LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-30-2010, 11:46 AM   #1
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
Question My new network


Hi all,


I'm currently in the process of rewiring up all my computers at home, to neaten up things... However I've come across an issue where I want to move which system is running my webserv etc at home.

I have made up a proposed diagram for my network here: http://www.gliffy.com/pubdoc/2398808/L.png which shows what my network will end up as.

However I have a few issues...

Will I need to masquerade the 192.168.2.0/24 clients, and will this cause any issues with the NAT on the main modem/router? I believe as long as I'm running the DMZ it shouldn't, however I'd like a second opinion

My other issue is, with my samba server, will clients on the 192.168.1.0/24 network be able to access shares off 192.168.2.0/24 ? - From my research it appears they can, if a wins server is setup. Has anyone done this and can confirm?


When I setup the DMZ will it effect the 192.168.1.0 clients at all? From what I can figure out the DMZ basically means ALL ports are forwarded to the DMZ host, unless there is an rule saying otherwise? Will UPnP still work?

Many thanks,
 
Old 12-30-2010, 12:20 PM   #2
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by djsmiley2k View Post
Will I need to masquerade the 192.168.2.0/24 clients, and will this cause any issues with the NAT on the main modem/router? I believe as long as I'm running the DMZ it shouldn't, however I'd like a second opinion

My other issue is, with my samba server, will clients on the 192.168.1.0/24 network be able to access shares off 192.168.2.0/24 ? - From my research it appears they can, if a wins server is setup. Has anyone done this and can confirm?
If you do NAT on your server for 192.168.2.0/24 then your wireless devices won't be able to access them. If you don't do NAT, then you need to add a route 192.168.2.0/24 via 192.168.1.1 for all your wireless devices, otherwise they will send the traffic to the wrong router.

Quote:
Originally Posted by djsmiley2k View Post
When I setup the DMZ will it effect the 192.168.1.0 clients at all? From what I can figure out the DMZ basically means ALL ports are forwarded to the DMZ host, unless there is an rule saying otherwise? Will UPnP still work?

Many thanks,
I don't know about UPnP I'm afraid.

You need to be a bit careful actually. Assuming you want the samba services accessible from 192.168.1.0/24 then you'll need samba listening on 192.168.1.0/24, and if you were to put this machine in the DMZ and you didn't properly configure the firewall and/or tcp_wrappers then your samba server will be accessible from the internet.

I wouldn't assign your server to the DMZ. Just forward the specific ports you need for example HTTP, SMTP, for it.
 
Old 12-30-2010, 09:43 PM   #3
Dani1973
Member
 
Registered: Dec 2010
Distribution: Debian testing
Posts: 148

Rep: Reputation: 16
[QUOTE=phil.d.g;4207969]If you do NAT on your server for 192.168.2.0/24 then your wireless devices won't be able to access them. If you don't do NAT, then you need to add a route 192.168.2.0/24 via 192.168.1.1 for all your wireless devices, otherwise they will send the traffic to the wrong router.[QUOTE]
A nicer way would be to add a route to 192.168.2.0/24 in the modem/router instead of having to configure all devices on the 192.168.1.0/24 network.

You can also try using a routing protocol like RIP : http://en.wikipedia.org/wiki/Routing...ation_Protocol
This will be more 'research' and work if you have never done this but might be nice to know how it works (never used this under linux but it's on my todo list, only used it on cisco router and other hardware firewalls)
 
Old 12-31-2010, 03:40 AM   #4
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Original Poster
Rep: Reputation: 72
From your responses.... I'm going to have fun

Adding the routes to all the devices is lame (and some can't have routes added, they are xboxes, etc) however I dont think the current firmware on the MAIN router will let me either.


How about if I moved DHCPd onto my "server" as well, and maybe a DNS Server too, would this help it resolving the routes?
 
Old 12-31-2010, 03:58 AM   #5
randomcoww
LQ Newbie
 
Registered: Dec 2010
Distribution: Xen, Gentoo
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by djsmiley2k View Post
From your responses.... I'm going to have fun

Adding the routes to all the devices is lame (and some can't have routes added, they are xboxes, etc) however I dont think the current firmware on the MAIN router will let me either.


How about if I moved DHCPd onto my "server" as well, and maybe a DNS Server too, would this help it resolving the routes?
No. The problem is that your gateway router doesn't know where to send traffic in the 192.168.2.0/24 range. Its not in its routing table so it will try to go out the default gateway out to the internet (where obviously it will fail).

You need to set a static route on your gateway which directs 192.168.2.0/24 traffic to your server box. A routing protocol as brought up above just automates this process.
You can run NAT on your server as an alternative so that your server and the 192.168.2.0/24 network is treated as one device.
 
Old 12-31-2010, 05:25 AM   #6
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
Putting a static route in the gateway router for 192.168.2.0/24 would be the easiest way. I just looked at the manual for a DLink G604T and you can do it with that, however it's a bit hit and miss how much consumer grade routers will let you configure.

You could put a wireless card in your server and set it up as an access point. Your server will then route between the wireless and wired networks and do NAT on both for the internet side. Additionally you will be able to lock the internet side of the server down more.

However there doesn't seem to be much out there for setting up a Linux router with UPnP

http://linux-igd.sourceforge.net/
 
Old 01-02-2011, 05:16 PM   #7
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Original Poster
Rep: Reputation: 72
The UPnP I could get over if I had to....

As for running as a AP, its something I've concidered but will need a card to support it, as my current one didn't when I tried about a year ago (RT61/RT2561).

I'm having some strange issues with the network at the moment, simply everything connected normally via wifi, yet nothing is seeing one of the machines on the wifi randomly. Will need to fix that before I carry on
 
Old 01-07-2011, 02:10 PM   #8
Dani1973
Member
 
Registered: Dec 2010
Distribution: Debian testing
Posts: 148

Rep: Reputation: 16
If the lack of UPNP isn't a problem I think that switching to a single router (like using a linux box) would be the best solution.

For the wireless network you could still use a simple NIC in you box connected to a access point. This might also give you some advantages like being able to connect a wired device if needed (can be handy for testing your router settings) and if ever want to change the wireless (future speed or standard upgrades) you only have to put a new AP and avoid finding a compatible wireless adapter for your linux box.
 
  


Reply

Tags
diagram, networking, proposal


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
b43-fwcutter-no connection with WEP encrypted network while WPA network works blorpton Linux - Networking 6 01-25-2010 03:06 AM
NETWORK transmit errors - assuming offline / NETWORK restart failed, could not find gcan Linux - Networking 3 11-13-2009 08:01 PM
Unable to connect to wifi network with network manager. Poss authorization issue openSauce Linux - Networking 14 12-13-2008 11:05 AM
LXer: Network World names Zenoss Clear Choice for Network Management LXer Syndicated Linux News 0 06-20-2007 09:01 AM
3c905C network card in docking station. Cannot activate network device eth0. pathelms Linux - Networking 4 04-12-2006 03:55 PM


All times are GMT -5. The time now is 04:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration