Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ive scanned through the relevent howtos, and the NAG, and most of whats there is confusing to me primarily because much of it is out of date. Is there a straightforward uptodate recipe someplace to take me through the steps to implement:
- LinuxBoxRouter with 2 nics NAT sharing DSL --> LAN (win) workstations
- IPtables firewall secured
- Logging i/o megabytes monthly to each workstation
What im doing is setting up a LAN in my neighbourhood, which involves 17 houses, some in the same building and also 2 nearby buildings. ( underground exterior grade CAT5) ** I need the accounting/logging to make sure no one user abuses the bandwidth, or at least they pay for it.
I know that this, or variations on this, question has probably been asked 6,000,000 million times before in which case there will, grin, be a nice tidy document on line somewhere!
So far:
-Mandrake 8.2 (2.4 kernal) , one NIC ok,
-Samba going nicely
-SSHd going good
-ProFTP server ditto.
-Apache /php/mysql going nicely
-LAN up on fixed IP addesses. (192.168.0.x)
-DSL router goin nicely--cheap too (Billion 7100 ~US$50)
(Router NAT standing in until LinuxNAT configured)
Feels like im almost there! I learn fast, but i got a bit wobbly when NAG said i had to rebuild my kernal to implement ip accounting... Is that so?
Peter
** ps. anyone know what the tolerance is in the 300ft ethernet limit, one of my links is 105m. ?? If i use switches both ends, no joins and just a 45 plug each end will it work?, at least at 10M?
Ok, too big a question. Breaking it down, whats the difference between ip accounting and just using the iptables counters to track ip data movements? Or is it the same thing?
- LinuxBoxRouter with 2 nics NAT sharing DSL --> LAN (win) workstations
You need:
- PPPOE software (prubably pinguin) and adsl-scripts to connect you second NIC to Internet and Obtain you public address
- You need to cofigure you NAT with IPTABLE and forward rules
- IPtables firewall secured
You need extensive knowledge of IPTABLES
Or something right out of the box :-)
Since I was not able to find such thing, I did design one, I will put it on my site. It is a rpm based installation and very easy to configure.
> PPPOE software (prubably pinguin) and adsl-scripts to connect you second NIC to Internet and Obtain you public address
I think im gona still rely on the dsl router for the PPP using half bridge mode. That way the router does the login process but no NAT.
> Since I was not able to find such thing, I did design one, I will put it on my site.
Cool, I might give that a shot too.
>- Logging i/o megabytes monthly to each workstation
>****** I would be very interested on how to do that! *******
Yes, thats the nub of it for me. I mean thats the reason to use the linux box, the hardware router is proving otherwise acceptable, firewall is good, and stable enough.
Im taking the START approach. Throw the 2nd NIC in, install iptables and just keep reading. Which BTW i found some good tutorials at :
2. Use the automatic iptables counters
This involves (contrary to NAG2) no kernal recompile in 2.4 seriies kernals of RedHat ilk. All the netfilter modules are autoloaded on demand. All you have to do is insert a rule into the firewall with no action and it is automatically accounted. eg the rule:
iptables -A INPUT -s 192.168.0.15 #tracks inbound data from machine .15
iptables -A OUTPUT -d 192.168.0.9 #tracks outbound to machine .9
This assumes fixed ips, but you can also track by MAC address using -m mac xx:xx:xx:xx:xx etc. To retrieve the byte counts use this (as root):
iptables -L -v
This method is ok for small networks, but it seems that you need to add at least two rules per computer, and i guess that after some hundreds inserted you are going to slow the routing down.
Another variation on the solution in both models above is not to Route at all but just to listen in promiscuous mode. So i could leave my new ADSL (Billion) Router ( which hasnt crashed yet fingers crossed) to do the actual routing, and just use the linux box to account passively to the side as it were. In this case id need to find, an old hub to go after the hardware router so that my switchs dont hide the LAN traffic.
This just leaves me with a small problem. Can anyone explain to me why cron wont run this counter retrieval script properly
The script runs but the syscall to iptables fails (quietly). Idve thought cron ran that script as root, see'n as the job was setup by root, but it looks not. The script runs fine manually as root , but as any other user it also fails. SO how to i get it to run as root?
Distribution: #1 PCLinuxOS -- for laughs -> Ubuntu, Suse, Mepis
Posts: 315
Rep:
I can only asnwer the ps question ... .but with reluctance.
running ethernet between buildings is not a good idea !!! The houses have different grounds and the NIC cards have transformers who's center tap is connected to the ground. Ethernet signal is magentically coupled AC circuit.
NIC cards ports in hubs and routers don't have the capability to handle the common mode voltage that can result, also the chances of a outside static discharge damage to your ports is pretty good bet.
Ethernet will work a few feet more than 100m .. the spec is based on the round trip delay from one side to another .. if you use switch instead of a hub to connect different nodes, it's less of a problem. Most of the problem would occur under heavy traffic .. when two nodes may start colliding with each other .. singal S/N probably will make it over a 20% tolerance.
You might want to consider other solutions, that will work more reliably and may be a few more dollars upfront .. will be a lot cheaper after a stormy night .
conside wi-fi .. with an external antenna .. there are literarlly hundereds of vendors who will promise upto a few miles .. but the house owner also has to have an external antenna (typically) . about a 2x8" thing
other solution might be to run fiber between homes .. cheap transreceivers are available.
Hello everybody!
I would agree to the lost posting.
You have some tolerance in ethernet .105m could be O.K as long as you don´t have magnetic/electric fields around.
But the influence of only one machine which uses heavy power reduces the distance you can go with ethernet quickly to maybe 50m .
Best solution would be fiber I think .
Yes. Ive thought lots about this, and lost a bit of sleep over it. When i priced fibre it was $8 per m (4 core) plus specialist termination costs, plus fibre-ethernet transducers at each end. The cat5 is planned to run in 40mm conduit (already laid) about 2 feet underground. The 3 buildings all run off the same transformer and that along with all the DPs, power cabling and earthing stakes are all new. For this reason, and the fact that we have so little lightning, (and ground strikes are almost unheard of ) i felt justified in using cat5e gel filled.
But you raise good points about proximity to power sources.
The data cables themselves will lie in the same trench as power cables and water pipes and a few less obnoxious services. Actually the power - data seperation is about 1 foot. This separation is mostly maintained as the cable runs into the building slab and into the patch panel, although there are the occasional (non parallel) crossings with power cables. Having said that the power cables are not working very hard, as each house has only 25 amps capacity (gas/solar/etc).
What sort of thing categorises as "one machine which uses heavy power "
Also the 100m length thing was a side effect of my earlier hub based star design. Now that switches are available cheaply I could perhaps look at daisy chaining each block( i was told that you shouldnt daisy chain hubs too much)
Hi !
Sorry I cant give you exact informations .
I only remember when I worked with s.o. who did network-installations in factories.
It was some kind of steel-factory ( which I cannot explain exactly in english ).
Cables were appr. 3 - 5 m above these mashines and we never only touched 100m of cable lenght.
We had to use fiber because he told me that with this kind of electrical fields ethernet will not exceed 30! m.
If you like , write me an email ( address in profile )
than I can give you his email-address and you can ask him.
I dont want to put his email into a public forum without having asked.
You could post his answer here later for everyone.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
).
