Re: [expert] Re: The right way to do a private network
On Wed, Apr 19, 2000 at 10:08:48AM -0600, Daniel Woods wrote: -> -> > Charles Curley wrote: -> > > On Mon, Apr 17, 2000 at 10:37:04AM -0600, Daniel Woods wrote: -> > > -> -> > > -> > Assuming your ISP is providing you with only a single IP address, you want -> > > -> > something along these lines: -> > > -> > -> > > -> > ++ -> > > -> > | Comp B |---\+---+ -> > > -> > ++\---| H | ++ +---+ -> > > -> > | u |--| Comp A |-| Modem | -> > > -> > ++/---| b | ++ +---+ -> > > -> > | Comp C |---/+---+ -> > > -> > ++ -> > -> > Why purchase another machine at all? Install a second network interface -> > card into Comp B and connect it in the diagram as Comp A. It'll cost ya -> > about $10-20 for a nic. -> -> I do have a second NIC, but this still leaves Comp A vulnerable to attack -> if it's connected to the cable modem. Comp B is my development machine -> and placing it as Comp A might be risky. Is this a valid assumption ? Yep. Development or any other proprietary data should NEVER be on the firewall. -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley
Re: [expert] Re: The right way to do a private network
On Wed, 19 Apr 2000, you wrote: > > > -> What is the recommended minimum speed/memory for Comp A ? > > > -> Is a P75/90 with 64 MB enough ? Will this affect the speed noticed > > > -> by Comp B and C when using the internet ? Does any of this not matter > > > -> as long as Comp A's network card is at least 10 Mps ? > > > > > > Overkill, actually. I use a 486/dx66 with 16 MB of physical memory. You > > > might be able to get away with a 386/25, I haven't tried it. > FWIW, I've seen where you can get a COMPLETE P133 machine (minus monitor) for about $120. The URL for the site is www.hightechcafe.com. The url for the $120 machine is http://hitechcafe.com/eshop/inproduct.asp?dept%5Fid=14&sku=D3977A They also have a slightly different machine for $130. John
Re: [expert] Re: The right way to do a private network
> Charles Curley wrote: > > On Mon, Apr 17, 2000 at 10:37:04AM -0600, Daniel Woods wrote: > > -> > > -> > Assuming your ISP is providing you with only a single IP address, you want > > -> > something along these lines: > > -> > > > -> > ++ > > -> > | Comp B |---\+---+ > > -> > ++\---| H | ++ +---+ > > -> > | u |--| Comp A |-| Modem | > > -> > ++/---| b | ++ +---+ > > -> > | Comp C |---/+---+ > > -> > ++ > > Why purchase another machine at all? Install a second network interface > card into Comp B and connect it in the diagram as Comp A. It'll cost ya > about $10-20 for a nic. I do have a second NIC, but this still leaves Comp A vulnerable to attack if it's connected to the cable modem. Comp B is my development machine and placing it as Comp A might be risky. Is this a valid assumption ? > > -> > Comp A is your Linux box. The network card in A connected to your > > -> > cable/xDSL modem is assigned the external address supplied by your ISP > > -> > (static or DHCP). You'll need to use ipchains on this box so that it acts > > -> > as a gateway for the LAN. > > -> > > > -> > Comp B and Comp C are you Windows or ther Linux boxes. > > -> > > -> I have not set this up yet, however I don't have a "Comp A" (yet). > > -> Right now Comp B (mdk6.1 - development machine) and Comp C (win98 - kids > > -> machine) will be hooked up to my new 100 Mps *switch*, and the modem > > -> downloads at up to 7 Mps (2 Mps upload - so they say). > > -> > > -> What is the recommended minimum speed/memory for Comp A ? > > -> Is a P75/90 with 64 MB enough ? Will this affect the speed noticed > > -> by Comp B and C when using the internet ? Does any of this not matter > > -> as long as Comp A's network card is at least 10 Mps ? > > > > Overkill, actually. I use a 486/dx66 with 16 MB of physical memory. You > > might be able to get away with a 386/25, I haven't tried it. Thanks... Dan.
Re: [expert] Re: The right way to do a private network
Why purchase another machine at all? Install a second network interface card into Comp B and connect it in the diagram as Comp A. It'll cost ya about $10-20 for a nic. Charles Curley wrote: > > On Mon, Apr 17, 2000 at 10:37:04AM -0600, Daniel Woods wrote: > -> > -> > Assuming your ISP is providing you with only a single IP address, you want > -> > something along these lines: > -> > > -> > ++ > -> > | Comp B |---\+---+ > -> > ++\---| H | ++ +---+ > -> > | u |--| Comp A |-| Modem | > -> > ++/---| b | ++ +---+ > -> > | Comp C |---/+---+ > -> > ++ > -> > > -> > Comp A is your Linux box. The network card in A connected to your > -> > cable/xDSL modem is assigned the external address supplied by your ISP > -> > (static or DHCP). You'll need to use ipchains on this box so that it acts > -> > as a gateway for the LAN. > -> > > -> > Comp B and Comp C are you Windows or ther Linux boxes. > -> > -> I have not set this up yet, however I don't have a "Comp A" (yet). > -> Right now Comp B (mdk6.1 - development machine) and Comp C (win98 - kids > -> machine) will be hooked up to my new 100 Mps *switch*, and the modem > -> downloads at up to 7 Mps (2 Mps upload - so they say). > -> > -> What is the recommended minimum speed/memory for Comp A ? > -> Is a P75/90 with 64 MB enough ? Will this affect the speed noticed > -> by Comp B and C when using the internet ? Does any of this not matter > -> as long as Comp A's network card is at least 10 Mps ? > > Overkill, actually. I use a 486/dx66 with 16 MB of physical memory. You > might be able to get away with a 386/25, I haven't tried it. > > -> > -> If I wanted to have a web server running (or ftp, mail, news), can > -> it be on Comp B instead of Comp A ? I know the ISPs don't like this. > -> I take it that Comp A would have to have some kind of proxy server > -> to forward the request to the private web server on Comp B. > -> If I started to get many web hits, would the speed and memory of > -> Comp A affect users, or is it affected by the speed of Comp B ? > -> Does opening up Comp B's port 80 (web) create a security risk > -> (or is it if you use a proxy server - recommendations) ? > > Think security. Stuff the outside world will see should be on the firewall > only. The fewer open ports on the firewall, the more secure it it. And if > the outside world can see a service, someone will try to crack it. > > Also why route data across your internal network if you don't need > to? > > Unless you are on a T1, any old Pentium class computer should do it. > > -- > > -- C^2 > > No windows were crashed in the making of this email. > > Looking for fine software and/or web pages? > http://w3.trib.com/~ccurley
Re: [expert] Re: The right way to do a private network
On Mon, Apr 17, 2000 at 10:37:04AM -0600, Daniel Woods wrote: -> -> > Assuming your ISP is providing you with only a single IP address, you want -> > something along these lines: -> > -> > ++ -> > | Comp B |---\+---+ -> > ++\---| H | ++ +---+ -> > | u |--| Comp A |-| Modem | -> > ++/---| b | ++ +---+ -> > | Comp C |---/+---+ -> > ++ -> > -> > Comp A is your Linux box. The network card in A connected to your -> > cable/xDSL modem is assigned the external address supplied by your ISP -> > (static or DHCP). You'll need to use ipchains on this box so that it acts -> > as a gateway for the LAN. -> > -> > Comp B and Comp C are you Windows or ther Linux boxes. -> -> I have not set this up yet, however I don't have a "Comp A" (yet). -> Right now Comp B (mdk6.1 - development machine) and Comp C (win98 - kids -> machine) will be hooked up to my new 100 Mps *switch*, and the modem -> downloads at up to 7 Mps (2 Mps upload - so they say). -> -> What is the recommended minimum speed/memory for Comp A ? -> Is a P75/90 with 64 MB enough ? Will this affect the speed noticed -> by Comp B and C when using the internet ? Does any of this not matter -> as long as Comp A's network card is at least 10 Mps ? Overkill, actually. I use a 486/dx66 with 16 MB of physical memory. You might be able to get away with a 386/25, I haven't tried it. -> -> If I wanted to have a web server running (or ftp, mail, news), can -> it be on Comp B instead of Comp A ? I know the ISPs don't like this. -> I take it that Comp A would have to have some kind of proxy server -> to forward the request to the private web server on Comp B. -> If I started to get many web hits, would the speed and memory of -> Comp A affect users, or is it affected by the speed of Comp B ? -> Does opening up Comp B's port 80 (web) create a security risk -> (or is it if you use a proxy server - recommendations) ? Think security. Stuff the outside world will see should be on the firewall only. The fewer open ports on the firewall, the more secure it it. And if the outside world can see a service, someone will try to crack it. Also why route data across your internal network if you don't need to? Unless you are on a T1, any old Pentium class computer should do it. -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley
Re: [expert] Re: The right way to do a private network
> Jean-Louis Debert wrote: > > "Eric L. Brine" wrote:> > > > > One comment here. You should be using an "experimental" network per RFC > > > > 1597, not just any old network. There is a legal Class A network, one or > > > > more legal Class B networks, and there are several legal Class C > > > > networks. I don't recall offhand the legal class A network, but I don't > > > > think it is 90.0.0.0. One of the legal class C networks is 192.168.1.0, > > > > which is what I use. > > > > > > I don't know for what reasons, but 90.0.0.x is guaranteed not to be > > > routed, so it's not "just any old network". At least, that's what some old > > > tool told me, and it happened to be the one to which I was introduced > > > before 192.168.1.*. > > > > 90.0.0.x is just _unassigned_ currently (it's reserved to IANA). > > It is _not_ "guaranteed" to stay that way or "not to be routed". > > > > The reference for networks "guaranteed" not to be routed (the > > correct naming is "private networks"), is RFC 1918 > > (which obsoletes RFC 1597). > > > > See http://www.csl.sony.co.jp/rfc/ > > > > For class A networks, the legal private network address is 10.x.y.z, > > not 90 ... > > *CHEERS* > > Sense prevails! And to clarify further, my linux network admin book states that the Internet Assigned Numbers Authority (IANA) has reserved the following network numbers... Class | Networks A| 10.0.0.0 B| 172.16.0.0 through 172.31.0.0 C| 192.168.0.0 through 192.168.255.0 This is stated as being in the older RFC 1597 specs. According to RFC 1918 (feb 1996), this still appears to be correct. Thanks... Dan.
Re: [expert] Re: The right way to do a private network
Jean-Louis Debert wrote: > > "Eric L. Brine" wrote:> > > > One comment here. You should be using an "experimental" network per RFC > > > 1597, not just any old network. There is a legal Class A network, one or > > > more legal Class B networks, and there are several legal Class C > > > networks. I don't recall offhand the legal class A network, but I don't > > > think it is 90.0.0.0. One of the legal class C networks is 192.168.1.0, > > > which is what I use. > > > > I don't know for what reasons, but 90.0.0.x is guaranteed not to be > > routed, so it's not "just any old network". At least, that's what some old > > tool told me, and it happened to be the one to which I was introduced > > before 192.168.1.*. > > 90.0.0.x is just _unassigned_ currently (it's reserved to IANA). > It is _not_ "guaranteed" to stay that way or "not to be routed". > > The reference for networks "guaranteed" not to be routed (the > correct naming is "private networks"), is RFC 1918 > (which obsoletes RFC 1597). > > See http://www.csl.sony.co.jp/rfc/ > > For class A networks, the legal private network address is 10.x.y.z, > not 90 ... *CHEERS* Sense prevails! Merci, Jean-Louis =) -Stephen-
Re: [expert] Re: The right way to do a private network
> Assuming your ISP is providing you with only a single IP address, you want > something along these lines: > > ++ > | Comp B |---\+---+ > ++\---| H | ++ +---+ > | u |--| Comp A |-| Modem | > ++/---| b | ++ +---+ > | Comp C |---/+---+ > ++ > > Comp A is your Linux box. The network card in A connected to your > cable/xDSL modem is assigned the external address supplied by your ISP > (static or DHCP). You'll need to use ipchains on this box so that it acts > as a gateway for the LAN. > > Comp B and Comp C are you Windows or ther Linux boxes. I have not set this up yet, however I don't have a "Comp A" (yet). Right now Comp B (mdk6.1 - development machine) and Comp C (win98 - kids machine) will be hooked up to my new 100 Mps *switch*, and the modem downloads at up to 7 Mps (2 Mps upload - so they say). What is the recommended minimum speed/memory for Comp A ? Is a P75/90 with 64 MB enough ? Will this affect the speed noticed by Comp B and C when using the internet ? Does any of this not matter as long as Comp A's network card is at least 10 Mps ? If I wanted to have a web server running (or ftp, mail, news), can it be on Comp B instead of Comp A ? I know the ISPs don't like this. I take it that Comp A would have to have some kind of proxy server to forward the request to the private web server on Comp B. If I started to get many web hits, would the speed and memory of Comp A affect users, or is it affected by the speed of Comp B ? Does opening up Comp B's port 80 (web) create a security risk (or is it if you use a proxy server - recommendations) ? Any other pointers are greatly appreciated. I've been learning a lot about Linux from this list, even though I have over 10 years of Unix experience. Thanks... Dan.
Re: [expert] Re: The right way to do a private network
"Eric L. Brine" wrote:> > > One comment here. You should be using an "experimental" network per RFC > > 1597, not just any old network. There is a legal Class A network, one or > > more legal Class B networks, and there are several legal Class C > > networks. I don't recall offhand the legal class A network, but I don't > > think it is 90.0.0.0. One of the legal class C networks is 192.168.1.0, > > which is what I use. > > I don't know for what reasons, but 90.0.0.x is guaranteed not to be > routed, so it's not "just any old network". At least, that's what some old > tool told me, and it happened to be the one to which I was introduced > before 192.168.1.*. 90.0.0.x is just _unassigned_ currently (it's reserved to IANA). It is _not_ "guaranteed" to stay that way or "not to be routed". The reference for networks "guaranteed" not to be routed (the correct naming is "private networks"), is RFC 1918 (which obsoletes RFC 1597). See http://www.csl.sony.co.jp/rfc/ For class A networks, the legal private network address is 10.x.y.z, not 90 ... -- Jean-Louis Debert[EMAIL PROTECTED] 74 Annemasse France old Linux fan
Re: [expert] Re: The right way to do a private network
> One comment here. You should be using an "experimental" network per RFC > 1597, not just any old network. There is a legal Class A network, one or > more legal Class B networks, and there are several legal Class C > networks. I don't recall offhand the legal class A network, but I don't > think it is 90.0.0.0. One of the legal class C networks is 192.168.1.0, > which is what I use. I don't know for what reasons, but 90.0.0.x is guaranteed not to be routed, so it's not "just any old network". At least, that's what some old tool told me, and it happened to be the one to which I was introduced before 192.168.1.*. Like I said in my original post: "I don't remember what is usually used", meaning that it's not the one usually recommended. So everyone, use 192.168.1.*, not 90.0.0.* to be on the safe side! > Eric: I'm not trying to publicly toast you, I just want to make it clear > for other folks' benefit. I eavesdrop here to learn about linux 'cause I don't know much about it. I definitely don't know everything. Criticism always welcome. -- Eric L. Brine | Chicken: The egg's way of making more eggs. [EMAIL PROTECTED] | Do you always hit the nail on the thumb? ICQ# 4629314 | An optimist thinks thorn bushes have roses.
Re: [expert] Re: The right way to do a private network
On Mon, Apr 17, 2000 at 12:51:54AM -0400, Eric L. Brine wrote: -> -> > Thank you as well from me..I just joined the list two days a go and -> > missed some of the postings. I just bought the hub last week, got the -> > linux machine working, and had no idea of the implications. -> -> Check the archives of the list, available on the mandrake site where you -> subscribed to the list. -> -> -> The three network cards connected to the hub are assigned internal IP -> addresses. I don't remember what is usually used, but I use 90.0.0.1, .2, -> .3, etc. One comment here. You should be using an "experimental" network per RFC 1597, not just any old network. There is a legal Class A network, one or more legal Class B networks, and there are several legal Class C networks. I don't recall offhand the legal class A network, but I don't think it is 90.0.0.0. One of the legal class C networks is 192.168.1.0, which is what I use. Aside from the general niceness of complying with the traffic rules of the Internet, there is another reason to use one of the experimental networks. Suppose for a moment you used 15.0.0.0, which happens also to be HP's Class A network. Packets from your network addressed to any of HP's machines would never leave your network. This would make it difficult for you to send email to someone at HP. It would also leave you open to violating a fundamental rule of the Internet: no two machines may ever have the same IP address. Violating this rule will 1) have one or more sysadmins elsewhere on the net very annoyed at you, and 2) give both you and those sysadmins fits trying to diagnose various mysterious problems. Eric: I'm not trying to publicly toast you, I just want to make it clear for other folks' benefit. -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley