Two elementary questions on LANs

[Tim]

On Thu, 2011-06-16 at 22:19 +0200, Timothy Murphy sent:
> I think I got this wrong too.
> I am running shorewall on my server,
> and I forgot to turn iptables off.

Whenever I see mentions of "turning firewall off," that's a red flag, to
me.  Is shorewall an independent thing, or is it a configurator for
iptables?  Had turning off iptables turned off your firewall, or has it
handed control of it over to something else?

> I see now I can go to Manage Connections in NM,
> and specify the name servers.
> Now NM seems to leave /etc/resolv.conf alone.
> Previously I was just adding the nameservers by hand.

Adding them to what, though?  That file?

Hand editing files that are automatically managed by something else is
fraught with problems.  Your changes may disappear at any time.  The
resolv.conf file is one that NetworkManager would fiddle with.

>>> Changes to the routing table on the latter, eg changing the default
>>> gateway, do not seem to come into force until I re-boot.

>> How are you trying to bring about the gateway change?  Are you bringing
>> its interface down and back up again, to force a configuration reload?

> I was using "route delete default" and "route add default gw ...".
> This seemed to be recognized at once on Fedora,
> but not on CentOS.

When playing with commands, like that, you need to find out whether they
just make temporary changes when you issue them, or whether they
permanently change configurations.

>> To be honest, my opinion about NetworkManager is thus:  You'd only use
>> it on clients.  All servers and gateways would have manually set
>> network configurations, and be using the old network service.

> Thanks for the suggestion.
> I see I am running NM on the server in question.

That can be a problem.  A server needs to be up and running before
clients can use it.  If the server needs external configuration, too
(such as yet another device is the DHCP server), then it gets really
messy.  

Plus servers generally need fixed IPs, and that can be easiest done by
manually configuring each machine with fixed IPs.  Though more
experienced sysadmins may find it easy enough to fix all IPs
consistently through their DHCP server, and just ensure that all
computers are booted up in the appropriate sequence (DHCP/DNS servers
before print servers, etc.).

> I'm never quite sure if we are allowed to use the network service.

Your organisation won't let you, or do you mean technical
considerations?

You can run NetworkManager and the network service at the same time, as
long as you ensure that each only controls specific network devices, and
neither tries to control their opponent's.

For equipment with multiple interfaces, you may find NetworkManager to
be a thorn in your side.  I've seen people mention NetworkManager being
a problem in that regard, switching their whole network configuration
around, rather than just adding yet another interface to the network (as
cables are plugged in, or wireless networks come into range).

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.