List of Network Subnets (and other information)

Wired & VPN

  • 128.111.0.0/16

Math Department Wired

  • 128.111.88.0/24

WiFi & cloud computing

  • 169.231.0.0/16

Private

Server LOMs

  • 10.254.127.0/24
    • Each LOM has the same address in this subnet as its parent machine has in the Math subnet; e.g., a machine with an IP of 128.111.88.3 will have its LOM at 10.254.127.3.

NAS

  • 10.254.128.0/24 (russell-array)

BINAT (for printers)

  • 10.254.129.0/24 (see Fourier-1 for details.)

DNS

DNS is provided by LSIT. Email hostmaster@lsit.ucsb.edu to request changes. Turnaround is generally 24 to 48 hours.

Note that systems that are part of the Active Directory domain must use the AD domain controllers as their DNS. These servers will forward lookups outside the math.ucsb.edu domain, but think they're authoritative for that domain, so they must be manually kept in sync. Updates can be done on either turing-1 or turing-2 and will propagate to the other domain controller.

An example of adding a record named "foo" with IP 128.111.88.2:
samba-tool dns add turing-1.math.ucsb.edu math.ucsb.edu foo A 128.111.88.2 -U administrator

If updating to a new IP, simply delete the old record. (Make sure to use the old IP, not the new one.)
samba-tool dns delete turing-1.math.ucsb.edu math.ucsb.edu foo A 128.111.88.253 -U administrator

In either case you'll be prompted to authenticate with the domain administrator's password.

IP Management

Other than a small number of addresses for transient machines, IP allocations are done manually. I've been gradually incorporating these as static leases in the DHCP server on turing-1.math.ucsb.edu and turing-2.math.ucsb.edu in order to get some measure of centralization. See also HostList.

Firewalls

Most servers are using host-based firewalls. Printers, which tend not to have competent firewalls of their own, are behind the Fourier-1 NAT gateway.

The exact host-based firewall in use depends on the system, but where possible I try to use ufw. It's available on both Debian and CentOS (via EPEL) and it's easier to administer than firewalld. The ufw manpage is pretty well written and has good examples, so I won't get into how to configure it here.