DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th July 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Thanked 8 Times in 8 Posts
Default Resources for Home Network Design and Implementation

Hello,

I am thinking of networking together the computers in my house (those I have and those I will get). Here is the general network layout I am thinking of:

Code:
                                                       ----------
                                                  |---|Computer 1|
                                                  |    ----------
                                                  |
                 ---------     ---------------    |    ----------
---phone line---|DSL modem|---|firewall/router|---|---|Computer 2|
                 ---------     ---------------    |    ----------
                                                  |
                                                  |    ----------
                                                  |---|Computer 3|
                                                       ----------
What I am looking for right now are good resources that I can read up on for the configuration and implementation of such a network. Things I would think I need to read up on are configuring the firewall, how to allow each host to talk to each other (ftp, ssh, vnc, etc.), how to have each have access to the internet with only one DHCP assigned IP address from the ISP, how to setup a network printer(s), etc.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #2   (View Single Post)  
Old 10th July 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by JMJ_coder View Post
What I am looking for right now are good resources that I can read up on for the configuration and implementation of such a network.
If you really want to learn networking well, there isn't a cookbook recipe. I would suggest:
  • Learn IP addressing first. Many of the details you will be forced to learn here will hold up when working with various protocols. A classic paper on the subject is the following:

    http://www.3com.com/other/pdfs/infra..._US/501302.pdf

    ...however note that the formatting has problems with superscripting.
  • At this point, you should have sufficient background to understand what DHCP is doing. Read the manpage to dhcpd.conf(5) for configuration issues. The NetBSD Wiki has more information:

    http://wiki.netbsd.se/How_to_set_up_a_DHCP_Server
  • Next, start reading on firewalls. Note that NetBSD aficionados can use PF originating from the OpenBSD project. One of the better introductory papers is Hansteen's:

    http://home.nuug.no/~peter/pf/
  • As J65nko will say, learning tcpdump(1) is imperative to debugging firewall issues. Wireshark is another popular packet sniffer:

    http://pkgsrc.se/net/wireshark
  • As for the other protocols/applications mentioned, become very familiar with the information in the appropriate manpages. Reading RFC's will build character too.
  • If you want to play with DNS, I would suggest leaving it out until late in the game. Make sure more basic elements are working well first.
When trying to learn networking, it is best to keep the configuration simple until you have developed enough experience to diagnose the various problems which you will likely encounter. A favorite patron back on BSDForums never heeded this advice, & constantly whined about how nothing worked after he had piled layers of applications on top of each other where he didn't understand any of them.

Lastly, poke around the Internet & decide for yourself what is important to you.
Reply With Quote
  #3   (View Single Post)  
Old 11th July 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Thanked 8 Times in 8 Posts
Default

Hello,

Thanks for the resources. I actually do know the basics of networking (CCNA), but they never taught us about what I am planning on doing. It was geared more toward basic connectivity and Cisco router configuration than something like a home network (though it was discussed in a chapter we never got to). I guess the thing I am most timorous about is that while the ISP (and therefore the outside world) will only see me as one host, I'll actually have a small network - and how do I implement that? I don't know if NAT will solve that problem entirely, or if there is a better solution. Hopefully in that documentation you provided, there will be a discussion on this.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #4   (View Single Post)  
Old 11th July 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by JMJ_coder View Post
I don't know if NAT will solve that problem entirely, or if there is a better solution.
Based upon what you described earlier, NAT should provide what you need. For PF's discussion, see the following:

http://openbsd.org/faq/pf/nat.html
Reply With Quote
  #5   (View Single Post)  
Old 11th July 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Thanked 20 Times in 18 Posts
Default

Quote:
Originally Posted by JMJ_coder View Post
Hello,

Thanks for the resources. I actually do know the basics of networking (CCNA), but they never taught us about what I am planning on doing. It was geared more toward basic connectivity and Cisco router configuration than something like a home network (though it was discussed in a chapter we never got to). I guess the thing I am most timorous about is that while the ISP (and therefore the outside world) will only see me as one host, I'll actually have a small network - and how do I implement that? I don't know if NAT will solve that problem entirely, or if there is a better solution. Hopefully in that documentation you provided, there will be a discussion on this.
Sorry to be blunt but the majority of CCNA students still know *nothing* about networking even though they get pretty good mark, especially when it comes to *nix environment.

If you are given one public IP, in your case, NAT (NAPT) is the only way for more than 1 PC talking to the outside world
Reply With Quote
  #6   (View Single Post)  
Old 11th July 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Thanked 8 Times in 8 Posts
Default

Hello,

Quote:
Originally Posted by 18Googol2 View Post
Sorry to be blunt but the majority of CCNA students still know *nothing* about networking even though they get pretty good mark, especially when it comes to *nix environment.

If you are given one public IP, in your case, NAT (NAPT) is the only way for more than 1 PC talking to the outside world
It's a great program if you will work with only one or two types of Cisco routers (the ones they train you one) - and it at least gives a good foundation for networking basics, such as IP addresses and subnets and the OSI and TCP/IP protocol stacks and what is an ACL (that is what is, not how to make a really good one).

But, you are correct that it doesn't prepare their students well for general *NIX network administration (i.e., setting up firewalls, setting up DHCP, etc.). I'm learning it a bit at a time - slowly, but surely.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #7   (View Single Post)  
Old 11th July 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Thanked 8 Times in 8 Posts
Default

Hello,

Quote:
Originally Posted by ocicat View Post
Based upon what you described earlier, NAT should provide what you need. For PF's discussion, see the following:

http://openbsd.org/faq/pf/nat.html
Thanks, that will provide me with some good reading material.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #8   (View Single Post)  
Old 12th July 2008
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 774
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by ocicat View Post
Wireshark is another popular packet sniffer:
Wireshark is removed from the OpenBSD ports three due to the security issues. That would be good enough reason for me
not to use it even if I was running some other *BSD.
Reply With Quote
  #9   (View Single Post)  
Old 12th July 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by Oko View Post
That would be good enough reason for me
not to use it even if I was running some other *BSD.
While I freely admit what Wireshark does with permissions seems to be a bit kooky, I suspect the OpenBSD project objects most to its free-wheeling development model. I also suspect that until the Wireshark boys fix this, Theo & the gang will not reconsider.

Nevertheless, Wireshark has one of the better GUI's for providing context quickly on multiple levels. While other packet sniffers can only approximate this perspective through carefully crafted filters, it takes time & experience to carefully construct useful filtering on the fly. Most new to packet sniffing obviously don't have this perspective & lose sight of the goal by seeing an endless stream of meaningless hexadecimal values. Wireshark's ability to add context is its greatest value.

Is there a risk in using it? Yeah, but so is getting into a car. I don't discount the OpenBSD project's stand, but this also isn't a production environment. People have to learn somewhere.
Reply With Quote
Old 12th July 2008
jb_daefo jb_daefo is offline
Package Pilot
 
Join Date: May 2008
Posts: 196
Thanked 5 Times in 5 Posts
Default

when I ordered dsl I spent many hours finding ppp.conf's for pppoe. Discovered
by accident that the self-install kit goes online with a simple
#ifconfig....(stuff)
and then a
#route ...... (stuff) , and not with pppoe.
..........................................
stymied in configuring a Cisco router behind it. Discovered by accident that
an older dsl-or-router haphazrdly configured suddenly works.
..........................................
With that in mind, it would help a lot of people looking to set up dsl on BSD
if you document precisely the steps taken to setup in your situation, put it
somewhere, like here in guides...
....................................
__________________
using /LOOKAT/ with /var/db/pkg files and portmaster/aliases/pipes/find/grep to meteorically speedup port upgrades/installs...
Reply With Quote
Old 13th July 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Thanked 8 Times in 8 Posts
Default

Hello,

Quote:
Originally Posted by jb_daefo View Post
when I ordered dsl I spent many hours finding
ppp.conf's for pppoe. Discovered
by accident that the self-install kit goes online with a simple
#ifconfig....(stuff)
and then a
#route ...... (stuff) , and not with pppoe.
..........................................
stymied in configuring a Cisco router behind it. Discovered by accident that
an older dsl-or-router haphazrdly configured suddenly works.
..........................................
With that in mind, it would help a lot of people looking to set up dsl on BSD
if you document precisely the steps taken to setup in your situation, put it
somewhere, like here in guides...
....................................
I guess it depends on how your ISP operates. Mine does all the pppoe on the modem itself, which also acts as a router. So all the computer has to do is a simple DHCP request.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
Old 14th July 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

It would appear by your situation that you have to use NAT. You have more than one machine in the network, and are only receiving one DHCP-assigned address... that spells NAT lol.

Also, I see and support ocicat's defense of wireshark. While it may be a security issue itself, it's also a wonderful learning tool with which to familiarize yourself with L2 networking.

As a last posit- If you are going to use OpenBSD for this project (and I highly suggest you do), you may be interesting in pfw . This is not to discourage you from the CLI management of pf- but rather to show you that it can be done very well from a web interface.
__________________
Network Firefighter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Design and Implementation of the FreeBSD Operating System cajunman4life Book reviews 9 27th July 2013 04:04 PM
first match vs last match ruleset design (pf vs iptables) zelut FreeBSD Security 5 12th July 2009 08:13 AM
Math resources ephemera Off-Topic 16 3rd April 2009 12:06 PM
system resources gosha OpenBSD General 7 30th January 2009 12:01 AM
BSD firewall resources J65nko Guides 0 4th May 2008 11:05 PM


All times are GMT. The time now is 05:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick