Re: Hardware needed for home network
John Hasler jhas...@debian.org wrote: If the modem is configured as a bridge it won't speak IP to the server: just PPP (over ethernet). To get to the Internet via the modem the other systems would need to speak PPP. So it's possible to bypass the firewall by using PPP? Ugh Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/osm238xneh@news.roaima.co.uk
Re: Hardware needed for home network
i'm not going to comment on the security of this (mainly spoofing a mac address), but will instead comment on how to do this. you'll need a hub or switch and ethernet cable (obviously). take your 'modem' and hook it up to the device, take the computer(s) and hook them up to the device. on your server, configure eth0 and eth0:0 (or eth0:1, or whatever you like). setup pppoe to use one of those interfaces. (off the top of my head) echo 1 /proc/sys/net/ipv4/ip_forward setup your other virtual device (or whatever linux calls it) with an ip. and, i don't recall the iptables rule to do nat - it's a postrouting rule called masquerade (that should help with google) at this point, packets should be able to be routed from any computer on your physical network with the right subnet and with their default gateway set to your computer's internal ip. you can setup dhcp, bind, or whatever else you like on this gateway server to make life easier with the client computers. i think there's a networking howto you might want to check out (tldb.org iirc). i'm not going to go into how bad doing this with one nic is, and how you really don't have any excuse for not finding an old computer (anything that still boots will work for this) and throwing two nics in it and doing it right. while some might like ipcop and friends, i personally have lots of love for vyatta. vyatta is the shit when it comes to turning a computer into a router - ain't nothing out there that can touch it short of $2k+ of hardware (maybe more).
Re: Hardware needed for home network
Tixy a écrit : On Mon, 2011-02-14 at 11:19 +0100, Pascal Hambourg wrote: Tixy a écrit : The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. Are you sure of this ? Isn't your modem rather working as a plain ethernet bridge, just transparently forwarding the PPPoE traffic between its ADSL and ethernet ports ? If so, then it is an obvious security breach : it is a plain ethernet switch connecting your LAN to the outside world. Thinking about this some more. Even with PPPoE, I can't imagine that the DSLAM in the exchange would be set up to pass and route Ethernet frames down my phone line which had MAC addresses of machines on my private network or which were broadcast packets. I beg to differ. I can imagine anything about an external device which is out of my control, and wouldn't base the security of my LAN on optimistic assumptions. If an attacker takes over the DSLAM, it can first listen to your LAN broadcast traffic leaking through the bridge modem and learn the MAC and IP addresses of hosts on your LAN from it. Then it can communicate directly with them using this information. Is it unlikely ? Yes. Is it impossible ? No. Is it easy to protect against ? Yes, just isolate the modem from the LAN. Seems like that leaves the telco network open to abuse. Telco networks have been cracked and abused. It has happened, it will happen again. Even if the telco network did this, would a home modem just pass these frames through transparently to its Ethernet port? Yes. As a I wrote, a bridge modem works as an ethernet switch. It does not care whether ethernet frames carry PPPoE, IP, or any other protocol. Also, from an efficiency point of view, why send a 48 bits destination MAC addresses down my phone line with each frame? (Or even a source address?). Because that is the way ethernet works. There may be several stations each with a different MAC address at each end of the line. Bridge modems are not used only for point-to-point protocols such as PPPoE. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5a49bb.8020...@plouf.fr.eu.org
Re: Hardware needed for home network
shawn wilson a écrit : on your server, configure eth0 and eth0:0 (or eth0:1, or whatever you like). setup pppoe to use one of those interfaces. eth0:0 is not an interface, it is a label for an 'IP alias', i.e. another IPv4 address on eth0. You cannot use it with pppoe which requires an ethernet-like interface and does not care about IP. PPPoE works directly on top of the ethernet layer and does not require an IP layer nor IP address on the interface. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5a4b00.90...@plouf.fr.eu.org
Re: Hardware needed for home network
On Tue, 2011-02-15 at 03:12 -0500, shawn wilson wrote: [... snipped instructions for setting up machine as gateway and router ...] I wasn't the OP, I already had a working setup. If the OP is still reading this branch of the thread he must surely be convinced that a second NIC is the way to go ;-) -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297794808.1941.7.camel@ubuntu
Re: Hardware needed for home network
Hello, Jason Hsu a écrit : I'm in the process of setting up an old computer as a firewall and server. It needs to connect to my DSL modem AND my main computer. However, this old computer (like every other computer I've had) only has one Ethernet port. I know this is old hat for many of you, but I've never done this before. As others wrote, your best option is to add an ethernet card in the old computer, if it has a free extension slot. And an ethernet switch will allow you to connect more than one station. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d58fecd.5060...@plouf.fr.eu.org
Re: Hardware needed for home network
Andrei Popescu a écrit : On Sb, 12 feb 11, 18:18:24, Tixy wrote: Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ Yes, but only if the modem is also a gateway (NAT + DHCP). On the contrary : only if the modem is not a gateway (otherwise the DHCP will interfere) nor an ethernet bridge (otherwise it will transmit ethernet frames directly between the ADSL and the LAN), and only if it can be trusted. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d58ff8c.8070...@plouf.fr.eu.org
Re: Hardware needed for home network
Tixy a écrit : I know this can be done, but is generally not recommended, unless you have very good reasons not to put a second ethernet card in the server and do it properly. My server is a SheevaPlug [2], so no room for another NIC ;-) Then a VLAN-capable switch comes in handy. You can create two separate VLANs for WAN and LAN. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d59006b.5060...@plouf.fr.eu.org
Re: Hardware needed for home network
Tixy a écrit : The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. Are you sure of this ? Isn't your modem rather working as a plain ethernet bridge, just transparently forwarding the PPPoE traffic between its ADSL and ethernet ports ? If so, then it is an obvious security breach : it is a plain ethernet switch connecting your LAN to the outside world. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5901ac.2070...@plouf.fr.eu.org
Re: Hardware needed for home network
John Hasler a écrit : If the modem is configured as a bridge it won't speak IP to the server: just PPP (over ethernet). Even working as a plain ethernet bridge, an ADSL modem usually has an IP stack for management purpose. Also a bridge does not speak PPP, it just lets PPPoE (an other ethernet) frames through like a switch does. To get to the Internet via the modem the other systems would need to speak PPP. A bridge connects the LAN to the outside. That outside may not be the public internet, but it is something out of your control. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d590680.6010...@plouf.fr.eu.org
Re: Hardware needed for home network
On Mon, 2011-02-14 at 11:19 +0100, Pascal Hambourg wrote: Tixy a écrit : The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. Are you sure of this ? Isn't your modem rather working as a plain ethernet bridge, just transparently forwarding the PPPoE traffic between its ADSL and ethernet ports ? In the UK, its definitely PPPoA to the exchange, and the modem spec says it provides a PPPoE to PPPoA bridge. -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297711890.2333.5.ca...@computer2.home
Re: Hardware needed for home network
On Mon, 2011-02-14 at 11:19 +0100, Pascal Hambourg wrote: Tixy a écrit : The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. Are you sure of this ? Isn't your modem rather working as a plain ethernet bridge, just transparently forwarding the PPPoE traffic between its ADSL and ethernet ports ? If so, then it is an obvious security breach : it is a plain ethernet switch connecting your LAN to the outside world. Thinking about this some more. Even with PPPoE, I can't imagine that the DSLAM in the exchange would be set up to pass and route Ethernet frames down my phone line which had MAC addresses of machines on my private network or which were broadcast packets. Seems like that leaves the telco network open to abuse. Even if the telco network did this, would a home modem just pass these frames through transparently to its Ethernet port? Also, from an efficiency point of view, why send a 48 bits destination MAC addresses down my phone line with each frame? (Or even a source address?). Could use header compression like PPP does, but why bother support it at all? I confess I know too little about any of the facts of this to understand how it all works. Time to do some research. -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297755103.2375.26.ca...@computer2.home
Re: Hardware needed for home network
On Sun, 2011-02-13 at 03:01 +0200, Andrei Popescu wrote: On Sb, 12 feb 11, 18:18:24, Tixy wrote: Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ Yes, but only if the modem is also a gateway (NAT + DHCP). My Firewall/Server does the NAT and DHCP, and is the gateway for my home network. The modem just provides my server with a PPP connection to my ISP. I have ADSL, I don't know if the same architecture would work with cable modems. -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297588976.2340.17.ca...@computer2.home
Re: Hardware needed for home network
On Du, 13 feb 11, 09:22:56, Tixy wrote: On Sun, 2011-02-13 at 03:01 +0200, Andrei Popescu wrote: On Sb, 12 feb 11, 18:18:24, Tixy wrote: Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ Yes, but only if the modem is also a gateway (NAT + DHCP). My Firewall/Server does the NAT and DHCP, and is the gateway for my home network. The modem just provides my server with a PPP connection to my ISP. You mean your modem is connected directly to the switch (in bridge mode?), but the server is doing the NAT? I know this can be done, but is generally not recommended, unless you have very good reasons not to put a second ethernet card in the server and do it properly. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Hardware needed for home network
On Sun, 2011-02-13 at 12:55 +0200, Andrei Popescu wrote: On Du, 13 feb 11, 09:22:56, Tixy wrote: On Sun, 2011-02-13 at 03:01 +0200, Andrei Popescu wrote: On Sb, 12 feb 11, 18:18:24, Tixy wrote: Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ Yes, but only if the modem is also a gateway (NAT + DHCP). My Firewall/Server does the NAT and DHCP, and is the gateway for my home network. The modem just provides my server with a PPP connection to my ISP. You mean your modem is connected directly to the switch (in bridge mode?), but the server is doing the NAT? Yes, the modem [1] doesn't have any other features. I deliberately chose it for that reason as I wanted everything I could under my complete control. :-) I know this can be done, but is generally not recommended, unless you have very good reasons not to put a second ethernet card in the server and do it properly. My server is a SheevaPlug [2], so no room for another NIC ;-) I couldn't see any practical reason for a second Ethernet interface anyway. There's performance issues when input and output traffic share a single interfaces, but as my ADSL speed is 2% of that of the servers Gigabit Ethernet adaptor, that doesn't really factor in. [1] http://www.draytek.co.uk/products/vigor120.html [2] http://en.wikipedia.org/wiki/SheevaPlug -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297596912.2916.35.ca...@computer2.home
Re: Hardware needed for home network
On Du, 13 feb 11, 11:35:12, Tixy wrote: I couldn't see any practical reason for a second Ethernet interface anyway. There's performance issues when input and output traffic share a single interfaces, but as my ADSL speed is 2% of that of the servers Gigabit Ethernet adaptor, that doesn't really factor in. Correct me if I'm wrong, but this means you have two IPs on the same interface, one is public and one is RFC 1918 and all your internal computers are connected directly to the big bad internet (via the switch and the modem). I have serious doubts one can properly secure such an environment, unless all other computers have their own firewall (which treats the local lan the same as the internet), all local services are tunneled (VPN, SSH, ...) and possibly many other things I can't think of. There are so many ways such a setup can go wrong that I wouldn't want to try it unless I was forced, and would definitely not recommend it to newbies. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Hardware needed for home network
On Sun, 2011-02-13 at 15:02 +0200, Andrei Popescu wrote: On Du, 13 feb 11, 11:35:12, Tixy wrote: I couldn't see any practical reason for a second Ethernet interface anyway. There's performance issues when input and output traffic share a single interfaces, but as my ADSL speed is 2% of that of the servers Gigabit Ethernet adaptor, that doesn't really factor in. Correct me if I'm wrong, but this means you have two IPs on the same interface, one is public and one is RFC 1918 and all your internal computers are connected directly to the big bad internet (via the switch and the modem). It's not like that, my server's Ethernet interface only has one, private, IP address. The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. So once my server has 'dialled' my ISP the ppp interface on my server ends up with my public address, which iptable rules can NAT, filter and forward to the private IP range. Unless I've fundamentally misunderstood networking, I can't see how connecting the modem to a separate NIC on the server adds any security. (I don't discount me getting something horribly wrong, this setup is only a few weeks old and my first foray into firewalls and routing.) -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297606152.2571.62.ca...@computer2.home
Re: Hardware needed for home network
On Du, 13 feb 11, 14:09:12, Tixy wrote: It's not like that, my server's Ethernet interface only has one, private, IP address. The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. So once my server has 'dialled' my ISP the ppp interface on my server ends up with my public address, which iptable rules can NAT, filter and forward to the private IP range. Unless I've fundamentally misunderstood networking, I can't see how connecting the modem to a separate NIC on the server adds any security. (I don't discount me getting something horribly wrong, this setup is only a few weeks old and my first foray into firewalls and routing.) You seem to assume it is impossible for a packet to reach one of the other internal computers without taking the detour via the server (and it's firewall). Maybe I'm paranoid, but I wouldn't base the security of my internal network on this assumption. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Hardware needed for home network
On Sun, 13 Feb 2011 14:09:12 +, Tixy wrote: On Sun, 2011-02-13 at 15:02 +0200, Andrei Popescu wrote: Correct me if I'm wrong, but this means you have two IPs on the same interface, one is public and one is RFC 1918 and all your internal computers are connected directly to the big bad internet (via the switch and the modem). I also think so. It's not like that, my server's Ethernet interface only has one, private, IP address. The server uses PPPoE to talk to the modem, which translates this into PPPoA to get to my IPSs equipment. So once my server has 'dialled' my ISP the ppp interface on my server ends up with my public address, which iptable rules can NAT, filter and forward to the private IP range. Unless I've fundamentally misunderstood networking, I can't see how connecting the modem to a separate NIC on the server adds any security. (I don't discount me getting something horribly wrong, this setup is only a few weeks old and my first foray into firewalls and routing.) I see you Vigor acting like an old dial-up modem (with no routing capabilities at all) or like a DSL USB modem *but* having an ethernet port and provided it is connected physically to the same data link layer than the other devices, your whole network is accesible from Internet and you should protect all your computers by setting individual firewalls. To properly isolate your lan from the outside, a second network adapter is needed (one card for handling external traffic connected to the modem and the other card attached to the lan network). The server can then act as a true firewall and protects the lan machines. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.02.13.14.46...@gmail.com
Re: Hardware needed for home network
Andrei writes: You seem to assume it is impossible for a packet to reach one of the other internal computers without taking the detour via the server (and it's firewall). Maybe I'm paranoid, but I wouldn't base the security of my internal network on this assumption. If I understand correctly he has the modem in bridge mode and is running pppd on the server (I am doing this as well though I also have two NICs on the server). Thus there is no IP traffic between the modem and the server: just PPP. Even if the PPP packets were to reach one of the other computers they could do nothing with them unless they were also running pppd. I suppose an attacker could seize control of the modem (hard to do when it's in bridge mode) and then launch an attack, though. Modem firmware has a history of being buggy and full of holes. I'd rather not let it have any access at all to my network. NICs are cheap. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ei7cm0b5@thumper.dhh.gt.org
Re: Hardware needed for home network
On Sun, 2011-02-13 at 09:17 -0600, John Hasler wrote: Andrei writes: You seem to assume it is impossible for a packet to reach one of the other internal computers without taking the detour via the server (and it's firewall). Maybe I'm paranoid, but I wouldn't base the security of my internal network on this assumption. If I understand correctly he has the modem in bridge mode and is running pppd on the server (I am doing this as well though I also have two NICs on the server). Thus there is no IP traffic between the modem and the server: just PPP. That's right Even if the PPP packets were to reach one of the other computers they could do nothing with them unless they were also running pppd. I suppose an attacker could seize control of the modem (hard to do when it's in bridge mode) and then launch an attack, though. Modem firmware has a history of being buggy and full of holes. I'd rather not let it have any access at all to my network. NICs are cheap. My setup replaces a consumer wireless/modem/router and I have no reason to suspect that the new modem is more prone to compromise that the old kit. Considering it's a lot simpler, not doing routing or NAT, I would expect it to have less vulnerabilities all other things being equal. -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297621775.2322.17.ca...@computer2.home
Re: Hardware needed for home network
Tixy t...@yxit.co.uk wrote: Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ Unless there's something strange about your configuration, I don't see how the firewall can firewall in this instance. Can you give me a good reason why Other system(s) shouldn't be able to access the Internet directly via the modem? Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/kl2m28xk6c@news.roaima.co.uk
Re: Hardware needed for home network
Chris writes: Unless there's something strange about your configuration, I don't see how the firewall can firewall in this instance. Can you give me a good reason why Other system(s) shouldn't be able to access the Internet directly via the modem? If the modem is configured as a bridge it won't speak IP to the server: just PPP (over ethernet). To get to the Internet via the modem the other systems would need to speak PPP. Even in bridge mode, though, it may have a Web server accessible via IP. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87aahzmpgc@thumper.dhh.gt.org
Re: Hardware needed for home network
On Feb 13, 2011, at 9:09 AM, Tixy wrote: (I don't discount me getting something horribly wrong, this setup is only a few weeks old and my first foray into firewalls and routing.) Computer security is so much fun! /-; As others have pointed out, it is *possible* for an attacker to get directly to the client machines without going thru your server. However, it's not as likely to actually happen as they make it seem. I can think of a couple of ways a determined enemy could do it, but it would require a specialized attack knowing many of the details of your setup. It's unlikely that a random script-kiddy would have the detailed expertise (or the persistence) required. So... unless you've made some enemies in places like the American CIA or the Russian Mafia you're probably safe. That said, there's a cheap way to be a bit safer: Buy a USB to Ethernet adapter (about US$30 in office supply stores) and use it to attach your Sheeva-plug to the ADSL-Modem. This way you can keep the switch (with only the clients connected to it) on the Sheeva's Gig-E port. Then the hypothetical bad-guy who has taken over the modem has one more level of firewall to get thru in the Sheeva before he can have his way with your client machines. Have fun! Rick -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cc3eaa7-c7d9-4a68-ba43-dd234b3f2...@pobox.com
Re: Hardware needed for home network
On Vi, 11 feb 11, 13:37:10, Jason Hsu wrote: I'm in the process of setting up an old computer as a firewall and server. It needs to connect to my DSL modem AND my main computer. However, this old computer (like every other computer I've had) only has one Ethernet port. I know this is old hat for many of you, but I've never done this before. What do I need to connect my firewall/server computer to a DSL modem AND another computer? I do use an Ethernet cross cable to connect my main desktop computer to my laptop when I need to transfer files. Since the Ethernet port of my laptop no longer works, I have to use a USB-to-Ethernet adapter. You need at least one more ethernet *port* (USB adaptor or internal card) for the server. If you only have one more computer to connect (the laptop?) a cross-over cable will be enough, but if you have to connect more then you will have to get a switch. Get one with auto MDIX (auto-crossover) so you can reuse the cross-over cable. You might also consider buying a home gateway to take care of the network stuff and connect the server to it as just another computer. If I use a regular Ethernet cable to connect the firewall/server computer to the DSL modem, would it work to use an Ethernet cross-cable and USB-to-Ethernet adapters to provide the connection to my main computer? Are there USB-to-USB cross cables? No, but there are USB-to-Ethernet-to-USB adapters that come very close. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Hardware needed for home network
On Fri, Feb 11, 2011 at 02:21:30PM -0600, Jason Hsu wrote: On Fri, 11 Feb 2011 12:17:24 -0800 David Christensen dpchr...@holgerdanske.com wrote: 3. Netgear fast Ethernet (red) and Gigabit (green and orange) switches with normal/ cross-over auto-sensing. What are the differences among a switch, hub, and router? I know that they are used in networking, but I don't understand what setups they are appropriate for. You're asking a lot of good, but basic, questions. I think you might be better off using a store-bought router (with firewall capabilities) so that you can be fairly certain of securing your home network. Then experiment with creating your own firewall within your LAN. Learn how to set it up, learn how to test it using nmap and other tools. I'd just hate to see you mess it up and end up with your LAN open to the internet. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110212125437.gb21...@aurora.owens.net
Re: Hardware needed for home network
On 12 February 2011 22:54, Rob Owens row...@ptd.net wrote: On Fri, Feb 11, 2011 at 02:21:30PM -0600, Jason Hsu wrote: On Fri, 11 Feb 2011 12:17:24 -0800 David Christensen dpchr...@holgerdanske.com wrote: 3. Netgear fast Ethernet (red) and Gigabit (green and orange) switches with normal/ cross-over auto-sensing. What are the differences among a switch, hub, and router? I know that they are used in networking, but I don't understand what setups they are appropriate for. You're asking a lot of good, but basic, questions. I think you might be better off using a store-bought router (with firewall capabilities) so that you can be fairly certain of securing your home network. Then experiment with creating your own firewall within your LAN. Learn how to set it up, learn how to test it using nmap and other tools. I'd just hate to see you mess it up and end up with your LAN open to the internet. Or locked out of your own system with a bastille mis-config. I've done that too. Regards, Weaver -- Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. — Lucius Annæus Seneca. Terrorism, the new religion.
Re: Hardware needed for home network
On Fri, 2011-02-11 at 23:02 +, Chris Davies wrote: If I use a regular Ethernet cable to connect the firewall/server computer to the DSL modem, would it work to use an Ethernet cross-cable and USB-to-Ethernet adapters to provide the connection to my main computer? Are there USB-to-USB cross cables? I'd recommend you keep it simple. Ethernet throughout. Modem --- Firewall/Server --- Switch --- Other system(s) Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ -- Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org) /\ Against HTML e-mail and proprietary attachments -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297534704.3648.10.ca...@computer2.home
Re: Hardware needed for home network
On Sb, 12 feb 11, 18:18:24, Tixy wrote: Would another option not be to just get a switch and not bother with a second Ethernet card in the server? This is the setup I run, i.e. Modem - ++ Firewall/Server --- | Switch | Other system(s) --- ++ Yes, but only if the modem is also a gateway (NAT + DHCP). Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Hardware needed for home network
I'm in the process of setting up an old computer as a firewall and server. It needs to connect to my DSL modem AND my main computer. However, this old computer (like every other computer I've had) only has one Ethernet port. I know this is old hat for many of you, but I've never done this before. What do I need to connect my firewall/server computer to a DSL modem AND another computer? I do use an Ethernet cross cable to connect my main desktop computer to my laptop when I need to transfer files. Since the Ethernet port of my laptop no longer works, I have to use a USB-to-Ethernet adapter. If I use a regular Ethernet cable to connect the firewall/server computer to the DSL modem, would it work to use an Ethernet cross-cable and USB-to-Ethernet adapters to provide the connection to my main computer? Are there USB-to-USB cross cables? -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110211133710.041074fe.jhsu802...@jasonhsu.com
Re: Hardware needed for home network
From: Jason Hsu jhsu802...@jasonhsu.com Date: Fri, 11 Feb 2011 13:37:10 -0600 What do I need to connect my firewall/server computer to a DSL modem AND another computer? My notes here might help a little. I have a special talent for errors. If something is puzzling, ask. http://carnot.yi.org/NetworksPage.html Dalton and Joule each do what you aim for. Regards, ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056907.48794.31577@cantor.invalid
Re: Hardware needed for home network
On 02/11/2011 11:37 AM, Jason Hsu wrote: I'm in the process of setting up an old computer as a firewall and server. It needs to connect to my DSL modem AND my main computer. However, this old computer (like every other computer I've had) only has one Ethernet port. I know this is old hat for many of you, but I've never done this before. What do I need to connect my firewall/server computer to a DSL modem AND another computer? I do use an Ethernet cross cable to connect my main desktop computer to my laptop when I need to transfer files. Since the Ethernet port of my laptop no longer works, I have to use a USB-to-Ethernet adapter. If I use a regular Ethernet cable to connect the firewall/server computer to the DSL modem, would it work to use an Ethernet cross-cable and USB-to-Ethernet adapters to provide the connection to my main computer? Are there USB-to-USB cross cables? I use: 1. IpCop Linux (purpose-built firewall, NAT router, etc., distribution): http://www.ipcop.org/ 2. An old Dell P4, 1.3GHz, 128 MB, 20 GB IDE box with on-board fast Ethernet (Internet/ 'red' subnet) and two Gigabit PCI adapters (LAN/ 'green' subnet and DMZ/ 'orange' subnet'). 3. Netgear fast Ethernet (red) and Gigabit (green and orange) switches with normal/ cross-over auto-sensing. 4. Standard Cat. 5e cables. For testing cables: http://www.idealindustries.com/prodDetail.do?prodId=62-200 To make cables: bulk category 5e riser cable (1000 ft. box) http://www.idealindustries.com/prodDetail.do?prodId=85-396 http://www.idealindustries.com/prodDetail.do?prodId=30-696 HTH, David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d559954.10...@holgerdanske.com
Re: Hardware needed for home network
On Fri, 11 Feb 2011 12:17:24 -0800 David Christensen dpchr...@holgerdanske.com wrote: 3. Netgear fast Ethernet (red) and Gigabit (green and orange) switches with normal/ cross-over auto-sensing. What are the differences among a switch, hub, and router? I know that they are used in networking, but I don't understand what setups they are appropriate for. -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110211142130.ca4fecc7.jhsu802...@jasonhsu.com
Re: Hardware needed for home network
Jason Hsu jhsu802...@jasonhsu.com wrote: I'm in the process of setting up an old computer as a firewall and server. It needs to connect to my DSL modem AND my main computer. However, this old computer (like every other computer I've had) only has one Ethernet port. What do I need to connect my firewall/server computer to a DSL modem AND another computer? Another network card. In the UK you can probably pick one of these up new for a few pounds. In the US I'd guess at well under $10. If I use a regular Ethernet cable to connect the firewall/server computer to the DSL modem, would it work to use an Ethernet cross-cable and USB-to-Ethernet adapters to provide the connection to my main computer? Are there USB-to-USB cross cables? I'd recommend you keep it simple. Ethernet throughout. Modem --- Firewall/Server --- Switch --- Other system(s) Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/torg28xmqa@news.roaima.co.uk
Re: Hardware needed for home network
On 02/11/2011 12:21 PM, Jason Hsu wrote: What are the differences among a switch, hub, and router? I know that they are used in networking, but I don't understand what setups they are appropriate for. There's going to be a lot of information available on the WWW, but as I understand it: * A hub typically connects devices on the same sub-network and blindly sends all incoming packets to all devices. Hubs are the lowest-cost means for connecting three or more computers via twisted pair Ethernet. (A cross-over cable is the lowest-cost means for connecting two devices.) * A switch typically connects devices on the same sub-network, knows which device is which (by MAC address), and sends incoming packets to just those devices that are supposed to receive them. With a wired switch, it is possible for multiple streams of communication to occur simultaneously. (For wireless, there is only one RF spectrum.) Switches can give better performance (and/or security) than hubs, but cost more. * A router typically connects two or more sub-networks, knows which sub-network is which (by interface IP address and subnet mask), and sends incoming packets to just those sub-networks that are supposed to receive them (per routing tables). Some routers add filter/ firewall/ stateful packet inspection, network address translation (NAT), DHCP server, DNS cache/ proxy, web proxy/ filter, virtual private networking, intrusion detection, etc.. The sky's the limit for features and price. There are many SOHO router/ switch (and/or modem) products in the $100-200 range with enough features to get you operational with minimum effort. If you want to DIY, an x86 PC, 2+ NIC's, and a FOSS *nix distribution is a viable option. HTH, David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d55df37.1060...@holgerdanske.com
