Virtual Server: How to Connect Your ITS-Hosted RHEL 6 Virtual Server to an ITS Private Network

OVERVIEW

Sometimes in order to access certain services offered by UH Information Technology Services (ITS) from your ITS-hosted virtual server, you will need to have access to an ITS private network. The instructions in this article give you instructions on how to make sure your virtual server is connected to an ITS private network.
 
These instructions only apply to Red Hat Enterprise Linux (RHEL) 6 virtual servers created by ITS Contract Services (CS) for your use, and only to RHEL systems that have the Network Manager service removed or turned off (e.g., “service networkmanager stop” and “chkconfig networkmanager off”; also see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-NetworkManager.html).
 
These instructions are for RHEL 6 environments where the network configuration files are manually maintained, which is the standard configuration for RHEL 6 virtual servers created by ITS CS. You can still use Network Manager if you like, but ITS does not provide instructions for adding a private network connection when Network Manager is enabled so you will have to determine the appropriate procedure yourself.
 

PROCEDURE 

NOTE: All the commands given in the steps below are assumed to be issued as either user root or via "sudo".

  1. Enter the command:

ifconfig

 
to see all installed and connected NICs on your virtual server, and make note of the interface/NIC names of the NICs that are installed (e.g., “eth0”, “eth1” ,etc.). You may want to send the output of the “ifconfig” command to a text file for later reference—e.g., “ifconfig > ifconfig_results_2017-07-06.txt”.

For example:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:B0:6A:FB  
          inet addr:166.122.3.160  Bcast:166.122.3.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb0:6afb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11008 errors:0 dropped:0 overruns:0 frame:0
          TX packets:278 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:750772 (733.1 KiB)  TX bytes:27921 (27.2 KiB)

eth1      Link encap:Ethernet  HWaddr 00:50:56:B0:E4:61  
          inet addr:172.17.65.11  Bcast:172.17.65.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb0:e461/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:537 errors:0 dropped:0 overruns:0 frame:0
          TX packets:174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:131643 (128.5 KiB)  TX bytes:61771 (60.3 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:104 (104.0 b)  TX bytes:104 (104.0 b)
 
  1. In the output of the "ifconfig" command, look at the “inet addr” setting for each NIC (if there is one) and see if any have a value other than 128.171.*.* (e.g., 128.171.38.164) or 166.122.3.* (e.g., 166.122.3.3) or 127.0.0.1 (the standard internal loopback interface). Any value other than those subnets indicate the NIC does have a private network IP associated with it. If no "inet addr" setting is listed for a NIC, it means that the NIC is connected but has not been configured with an IPv4 IP address yet, and ITS CS will need to verify if the NIC is connected to a private network or not (step 4 below).
     
  2. If a NIC on your virtual server does have a private network IP associated with it, please skip to step 17 below (verify DNS resolves .pvt and .mgt). Otherwise, continue with the next step below.
  1. Contact ITS CS (itscs@hawaii.edu) and ask that your virtual server be assigned to and connected to an ITS private network. As part of your request, please provide the following info:

* The reason you want to add an ITS private network connection to your virtual server

* Your virtual server’s fully qualified domain name (FQDN) (e.g., leeddash.its.hawaii.edu)

* Your virtual server’s public network IP address (128.171.x.x or 166.122.3.x)

 
  1. ITS CS will verify that your virtual server does not have a connection to an ITS private network, and if so they will assign your virtual server an IP within an ITS private network, attach a new NIC on your virtual server that connects to that network, and provide you with the private network IP, gateway, and subnet mask information.
     
  2. Once you have the private network IP, gateway, and subnet mask information from ITS CS, do an “ifconfig” command and make note of the newly added NIC’s name (e.g., “eth1”), as well as the NIC name of the existing primary NIC for the public network (e.g., “eth0”).
     
  3. Back up the existing /etc/sysconfig/network file (e.g., “cp /etc/sysconfig/network /etc/sysconfig/network.2017-07-06”) and then edit the /etc/sysconfig/network file and ensure it contains only the following lines (substitute the bracketed items with appropriate values):
 
NETWORKING=yes
HOSTNAME=<Host-FQDN>
GATEWAY=<Gateway-IP-For-Primary-NIC-Public-Network>
GATEWAYDEV=<Primary-NIC-Name>
 
For example:
 
NETWORKING=yes
HOSTNAME=cstemplate05.its.hawaii.edu
GATEWAY=166.122.3.1
GATEWAYDEV=eth0
 
  1. Create a /etc/sysconfig/network-scripts/ifcfg-<NIC-name> file (where <NIC-name> is the name of the new NIC as determined in step 6; e.g., /etc/sysconfig/network-scripts/ifcfg-eth1). You can do so with “vi” or "nano" any basic text editor of your choice (or perhaps just copying the primary non-private NIC’s config file and just editing it—e.g., “cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1”).
     
  2. Edit the new ifcfg-<NIC-name> file created in the previous step so that it contains the following minimal entries:
 
DEVICE=“<NIC-name>
BOOTPROTO=static
ONBOOT=yes
USERCTL=no
IPADDR=<Assigned-Private-Network-IP>
NETMASK=<Assigned-Private-Network-Subnet-Mask>
PEERDNS=no
 
For example:
 
DEVICE="eth1"
BOOTPROTO=static
ONBOOT=yes
USERCTL=no
IPADDR=172.17.65.11
NETMASK=255.255.255.0
PEERDNS=no
 
 
  1. Create and edit a new /etc/sysconfig/network-scripts/route-<NIC-name> file (where <NIC-name> is the name of the new NIC; e.g., /etc/sysconfig/network-scripts/route-eth1) that contains the following lines:
 
192.168.0.0/16 via <Assigned-Private-Network-Gateway-IP> dev <NIC-name>
172.16.0.0/12 via <Assigned-Private-Network-Gateway-IP> dev <NIC-name>
10.0.0.0/8 via <Assigned-Private-Network-Gateway-IP> dev <NIC-name>
 
For example:
 
192.168.0.0/16 via 172.17.65.1 dev eth1
172.16.0.0/12 via 172.17.65.1 dev eth1
10.0.0.0/8 via 172.17.65.1 dev eth1
 
  1. Restart network services to incorporate all the changes you’ve made so far:
service network restart
 
  1. Print out the current network routing table using the command:
 ip route show
 
  1. Examine the results of the “ip route show” command and ensure that among the entries shown are ones similar to those given in step 10 above and also a “default” entry that specifies the primary (public) NIC’s gateway and NIC name. E.g.:
 
# ip route show
166.122.3.0/24 dev eth0  proto kernel  scope link  src 166.122.3.160 
172.17.65.0/24 dev eth1  proto kernel  scope link  src 172.17.65.11 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
192.168.0.0/16 via 172.17.65.1 dev eth1 
172.16.0.0/12 via 172.17.65.1 dev eth1 
10.0.0.0/8 via 172.17.65.1 dev eth1 
default via 166.122.3.1 dev eth0 
 
 
  1. Verify that you can ping google.com okay:
 
# ping google.com
PING google.com (216.58.193.78) 56(84) bytes of data.
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=1 ttl=55 time=66.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=2 ttl=55 time=65.5 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=3 ttl=55 time=65.6 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=4 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=5 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=6 ttl=55 time=65.7 ms
^C
--- google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5645ms
rtt min/avg/max/mdev = 65.535/65.862/66.790/0.470 ms
 
 
  1. Back up the existing /etc/resolv.conf file (e.g., “cp /etc/resolv.conf /etc/resolv.conf.2017-07-06”) and then edit the /etc/resolv.conf file and ensure it consists of only the following three lines:
search hawaii.edu its.hawaii.edu pvt.hawaii.edu mgt.hawaii.edu colo.hawaii.edu
nameserver 192.168.10.115
nameserver 192.168.10.116
 
  1. Once again, verify that you can ping google.com okay (this verifies that you can reach the private DNS servers specified in the previous step; if the ping doesn't work, then back out by restoring the original contents of your /etc/resolv.conf file so that you have DNS resolution again, and then troubleshoot):
 
# ping google.com
PING google.com (216.58.193.78) 56(84) bytes of data.
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=1 ttl=55 time=66.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=2 ttl=55 time=65.5 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=3 ttl=55 time=65.6 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=4 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=5 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=6 ttl=55 time=65.7 ms
^C
--- google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5645ms
rtt min/avg/max/mdev = 65.535/65.862/66.790/0.470 ms
 
  1. Verify that you can resolve a .pvt hostname via DNS okay. E.g., using the “nslookup” command:
 
# nslookup dns11.pvt.hawaii.edu
Server:         192.168.10.115
Address:        192.168.10.115#53
 
Name:   dns11.pvt.hawaii.edu
Address: 192.168.10.116
 
 
  1. Schedule a reboot of your virtual server and, after it comes back up, do the previous two tests again (see if you can ping google.com okay, and see if you can resolve a .pvt hostname via DNS okay). This step verifies that your network configuration changes and private network connectivity will survive intact upon system reboot.
 
This completes the steps necessary to add private network connectivity to your ITS-hosted RHEL 6 virtual server.
 
 

RELATED ARTICLES:

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 1744
Created: Thu, 06 Jul 2017 2:50pm
Modified: Wed, 02 Aug 2017 2:09pm