LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-27-2005, 10:17 AM   #1
tireseas
Member
 
Registered: Jun 2003
Location: London, UK
Distribution: Slackware 10 & 10.1
Posts: 149

Rep: Reputation: 15
Setting up a home network - several questions


Hello

I am a networking noobie having only recently been able to set up a two machine home network as a proof of concept and to familiarise myself with some of the ins and outs. In this set up I have been able to ssh and nfs and host a test web-page successfully.

Now I am wanting to extend the learning curve (being the glutton for punishment that I am ) by setting up one box as a router/firewall open onto the Net (I'll call this Box A), and then via a switch, connect up 2 boxes (called Box B and C) and 1 laptop. I am wanting to set it up to use IP masquerading (and have the docs to work through for that) so that several people can access the Net simultaneously.

These are my queries:

1. By having Box A open onto the Net, can I host both web-pages as well as be the box within which I have the firewall? It makes sense to have the Net-facing box host the firewall, but would hosting web-pages be a disadvantage? Would it better to try and serve web-pages from within the firewalled zone (i.e. from Box B or C)?

2. Is there any particular advantage to having an ordinary user a/c on Box A for day-to-day maintenance and simply su to do admin work that require root permissions, or just keep a root a/c only?

3. Is it necessary to have firewalls on each computer within the firewall zone (i.e. Boxes B & C) or would doing so only complicate things unnecessarily?

4. I am presuming that any IDS would be installed on Box A, but just to make sure ...

5. Will it matter which Box the printer connects to? I was thinking of connecting it to Box A, but ...

6. Which services can be turned off? I know that portmap has a bad rep and advice seems to be to usually turn it off. However, will nfs still work with portmapper turned off? In my (limited) experience it seems that nfs requires portmapper, but I could be wrong. I won't be needing to run DHCP, and given the description of what I am intending to do, what other services can realistically and safely be turned off?

7. I am intending to set up the IP addresses as follows:

Box A 192.168.1.1
Box B 192.168.1.5
Box C 192.168.1.7

Any particular problems here?

8. Would Box A be the gateway machine? If so, can it take the address 192.168.1.0 ?

There will undoubtedly be further questions, but these are some of the more pressing thus far.

Any help would be great.

TIA

Andy
 
Old 01-27-2005, 03:18 PM   #2
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
Re: Setting up a home network - several questions

Quote:
Originally posted by tireseas
These are my queries:

1. By having Box A open onto the Net, can I host both web-pages as well as be the box within which I have the firewall? It makes sense to have the Net-facing box host the firewall, but would hosting web-pages be a disadvantage? Would it better to try and serve web-pages from within the firewalled zone (i.e. from Box B or C)?
I have this setup on my own server so I will try to give you the benefits of my experience. Use a minimal install on A. No gui, just basics and set it up as a router/firewall/server

Quote:
2. Is there any particular advantage to having an ordinary user a/c on Box A for day-to-day maintenance and simply su to do admin work that require root permissions, or just keep a root a/c only?
You will find the user account useful for sending mail via the server. I use php mail scripts to send to my own a/c on localhost. This means not having e-mail addresses that can be harvested.

Quote:
3. Is it necessary to have firewalls on each computer within the firewall zone (i.e. Boxes B & C) or would doing so only complicate things unnecessarily?
No but it can protect you in case you are penetrated, but make sure you use different passwords.

Quote:
5. Will it matter which Box the printer connects to? I was thinking of connecting it to Box A, but ...
Not really.

Quote:
6. Which services can be turned off? I know that portmap has a bad rep and advice seems to be to usually turn it off. However, will nfs still work with portmapper turned off? In my (limited) experience it seems that nfs requires portmapper, but I could be wrong. I won't be needing to run DHCP, and given the description of what I am intending to do, what other services can realistically and safely be turned off?
Avoid using nfs. You can ssh through to the server and I personally use KBear with ssh (which is gui) to do most of my work on the server. I don't run ftp and have turned it off

Quote:
7. I am intending to set up the IP addresses as follows:

Box A 192.168.1.1
Box B 192.168.1.5
Box C 192.168.1.7

Any particular problems here?
That's fine but you are probably going to use a second network card in A and you must use a different subnet for the other card. I take the connection from A to a hub and connect the other boxes to the hub. I use ip-masquerade and have used MonMotha's firewall script that does most of the work in terms of forwarding and using ip-masq. If you use eth0 as the connection to the net and eth1 for connection to the lan then on A the gateway is the address of eth0 and for the lan the gateway is eth1.

Quote:
8. Would Box A be the gateway machine? If so, can it take the address 192.168.1.0 ?
use the address you suggested above as "0" is protected.
 
Old 01-27-2005, 05:16 PM   #3
draggin
Member
 
Registered: Jan 2004
Location: Bournemouth UK
Distribution: Debian & Mepis
Posts: 108

Rep: Reputation: 15
OK here my take on your requirements

1)Why not use something like IPCop Firewall (your box A), which is linux based firewall software and will run on a range of lower spec PC's. Having a firewall you don't really want to run other software on it as you could end up compromising your Firewall. To get round this you install a third network card (IPCop has two by default, one for the internal network and one for the internet connection). The third card would give you access to an area called the "DMZ" which is an area where a web server would sit.

2)In the above case you would have a setup and admin accounts

3)It will depend on the circumstances of your network but if it is for a home network and you are implementing proper file surcuity then only those user who have the correct rights to access the correct files

4)Yes I beleive it is snort

5)Printers (and any other bits of kit) should be connected to boxes B, C, D, E, etc.

6)Using IPcop you will only have the basic service running or available and can easily be turned off via the web interface.

7)No Problem

8)Yes it would be the gateway and no you can't have that IP address, if you used IPCop for box A it would have three IP addresses, one would be the internal lan which would be 192.168.1.1 (you set it to what you want.) and this would be your gateway address. The Internet network card would have a static IP address as given to you by your *ISP and the DMZ networkcard would also have a static IP address given to you by your ISP.

* You will need a cable or adsl supplier who will give at least 2 static IP addresses

Hope this helps

Tim
 
Old 01-28-2005, 01:22 AM   #4
tireseas
Member
 
Registered: Jun 2003
Location: London, UK
Distribution: Slackware 10 & 10.1
Posts: 149

Original Poster
Rep: Reputation: 15
Thanks TigerOC & Tim

These were both very helpful pointers for me to consider. As I said, I am still in the contemplative stage but am rapidly running out of excuses to not do it

I do have an old machine with a small HDD and low CPU rating (can't recall the specs off hand) which might just be able to take a minimal installation and act as a firewall/router, and then I'll use another box as a web-server inside the "DMZ". I'll give it some more thought over the weekend and experiment with the old machine to see what it can/cannot handle.

Thanks for your comments folks. I'll probably be back with more questions ...

Cheers

Andy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up a home network mrh7184 Linux - Wireless Networking 5 11-23-2005 11:59 AM
Really lost in setting up home network webwolf70 Mandriva 2 09-22-2004 04:46 PM
Need help setting up a home network. joe83 Linux - Networking 7 08-09-2004 02:58 PM
Help with setting up home network plehman Linux - Networking 1 02-14-2004 12:15 PM
Setting up a home network gi13s Linux - Networking 1 08-06-2001 08:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration