LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-04-2011, 03:54 PM   #1
holroyd
LQ Newbie
 
Registered: Sep 2010
Posts: 12

Rep: Reputation: 0
setup home network with nas and central server


Hi,
I'm after a bit of advice on how to setup my home network.

We've got the following scenario:

our house is split over 2 levels and each level has its own patch panel/switch with (ethernet) lines into each room and
one line going down into the basement. the idea at the time was that each level can be its own independent unit.

I'm looking at the following setup:
put the DSL modem in the basement and feed the two levels. The thing is that i have NAS system where i want to share
media filas and some personal files accross the home network and i want to setup our own little CMS system... The CMS would be
on a ubuntu server running various virtual appliances for db, app server etc.

I don't really want the NAS server to be accessed at all from the internet and only really from the ubuntu server and its virtual
appliances.

ideally i would like to grant access to the NAS on IP or mac address basis to be really sure...

i've been looking at the netgear pro safe dual http://support.netgear.com/app/products/model/a_id/2425 it seems like it could do what i
want, but i only know enough about network security to get me into trouble.

I'm unsure whether a single router could even do the job or whether its better physically separate NAS and server
in a type of subnet behind its own router ...

appreciate any ideas.

thanks,
michael


ADSL Modem
|

Router
--> +
|
+-- NAS
|
+-- Ubuntu Server (virtual applicances - ldap, application servers, db. . . )
|
|
+-- other pcs
 
Old 06-04-2011, 04:18 PM   #2
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,220
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Hi,

Unique challenge, I like it.
So, a DSL modem, and a router? Like mine (a Dlink modem/router) the router has a block list. It would be nice to put the NAS in that list to keep it from being accessible from the outside. You can prevent it from going out, from someone accessing it or both, and the protocol (TCP/UDP) should be an option as well...

Quote:
ideally i would like to grant access to the NAS on IP or mac address basis to be really sure...
Ehrm...you're on the right track here, so: be sure, because that is the option.

I dont see what type/make, but the manual should provide some help. Typically, a modern device has a web interface (192.168.1.1 typically, but...refer to the manual) - load it in the web browser and do the settings. Also, (of course) set the admin pass to the router, but...hey, you know this.

I'll keep this thread in my watch list!

Thor
 
Old 06-05-2011, 02:58 PM   #3
holroyd
LQ Newbie
 
Registered: Sep 2010
Posts: 12

Original Poster
Rep: Reputation: 0
hey thor,
thanks for taking an interest :-)

just a couple more things - want to make sure i'm on the right track...

the router from my isp has a block list (ip based) so i could filter all traffic that isn't 192.168.* that would take care of outside traffic hitting, say the nas server? i don't suppose its possible to fake 192.168... addresses in packets? i have seen a router (for WLAN) where you could filter based in MAC i liked that idea...

now if i want to limit/control access within my network to the NAS and my home server. so for example: i'd want my laptop/pc to access server and nas for say remote admin. but not the kids, visitors etc they would access certain server apps like a web server etc.

For that kind of config i would need those to to either come directly off of the main router (which means put them in the basement) or replace the simple lan switch with a router? Then that router could control which internal packets may get through.

I was thinking of installing a virtual proxy/firewall like m0n0wall (http://doc.m0n0.ch/handbook-single/#id11553347) as a vmserver and that controlling access to NAS and other virtual appliances. I don't know whether this is a good idea or how to go about this (ie making sure packets hit m0n0wall first).

Code:
(secondary router (or switch + m0n0wall) placed before NAS and home server)
  Router--+
          |   
          X---+--NAS
          |   |
          |   +--Server
          |
          +---PC
          |
          +--PC
          |
          +...

thanks,
m.
 
Old 06-05-2011, 03:16 PM   #4
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,220
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Quote:
i have seen a router (for WLAN) where you could filter based in MAC i liked that idea...
Most routers are able to do that, I dont know the make of the IPS's router, but it is bond to have the same ability.

Now, as far as limiting access is concerned.

Quote:
now if i want to limit/control access within my network to the NAS and my home server. so for example: i'd want my laptop/pc to access server and nas for say remote admin. but not the kids, visitors etc they would access certain server apps like a web server etc.
Fully feasable, in fact, the better option. You may not be able to avoid someone "knocking at the door" but a password will prevent access. An example: the WLAN router has an IP address of 192.168.1.1, once that address is entered, the page will want a password. But, a freely accessible webserver can also be available,on say 192.168.1.10, with webb apps freely available to visitors, and via a password for the kids. The router needs to filter who accesses the LAN by filtering the MAC address.

Quote:
that would take care of outside traffic hitting, say the nas server? i don't suppose its possible to fake 192.168... addresses in packets? i have seen a router (for WLAN) where you could filter based in MAC i liked that idea...
That is the very escence of hacking: spoofing addresses, names, ...
You are on the right track on the MAC filtering...

Quote:
The username is admin and the default password is mono.
From the documentation...do change that, will ya. As soon as you have started configuring (or as soon as possible) change the password in something hard. The name of your poodle, or your licenceplate on the car will not do, try a mumber/letter combo, like CC577?a&2 - let them crack that...

Okay, but...alll in all, you're on the right track...I'll be watching this thread in case it's needed!

Thor
 
Old 07-17-2011, 04:13 AM   #5
holroyd
LQ Newbie
 
Registered: Sep 2010
Posts: 12

Original Poster
Rep: Reputation: 0
again, thor, thanks for taking an interest.

i've set my little network up now:

1. ubuntu 11.04 server with two nic the eth0 is connected to the "WAN" ie my internet providers router, eth1 to my 'internal' network switch.

2. i've setup vmware server with two bridged networks each connected two one of the nic's (vmnet0 -> eth0, vmnet2 -> eth1)

3. setup a monowall firewall as a vm and connected the WAN/LAN interfaces to the appropriate ports

i can get monowall to act as a dhcp server for the machines on the internal network by setting dns forwaring.

So basically it works but there are a couple of questions:

1. currently the server is reachable from both eth0 and eth1. i need access from eth1 to get to the server but i guess i could shut down eth0 no ? how would i do that ? setup a NAT in the server to forward all traffic on eth0 to the monowall?

2. this ones a little tricky. it seems that when connecting to certain sites on the internet going via the monowall is very slow. ping to those sites does not show any significant differenc (ping from pc on ip router vs ping from pc on monowall->router). and it doesn't seem to be all sites. one example is au.finance.yahoo.com but other australian sites are fine. how would i go analysing soemthing like that ? i installed wireshark on the client pc but there didn't seem to be much of a diffenrence in bad packets etc when comparing the two scenarios....

cheers,
m.
 
  


Reply

Tags
nas, network


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to setup Central Nagios monitoring server babunix Linux - Software 7 09-02-2010 02:41 PM
vsftpd with central authentication, but without home directory on the server Blue_Ice Linux - Server 3 05-12-2010 12:32 PM
Setup BIND server for home network masenko703 Linux - Newbie 3 09-24-2009 07:27 PM
Home folder setup with a NAS trbelmore Linux - Server 1 10-10-2008 05:37 PM
Central file server in home environmant General Chaos Linux - Networking 2 08-21-2006 09:15 AM


All times are GMT -5. The time now is 10:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration