* RFC on solution to Rejean's situation
@ Luke Davis
` John covici
` (3 more replies)
0 siblings, 4 replies; 12+ messages in thread
From: Luke Davis @ UTC (permalink / raw)
To: Speakup
Hello, folks
After talking to Rejean about solutions to his situation, we came up with
the following. I would like comments from the users experienced with this
sort of thing, about whether our solution will work as I believe...
Now, the groundwork, and useful information summary:
1. The network consists of many Windows machines, and a single Linux
machine.
2. The Linux machine is a public access server for web, mail, and FTP,
and a private access server for samba.
3. The internal network is switched.
4. There is both a cable internet connection, and an ADSL internet
connection. Both of these are necessary for their own reasons.
5. The windows portion of the network should use only the DSL connection.
The Linux side should use only the cable connection.
6. The Windows and Linux boxes must communicate for purposes of samba.
7. The current configuration is this:
The network of switched Windows boxes, go through the DSL router.
The Linux box goes through a router, which connects to the cable modem.
The Linux box, has a second card, which links it to the Windows network.
This is not ideal.
So here is the proposed solution, to solve all problems of security,
compatibility, connectivity, and so on...
1. He sets up an older computer, as a dedicated firewall/router, running
one of the tiny Linux floppy distributions, which exist for this exact
purpose.
2. This box would have four interfaces, configured as follows:
eth0: cable modem.
eth1: ADSL modem.
eth2: Linux server.
eth3: Windows network.
3. Eth0 would accept traffic for, and outgoing traffic from, eth2.
Eth1 would accept traffic for, and outgoing traffic two only, eth3.
This creates a box which is basicly split, into a Windows router, and a
Linux router.
4. The Windows side, would accept no inbound connections (that is:
through the ADSL modem), accept those desired by the Windows network--that
is: related connections to those established by it. It'll be doing one to
one NAT, and firewall duty.
5. The linux side, will have connections related to anything it creates,
as well as incoming connections to its services.
6. Either (A) private samba connections can be permitted between eth2 and
eth3, with the modems being none the wiser; or (B) a separate connection
for samba use, can be created either between the switch and the
routing box, or it can be made from the switch, directly to the Linux box.
Questions include:
1. Will this work as well as I believe it will?
2. How much memory will this routing box need, given a large quantity of
data transfer per day?
3. What else might we not be considering for this?
4. Is this overkill?
Thanks for any comments, and for reading this novel.
Regards,
Luke
^ permalink raw reply [flat|nested] 12+ messages in thread* RFC on solution to Rejean's situation
RFC on solution to Rejean's situation Luke Davis
@ ` John covici
` Luke Davis
` Allan Shaw
` (2 subsequent siblings)
3 siblings, 1 reply; 12+ messages in thread
From: John covici @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
I think the firewall stuff can be done on the same machine -- no need
for another box at all. There are several ways to route the packets
from the windows system out a certain interface and you will need to
use iptables heavily along with the ip command to accomplish some of
this.
One way which comes to mind off the top of my head is that you can
use the mangle table of iptables and put a statement in the
PREROUTING chain to mark the packets with 1 and then have a rule in
the policy database to send all such packets out the interface
desired.
In addition the the ip tables unreliable guide from Rusty Russell and
the manpage, the ip command has an example in chapter 4 of its
documentation as to how to work with two interfaces, so this should
work fine.
You can tell samba to only listen on a certain interface, so that
problem should be easily solved.
Hope this helps.
--
John Covici
covici@ccs.covici.com
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: RFC on solution to Rejean's situation
` John covici
@ ` Luke Davis
` Rejean Proulx
0 siblings, 1 reply; 12+ messages in thread
From: Luke Davis @ UTC (permalink / raw)
To: covici, Speakup is a screen review system for Linux.
To clarify: are you suggesting that the ADSL modem interface, be installed
in the existing Linux machine, thus giving it three interfaces: one to the
Windows network, and two to the net, with the Windows network having no
net interfaces of its own?
I see two potential downsides with this:
1. If the Linux machine ever goes down for any reason, the Windows
network is totally cut off from the internet.
2. In addition to its heavy load in mail, apache, MYSQL, Samba, mailing
list management, FTP, and other things, for many meg (to gig, if you count
samba) of data per day, it now also has the load of serving as security
guard, and traffic cop, for the entire network.
Is this really a good thing?
Luke
On Sat, 1 Nov 2003, John covici wrote:
> I think the firewall stuff can be done on the same machine -- no need
> for another box at all. There are several ways to route the packets
> from the windows system out a certain interface and you will need to
> use iptables heavily along with the ip command to accomplish some of
> this.
>
> One way which comes to mind off the top of my head is that you can
> use the mangle table of iptables and put a statement in the
> PREROUTING chain to mark the packets with 1 and then have a rule in
> the policy database to send all such packets out the interface
> desired.
>
> In addition the the ip tables unreliable guide from Rusty Russell and
> the manpage, the ip command has an example in chapter 4 of its
> documentation as to how to work with two interfaces, so this should
> work fine.
>
> You can tell samba to only listen on a certain interface, so that
> problem should be easily solved.
>
> Hope this helps.
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: RFC on solution to Rejean's situation
` Luke Davis
@ ` Rejean Proulx
0 siblings, 0 replies; 12+ messages in thread
From: Rejean Proulx @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
I am interested in the solution that John proposed that will allow me to set
up an entry that effectively blocks all traffic from one of the Linux cards
from everything except Samba. it was suggested to read Chapter 4 of the IP
command, but with the number of books out there, I have no idea what that
book is or where to get it. If anyone has more details on this, I'd
appreciate it. If this is simple, it might solve the problem quickly until
we devise a more elaborate and proper solution. Atg least I could get my
second subnet back which is badly needed.
Rejean Proulx
Visit my family at http://interfree.ca
MSN is: rejp@rogers.com
Ham License VA3REJ
----- Original Message -----
From: "Luke Davis" <ldavis@shellworld.net>
To: <covici@ccs.covici.com>; "Speakup is a screen review system for Linux."
<speakup@braille.uwo.ca>
Sent: Sunday, November 02, 2003 1:33 AM
Subject: Re: RFC on solution to Rejean's situation
> To clarify: are you suggesting that the ADSL modem interface, be installed
> in the existing Linux machine, thus giving it three interfaces: one to the
> Windows network, and two to the net, with the Windows network having no
> net interfaces of its own?
>
> I see two potential downsides with this:
>
> 1. If the Linux machine ever goes down for any reason, the Windows
> network is totally cut off from the internet.
>
> 2. In addition to its heavy load in mail, apache, MYSQL, Samba, mailing
> list management, FTP, and other things, for many meg (to gig, if you count
> samba) of data per day, it now also has the load of serving as security
> guard, and traffic cop, for the entire network.
> Is this really a good thing?
>
> Luke
>
> On Sat, 1 Nov 2003, John covici wrote:
>
> > I think the firewall stuff can be done on the same machine -- no need
> > for another box at all. There are several ways to route the packets
> > from the windows system out a certain interface and you will need to
> > use iptables heavily along with the ip command to accomplish some of
> > this.
> >
> > One way which comes to mind off the top of my head is that you can
> > use the mangle table of iptables and put a statement in the
> > PREROUTING chain to mark the packets with 1 and then have a rule in
> > the policy database to send all such packets out the interface
> > desired.
> >
> > In addition the the ip tables unreliable guide from Rusty Russell and
> > the manpage, the ip command has an example in chapter 4 of its
> > documentation as to how to work with two interfaces, so this should
> > work fine.
> >
> > You can tell samba to only listen on a certain interface, so that
> > problem should be easily solved.
> >
> > Hope this helps.
> >
> >
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: RFC on solution to Rejean's situation
RFC on solution to Rejean's situation Luke Davis
` John covici
@ ` Allan Shaw
` Luke Davis
` Geoff Shang
` Alex Snow
3 siblings, 1 reply; 12+ messages in thread
From: Allan Shaw @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
Hello,
As i have exchanged a number of emails with Rejean regarding their network
configuration my assessment and comment are the same.
Q4. Is this over kill?
The first rule in IT is (KISS) Keep It Simple and we all know what the last
"s" is for.
1: I don't by the need or justification for 2 modems either from a
bandwidth or data transfer requirement. The cable modem alone is more than
likely sufficient to meet and exceed the network requirements.
2: If you have 2 routers with 2 networks the 2 networks should be joined
through the routers not having a system bridging the networks.
3: Instead of trying to fix this problem with a sludge hammer, go out and
get the right equipment, namely a new Firewall/router with a 8 port switch
and connect all servers and workstations to this device, a single modem and
then configure it to allow and direct the appropriate services to the
appropriate server/workstation.
4: Personal opinion, I have rarely seen such a convaluded network
configuration in nearly 20 years of working with networks, but this is only
my opinion.
At 18:59 11/1/03, you wrote:
>Hello, folks
>
>After talking to Rejean about solutions to his situation, we came up with
>the following. I would like comments from the users experienced with this
>sort of thing, about whether our solution will work as I believe...
>
>Now, the groundwork, and useful information summary:
>
>1. The network consists of many Windows machines, and a single Linux
>machine.
>
>2. The Linux machine is a public access server for web, mail, and FTP,
>and a private access server for samba.
>
>3. The internal network is switched.
>
>4. There is both a cable internet connection, and an ADSL internet
>connection. Both of these are necessary for their own reasons.
>
>5. The windows portion of the network should use only the DSL connection.
>The Linux side should use only the cable connection.
>
>6. The Windows and Linux boxes must communicate for purposes of samba.
>
>7. The current configuration is this:
>The network of switched Windows boxes, go through the DSL router.
>The Linux box goes through a router, which connects to the cable modem.
>The Linux box, has a second card, which links it to the Windows network.
>This is not ideal.
>
>So here is the proposed solution, to solve all problems of security,
>compatibility, connectivity, and so on...
>
>1. He sets up an older computer, as a dedicated firewall/router, running
>one of the tiny Linux floppy distributions, which exist for this exact
>purpose.
>
>2. This box would have four interfaces, configured as follows:
>eth0: cable modem.
>eth1: ADSL modem.
>eth2: Linux server.
>eth3: Windows network.
>
>3. Eth0 would accept traffic for, and outgoing traffic from, eth2.
>Eth1 would accept traffic for, and outgoing traffic two only, eth3.
>This creates a box which is basicly split, into a Windows router, and a
>Linux router.
>
>4. The Windows side, would accept no inbound connections (that is:
>through the ADSL modem), accept those desired by the Windows network--that
>is: related connections to those established by it. It'll be doing one to
>one NAT, and firewall duty.
>
>5. The linux side, will have connections related to anything it creates,
>as well as incoming connections to its services.
>
>6. Either (A) private samba connections can be permitted between eth2 and
>eth3, with the modems being none the wiser; or (B) a separate connection
>for samba use, can be created either between the switch and the
>routing box, or it can be made from the switch, directly to the Linux box.
>
>Questions include:
>
>1. Will this work as well as I believe it will?
>
>2. How much memory will this routing box need, given a large quantity of
>data transfer per day?
>
>3. What else might we not be considering for this?
>
>4. Is this overkill?
>
>Thanks for any comments, and for reading this novel.
>
>Regards,
>
>Luke
>
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: RFC on solution to Rejean's situation
` Allan Shaw
@ ` Luke Davis
` Rejean Proulx
0 siblings, 1 reply; 12+ messages in thread
From: Luke Davis @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
On Sat, 1 Nov 2003, Allan Shaw wrote:
> 1: I don't by the need or justification for 2 modems either from a
> bandwidth or data transfer requirement. The cable modem alone is more than
> likely sufficient to meet and exceed the network requirements.
I made the same comment, and posed the question, more than once. The last
time was earlier today, and after a long discussion, he has convinced me
of its value.
There are port blocking issues with the ADSL provider, and bandwidth
issues with the cable. Apparently, the cable connection simply does not
have the bandwidth to carry the necessary traffic.
Now, if this were me, I would obtain either a 720K SDSL connection, or a
fractional T1, and be done with it all, but it's not me, and not my
finances. As far as I can see, he is doing it in the only way possible to
do it currently, without changing the amounts of money spent on
connections drastically.
As such, I am going to try to assist the situation as-is, with the
understanding that I can't change the internet access situation. So I
either accept it and help, or don't accept it, and not help at all. I
choose the former solution.
> 2: If you have 2 routers with 2 networks the 2 networks should be joined
> through the routers not having a system bridging the networks.
Clarify this a bit...
Are you saying that the two internal Windows networks should become one,
absorbing the Linux box? If so, I completely agree. My solution, while
granted of the sledge-hammer sort, does accomplish this.
If you're talking about "joining" the DSL and cable connections via their
routers, I do not see exactly how you plan to pull that off. I don't know
what routing technology he has on site.
