Tomato
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to searchGeneral Information
Tomato does some VPN stuff with Xemed.
Hostnames: tomato.unh.edu, tomato.farm.physics.unh.edu
Network Configuration
Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.
/etc/sysconfig/network-scripts/ifcfg-bohr_tun
DEVICE=bohr_tun TYPE="GRE Tunnel" DEVICETYPE=gre BOOTPROTO=none ONBOOT=yes USERCTL=no MY_IPADDR=132.177.88.76 MY_PRIVATE_NET=10.0.0.0/24 PEER_IPADDR=132.177.88.174
/etc/sysconfig/network-scripts/ifcfg-dirac_tun
DEVICE=dirac_tun TYPE="GRE Tunnel" DEVICETYPE=gre BOOTPROTO=none ONBOOT=yes USERCTL=no MY_IPADDR=132.177.88.76 MY_PRIVATE_NET=10.0.0.0/24 PEER_IPADDR=132.177.88.51
/etc/sysconfig/network-scripts/ifcfg-ennui_tun
DEVICE=ennui_tun TYPE="GRE Tunnel" DEVICETYPE=gre BOOTPROTO=none ONBOOT=yes USERCTL=no MY_OUTER_IPADDR=132.177.88.76 MY_INNER_IPADDR=10.0.3.1 MY_PRIVATE_NET=10.0.0.0/24 PEER_OUTER_IPADDR=132.177.91.252 PEER_INNER_IPADDR=10.0.3.2
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1 BOOTPROTO=dhcp HWADDR=00:E0:81:05:30:0F ONBOOT=no TYPE=Ethernet DHCP_HOSTNAME=tomato.unh.edu
/etc/sysconfig/network-scripts/ifcfg-farm
DEVICE=farm BOOTPROTO=static HWADDR=00:02:B3:D3:FE:12 IPADDR=10.0.0.251 NETMASK=255.255.255.0 ONBOOT=yes TYPE=Ethernet
/etc/sysconfig/network-scripts/ifcfg-farm:1
DEVICE=farm:1 ONPARENT=yes BOOTPROTO=static IPADDR=10.0.0.1 NETMASK=255.255.255.255
/etc/sysconfig/network-scripts/ifcfg-improv_tun
DEVICE=improv_tun TYPE="GRE Tunnel" DEVICETYPE=gre BOOTPROTO=none ONBOOT=yes USERCTL=no MY_OUTER_IPADDR=132.177.88.183 MY_INNER_IPADDR=132.177.88.183 MY_PRIVATE_NET=10.0.0.0/24 PEER_IPADDR=132.177.88.53
/etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback
/etc/sysconfig/network-scripts/ifcfg-pauli_tun
DEVICE=pauli_tun TYPE="GRE Tunnel" DEVICETYPE=gre BOOTPROTO=none ONBOOT=yes USERCTL=no MY_OUTER_IPADDR=132.177.88.183 MY_INNER_IPADDR=132.177.88.183 MY_PRIVATE_NET=10.0.0.0/24 PEER_IPADDR=132.177.88.54
/etc/sysconfig/network-scripts/ifcfg-unh
DEVICE=unh BOOTPROTO=static BROADCAST=132.177.91.255 HWADDR=00:E0:81:05:30:0E IPADDR=132.177.88.76 NETMASK=255.255.252.0 NETWORK=132.177.88.0 ONBOOT=yes TYPE=Ethernet
/etc/sysconfig/network-scripts/ifcfg-unh:1
DEVICE=unh:1 ONPARENT=yes BOOTPROTO=static IPADDR=132.177.88.183 NETMASK=255.255.255.255
Access Configuration
/etc/security/access.conf
Backup Configuration
/etc/rsync-backup.conf
# Backups are 'pull' only. Too bad there isn't a better way to enforce this.
read only = yes
# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.
#uid = root
# XXX There seems to be an obscure bug with pam_ldap and rsync whereby
# getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric
# uid avoids this bug. Only verified on Fedora Core 2.
uid = 0
# There's not much point in putting the superuser in a chroot jail
# use chroot = yes
# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least
# ensure serialized backups.
max connections = 1
filter = : .rsync-filter
[usr]
path = /usr
comment = unpackaged software
filter = \
: .rsync-filter \
+ / \
+ /local \
+ /share \
+ /share/ssl \
- /share/* \
- /*
[opt]
path = /opt
comment = unpackaged software
[etc]
path = /etc
comment = conf files
[var]
path = /var
comment = user and system storage
[root]
path = /root
comment = root's home directory
