- Projects are now online - sort of.
- DefCon 16 - Pictures
- Self Signed Certificate for Apache
- Zend Framework
- New project, new framework
- Thoughts on News and Copyright
- Changing an IP subnet is no small task
- Why would anyone pay for something that is based on Open Source?
- Creating PDF from code with FOP
- Hints of the future
I've been working some with OpenVPN and am trying to get some automated tasks running the moment my laptop connects to my VPN network. Unfortunately, testing this is rather hard when all the open WiFi network connections nearby use the same IP subnet as my internal network (192.16.0.x). So it was time to change to a non-normal subnet. On the surface, it should be straight forward. Change the router's internal IP to the new subnet, redirect the port forwarding rules, and adjust DHCP to assign IPs in the new subnet. All should be good, right? hehe.. That is a trick question. Murphy's Law will always prevail... Doing the above tasks works to get the workstations accessing the Internet again. But what about the mail web servers? These need a little more effort. My mail and web server mount the /home directory from an NFS share. So the mounting proces (in /etc/fstab) needed to be changed to reflect the new IP addresses. But I also needed to change the NFS share to allow connections from the new IPs, instead of the old. One bug down, and I now have full access to my email again. I have a couple of web servers running. They both do virtual hosting, but one of them also handles SSL/HTTPS traffic. It took a bit, but I also needed to change the IP addresses in the default virtual host file (NameVirtualHost directives) to make sure the web server would respect requests on the new IP addresses. I'm sure there will be more fall out from this change, but everything seems to be operational again. (knock on wood) So a heads up to anyone else looking to change your IP subnets - if you are doing more than just simple network access, you probably want to stop and think about all the services that depend on your IP addresses. One possible help to minimize the impact is to use names instead of IP addresses where possible. This needs an internal DNS server. For some reason mine is not getting referenced at all and the secondary/external server is handling all my requests. That's my next networking task to get fixed...
|
|||