View Single Post
  #4   (View Single Post)  
Old 29th June 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by sharris View Post
At one point I could not even ping a website by name because of my packet filter rules (I know nothing, just using something I found) so I disconnected...


I hope you recognize that the probability for success attainable with such a methodology is quite low.

As for sources of information on pf(4), Hansteen's manuscript is one of the better free introductions on the subject:

http://home.nuug.no/~peter/pf/

When it comes to home networking, & especially for those that are doing it the first time with no prior experience, the best rule is to start simple. Given that you are going to have multiple machines connected to the Internet through a common gateway, understand pf(4) first. No points are awarded for blind guessing.

Once you are comfortable with setting up NAT on the external gateway, connect to it one machine. At this point, do all ping tests by IP address. If all internal machines are being assigned fixed IP addresses, ping between all machine will only work if you have the subnetting correct. Don't bother with pinging by names until all machines can interact with each other at the IP address (Layer 3) level.

Once you can get two machines to talk to each other by IP address, add a third. Once all three can communicate as expected, add a fourth, etc. As more machines are added to the internal network, the higher the probability that subnetting problems may arise. Understand the subject well.

Your posts mention problems with accesses by name. This is the last problem you should correct. It is unclear from your posts if you have your own DNS server for your internal network, or whether you are under the incorrect impression that your ISP's DNS server will allow you to communicate on your internal network by name with the same nameserver. Recognize that name resolution can also be done at the hosts(5) file level so you don't have to dedicate a machine to act as a DNS server. Also recognize that name resolution is not a requirement. If only a handful of machines are being connected together, you should be able to remember their IP addresses. Yes, it may not be as easy, but ensure that the network works before layering on name resolution.

Again, start simple. Don't try to introduce name resolution until you are perfectly clear that all nodes in the network can talk to each other by their IP address only.

Networking is deceptively simple given that (most likely) Category 5 cables are simply being plugged into RJ45 connectors on network cards/hubs/switches. One does need a basic understanding of the following:
  • cabling -- straight versus cross-over.
  • subnetting.
  • NAT.
Putting it together requires being methodical in a very disciplined approach, & build in very small incremental steps.
Reply With Quote