG SIZE rcvd: 45
luca@luca-desktop:~/netsukuku/pyntk$ ip r
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.151
default via 192.168.1.1 dev eth0
luca@luca-desktop:~/netsukuku/pyntk$ ip rule
0: from all lookup local
32765: from all lookup ntk
32766: from all lookup main
32767: from all lookup default
luca@luca-desktop:~/netsukuku/pyntk$ ip r list table ntk
unreachable 10.0.0.0/8
luca@luca-desktop:~/netsukuku/pyntk$ ping 10.1.1.1
connect: Network is unreachable
luca@luca-desktop:~/netsukuku/pyntk$ ping 10.101.92.210
PING 10.101.92.210 (10.101.92.210) 56(84) bytes of data.
64 bytes from 10.101.92.210: icmp_req=1 ttl=64 time=0.029 ms
64 bytes from 10.101.92.210: icmp_req=2 ttl=64 time=0.028 ms
64 bytes from 10.101.92.210: icmp_req=3 ttl=64 time=0.021 ms
64 bytes from 10.101.92.210: icmp_req=4 ttl=64 time=0.032 ms
64 bytes from 10.101.92.210: icmp_req=5 ttl=64 time=0.026 ms
^C
--- 10.101.92.210 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3998ms
rtt min/avg/max/mdev = 0.021/0.027/0.032/0.005 ms
luca@luca-desktop:~/netsukuku/pyntk$ dig luca-desktop.ntk
; <<>> DiG 9.7.1-P2 <<>> luca-desktop.ntk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;luca-desktop.ntk. IN A
;; ANSWER SECTION:
luca-desktop.ntk. 299 IN A 10.101.92.210
;; Query time: 31 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 10 10:44:38 2010
;; MSG SIZE rcvd: 50
luca@luca-desktop:~/netsukuku/pyntk$ dig -x 10.101.92.210
; <<>> DiG 9.7.1-P2 <<>> -x 10.101.92.210
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59604
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;210.92.101.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
210.92.101.10.in-addr.arpa. 2592000 IN PTR luca-desktop.NTK.
;; Query time: 54 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 10 10:44:53 2010
;; MSG SIZE rcvd: 74
luca@luca-desktop:~/netsukuku/pyntk$ Stay tuned for more!
You wrote: "We can disable it with the command "sudo stop network-manager", though we'll have to re-do at each reboot. I still have to investigate for the clean way to disable it permanently."
ReplyDeleteHave you tried 'chkconfig network-manager off'?