Differences between revisions 3 and 4
Revision 3 as of 2010-11-22 11:01:48
Size: 1947
Editor: ThomasSkouHansen
Comment:
Revision 4 as of 2010-11-22 11:58:44
Size: 2603
Editor: ThomasSkouHansen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
The configuration file is just an XML file containing a list of IP ranges enclosed in an {{{<ipranges>}}} element, each of the IP ranges must have a begin and an end address specified in its attributes and must contain at least one {{{<role>}}} element, and optionally an arbitrary number of roles. Each individual IP range in the configuration file may apply either IPv4 or IPv6 addresses, that is, the begin and end address of each range must be of the same type. However, mixing IPv4 and IPv6 IP ranges in the same configuration file is accepted. The configuration file is just an XML file containing a list of IP ranges enclosed in an {{{<ipranges>}}} element, each of the IP ranges must have a begin and an end address specified in its attributes and must contain at least one {{{<role>}}} element, and optionally an arbitrary number of roles. The begin and end address of are included in the range and thus, a range having a begin address which is identical to the end address will specify an individual host.
Line 7: Line 7:
.... single host range.... Each individual IP range in the configuration file may apply either IPv4 or IPv6 addresses, that is, the begin and end address of each range must be of the same type. However, mixing IPv4 and IPv6 IP ranges in the same configuration file is accepted.
Line 9: Line 9:
This is an example of an IPv4 {{{<iprange>}}} element:
Here is an example of an IPv4 {{{<iprange>}}} element:
Line 12: Line 13:
    <iprange begin="130.225.24.0" end="130.225.25.255">
        <!-- Inhouse non-NAT addresses -->
        <role>inhouse</role>		     <iprange begin="192.168.123.123" end="192.168.123.231">
        <!-- Private network address range. -->
        <role>lan_users</role>
Line 19: Line 20:
'''ELABORATE:'''
- IPv4, IPv6
- Multiple roles
- Comments		 Here is an example of an IPv6 {{{<iprange>}}} element:
Line 24: Line 22:
{{{
    <iprange begin="1020:3040:5060:0:1337:b007:c4fe:000d" end="1020:3040:5060:0:1337:b007:c4fe:f00d">
        <!-- Address range with multiple roles. -->
        <role>vip_users</role>
        <role>professor</role>
        <role>boffin</role>
    </iprange>
}}}

Standard XML comments, like the ones in the above examples, may be added anywhere in the configuration file. However, the IP role mapper will not use them for anything.

Here is an IPv4 example of a complete configuration file:

IP-Role Mapper Service Configuration

The IP-Role mapper service is quite easy to configure and its configuration may be modified "on the fly", that is, the service will reload the configuration file when it detects any modifications.

The configuration file is just an XML file containing a list of IP ranges enclosed in an <ipranges> element, each of the IP ranges must have a begin and an end address specified in its attributes and must contain at least one <role> element, and optionally an arbitrary number of roles. The begin and end address of are included in the range and thus, a range having a begin address which is identical to the end address will specify an individual host.

Each individual IP range in the configuration file may apply either IPv4 or IPv6 addresses, that is, the begin and end address of each range must be of the same type. However, mixing IPv4 and IPv6 IP ranges in the same configuration file is accepted.

Here is an example of an IPv4 <iprange> element: 

    <iprange begin="192.168.123.123" end="192.168.123.231">
        <!-- Private network address range. -->
        <role>lan_users</role>
    </iprange>

Here is an example of an IPv6 <iprange> element: 

    <iprange begin="1020:3040:5060:0:1337:b007:c4fe:000d" end="1020:3040:5060:0:1337:b007:c4fe:f00d">
        <!-- Address range with multiple roles. -->
        <role>vip_users</role>
        <role>professor</role>
        <role>boffin</role>
    </iprange>

Standard XML comments, like the ones in the above examples, may be added anywhere in the configuration file. However, the IP role mapper will not use them for anything.

Here is an IPv4 example of a complete configuration file: 

<?xml version="1.0" encoding="UTF-8"?>
<ipranges>
    <iprange begin="130.225.24.0" end="130.225.25.255">
        <!-- Inhouse non-NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="130.225.26.33" end="130.225.26.33">
        <!-- External addresses for inhouse NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="130.255.26.35" end="130.255.26.35">
        <!-- External addresses for VPN NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="172.16.7.0" end="172.16.7.255">
        <!-- Inhouse VPN NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="172.18.0.0" end="172.18.255.255">
        <!-- Inhouse NAT addresses -->
        <role>inhouse</role>
    </iprange>
</ipranges>

IPRoleMapperConfiguration (last edited 2010-11-22 12:03:03 by ThomasSkouHansen)