If he has a good one, with four or so ports, he could probably plug both
modems into this, and essentially do what I was suggesting, in a piece of
hardware. The question then is: what about the firewalling?
> 3: Instead of trying to fix this problem with a sludge hammer, go out and
> get the right equipment, namely a new Firewall/router with a 8 port switch
> and connect all servers and workstations to this device, a single modem and
> then configure it to allow and direct the appropriate services to the
> appropriate server/workstation.
There will not be a single modem. There has to be two as things stand,
and if a solution does not take this into account, it is not a solution.
> 4: Personal opinion, I have rarely seen such a convaluded network
> configuration in nearly 20 years of working with networks, but this is only
> my opinion.
You mean my suggestion, or the existing setup?
When I first came to this, I had never seen anything like the original
setup--two connected Windows networks, two separate access points, two
subnets, all connected, in a very odd balance. I'm trying to simplify
that, by getting everything on to a single subnet, for starters.
Note, that the projects involving using old PCs as routers, using the
power of Linux's iptables configurability, is cheap routing technology, is
becoming quite common. You seem to suggest (maybe I read you wrong), that
doing this, regardless of the application I suggest, is, to expand upon a
letter, stupid.
I disagree with that, if indeed it is what you are saying.
Now, my application of the method may not be good, which is my entire
point in bringing it here, but the use of dedicated routing boxes in place
of hardware routers, is not new, and is highly tested.
Luke
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: RFC on solution to Rejean's situation
` Luke Davis
@ ` Rejean Proulx
0 siblings, 0 replies; 12+ messages in thread
From: Rejean Proulx @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
Thank you luke. If I had the money I'd use a business connection, but I
don't. That is the problem with being a hobbyist. These business high
speed connection are extremely expensive. I priced a simple ADSL connection
and they wanted $179 a month.
Rejean Proulx
Visit my family at http://interfree.ca
MSN is: rejp@rogers.com
Ham License VA3REJ
----- Original Message -----
From: "Luke Davis" <ldavis@shellworld.net>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Sent: Sunday, November 02, 2003 2:00 AM
Subject: Re: RFC on solution to Rejean's situation
> On Sat, 1 Nov 2003, Allan Shaw wrote:
>
> > 1: I don't by the need or justification for 2 modems either from a
> > bandwidth or data transfer requirement. The cable modem alone is more
than
> > likely sufficient to meet and exceed the network requirements.
>
> I made the same comment, and posed the question, more than once. The last
> time was earlier today, and after a long discussion, he has convinced me
> of its value.
> There are port blocking issues with the ADSL provider, and bandwidth
> issues with the cable. Apparently, the cable connection simply does not
> have the bandwidth to carry the necessary traffic.
>
> Now, if this were me, I would obtain either a 720K SDSL connection, or a
> fractional T1, and be done with it all, but it's not me, and not my
> finances. As far as I can see, he is doing it in the only way possible to
> do it currently, without changing the amounts of money spent on
> connections drastically.
>
> As such, I am going to try to assist the situation as-is, with the
> understanding that I can't change the internet access situation. So I
> either accept it and help, or don't accept it, and not help at all. I
> choose the former solution.
>
> > 2: If you have 2 routers with 2 networks the 2 networks should be joined
> > through the routers not having a system bridging the networks.
>
> Clarify this a bit...
>
> Are you saying that the two internal Windows networks should become one,
> absorbing the Linux box? If so, I completely agree. My solution, while
> granted of the sledge-hammer sort, does accomplish this.
>
> If you're talking about "joining" the DSL and cable connections via their
> routers, I do not see exactly how you plan to pull that off. I don't know
> what routing technology he has on site.
> If he has a good one, with four or so ports, he could probably plug both
> modems into this, and essentially do what I was suggesting, in a piece of
> hardware. The question then is: what about the firewalling?
>
> > 3: Instead of trying to fix this problem with a sludge hammer, go out
and
> > get the right equipment, namely a new Firewall/router with a 8 port
switch
> > and connect all servers and workstations to this device, a single modem
and
> > then configure it to allow and direct the appropriate services to the
> > appropriate server/workstation.
>
> There will not be a single modem. There has to be two as things stand,
> and if a solution does not take this into account, it is not a solution.
>
> > 4: Personal opinion, I have rarely seen such a convaluded network
> > configuration in nearly 20 years of working with networks, but this is
only
> > my opinion.
>
> You mean my suggestion, or the existing setup?
> When I first came to this, I had never seen anything like the original
> setup--two connected Windows networks, two separate access points, two
> subnets, all connected, in a very odd balance. I'm trying to simplify
> that, by getting everything on to a single subnet, for starters.
>
> Note, that the projects involving using old PCs as routers, using the
> power of Linux's iptables configurability, is cheap routing technology, is
> becoming quite common. You seem to suggest (maybe I read you wrong), that
> doing this, regardless of the application I suggest, is, to expand upon a
> letter, stupid.
> I disagree with that, if indeed it is what you are saying.
> Now, my application of the method may not be good, which is my entire
> point in bringing it here, but the use of dedicated routing boxes in place
> of hardware routers, is not new, and is highly tested.
>
> Luke
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: RFC on solution to Rejean's situation
RFC on solution to Rejean's situation Luke Davis
` John covici
` Allan Shaw
@ ` Geoff Shang
` Alex Snow
3 siblings, 0 replies; 12+ messages in thread
From: Geoff Shang @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
On Sat, 1 Nov 2003, Luke Davis wrote:
> 7. The current configuration is this:
> The network of switched Windows boxes, go through the DSL router.
> The Linux box goes through a router, which connects to the cable modem.
> The Linux box, has a second card, which links it to the Windows network.
> This is not ideal.
What I would do is ditch the second router and run the Linux box direct to
the cable modem. Then I'd just set up the route for the second ethernet
card in such a way so that it only talks to the internal LAN and not the
internet through the DSL connection. Surely an additional Linux box with 4
network cards is making things more complicated, not less.
Geoff.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: RFC on solution to Rejean's situation
RFC on solution to Rejean's situation Luke Davis
` (2 preceding siblings ...)
` Geoff Shang
@ ` Alex Snow
` Rejean Proulx
3 siblings, 1 reply; 12+ messages in thread
From: Alex Snow @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
I'd say the router should probably have at least 32mb possibly 64.
I've seen a pentium 133 act as a router for about 25 or so computers
all making heavy use of the internet and connecting to each other
using smb shares.
On Sat, Nov 01, 2003 at 05:59:57PM -0600, Luke Davis
wrote:
> Hello, folks
>
> After talking to Rejean about solutions to his situation, we came up with
> the following. I would like comments from the users experienced with this
> sort of thing, about whether our solution will work as I believe...
>
> Now, the groundwork, and useful information summary:
>
> 1. The network consists of many Windows machines, and a single Linux
> machine.
>
> 2. The Linux machine is a public access server for web, mail, and FTP,
> and a private access server for samba.
>
> 3. The internal network is switched.
>
> 4. There is both a cable internet connection, and an ADSL internet
> connection. Both of these are necessary for their own reasons.
>
> 5. The windows portion of the network should use only the DSL connection.
> The Linux side should use only the cable connection.
>
> 6. The Windows and Linux boxes must communicate for purposes of samba.
>
> 7. The current configuration is this:
> The network of switched Windows boxes, go through the DSL router.
> The Linux box goes through a router, which connects to the cable modem.
> The Linux box, has a second card, which links it to the Windows network.
> This is not ideal.
>
> So here is the proposed solution, to solve all problems of security,
> compatibility, connectivity, and so on...
>
> 1. He sets up an older computer, as a dedicated firewall/router, running
> one of the tiny Linux floppy distributions, which exist for this exact
> purpose.
>
> 2. This box would have four interfaces, configured as follows:
> eth0: cable modem.
> eth1: ADSL modem.
> eth2: Linux server.
> eth3: Windows network.
>
> 3. Eth0 would accept traffic for, and outgoing traffic from, eth2.
> Eth1 would accept traffic for, and outgoing traffic two only, eth3.
> This creates a box which is basicly split, into a Windows router, and a
> Linux router.
>
> 4. The Windows side, would accept no inbound connections (that is:
> through the ADSL modem), accept those desired by the Windows network--that
> is: related connections to those established by it. It'll be doing one to
> one NAT, and firewall duty.
>
> 5. The linux side, will have connections related to anything it creates,
> as well as incoming connections to its services.
>
> 6. Either (A) private samba connections can be permitted between eth2 and
> eth3, with the modems being none the wiser; or (B) a separate connection
> for samba use, can be created either between the switch and the
> routing box, or it can be made from the switch, directly to the Linux box.
>
> Questions include:
>
> 1. Will this work as well as I believe it will?
>
> 2. How much memory will this routing box need, given a large quantity of
> data transfer per day?
>
> 3. What else might we not be considering for this?
>
> 4. Is this overkill?
>
> Thanks for any comments, and for reading this novel.
>
> Regards,
>
> Luke
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
--
Who is General Failure and why is he reading my hard disk?
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: RFC on solution to Rejean's situation
` Alex Snow
@ ` Rejean Proulx
` Steve Holmes
0 siblings, 1 reply; 12+ messages in thread
From: Rejean Proulx @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
Thanks, I've got garbage lying around that I can probably get 128M for. It
might be overkill, but here it is. One of the boxes is a 333MHZ so it
should be plenty. Does it need a hard drive or can I just boot it off a
floppy for this sort of thing. None of my garbage has hard drives anymore,
but I'm sure I could come up with a hard drive.
Rejean Proulx
Visit my family at http://interfree.ca
MSN is: rejp@rogers.com
Ham License VA3REJ
----- Original Message -----
From: "Alex Snow" <alex_snow@gmx.net>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Sent: Sunday, November 02, 2003 10:14 AM
Subject: Re: RFC on solution to Rejean's situation
> I'd say the router should probably have at least 32mb possibly 64.
> I've seen a pentium 133 act as a router for about 25 or so computers
> all making heavy use of the internet and connecting to each other
> using smb shares.
> On Sat, Nov 01, 2003 at 05:59:57PM -0600, Luke Davis
> wrote:
> > Hello, folks
> >
> > After talking to Rejean about solutions to his situation, we came up
with
> > the following. I would like comments from the users experienced with
this
> > sort of thing, about whether our solution will work as I believe...
> >
> > Now, the groundwork, and useful information summary:
> >
> > 1. The network consists of many Windows machines, and a single Linux
> > machine.
> >
> > 2. The Linux machine is a public access server for web, mail, and FTP,
> > and a private access server for samba.
> >
> > 3. The internal network is switched.
> >
> > 4. There is both a cable internet connection, and an ADSL internet
> > connection. Both of these are necessary for their own reasons.
> >
> > 5. The windows portion of the network should use only the DSL
connection.
> > The Linux side should use only the cable connection.
> >
> > 6. The Windows and Linux boxes must communicate for purposes of samba.
> >
> > 7. The current configuration is this:
> > The network of switched Windows boxes, go through the DSL router.
> > The Linux box goes through a router, which connects to the cable modem.
> > The Linux box, has a second card, which links it to the Windows network.
> > This is not ideal.
> >
> > So here is the proposed solution, to solve all problems of security,
> > compatibility, connectivity, and so on...
> >
> > 1. He sets up an older computer, as a dedicated firewall/router,
running
> > one of the tiny Linux floppy distributions, which exist for this exact
> > purpose.
> >
> > 2. This box would have four interfaces, configured as follows:
> > eth0: cable modem.
> > eth1: ADSL modem.
> > eth2: Linux server.
> > eth3: Windows network.
> >
> > 3. Eth0 would accept traffic for, and outgoing traffic from, eth2.
> > Eth1 would accept traffic for, and outgoing traffic two only, eth3.
> > This creates a box which is basicly split, into a Windows router, and a
> > Linux router.
> >
> > 4. The Windows side, would accept no inbound connections (that is:
> > through the ADSL modem), accept those desired by the Windows
network--that
> > is: related connections to those established by it. It'll be doing one
to
> > one NAT, and firewall duty.
> >
> > 5. The linux side, will have connections related to anything it
creates,
> > as well as incoming connections to its services.
> >
> > 6. Either (A) private samba connections can be permitted between eth2
and
> > eth3, with the modems being none the wiser; or (B) a separate connection
> > for samba use, can be created either between the switch and the
> > routing box, or it can be made from the switch, directly to the Linux
box.
> >
> > Questions include:
> >
> > 1. Will this work as well as I believe it will?
> >
> > 2. How much memory will this routing box need, given a large quantity
of
> > data transfer per day?
> >
> > 3. What else might we not be considering for this?
> >
> > 4. Is this overkill?
> >
> > Thanks for any comments, and for reading this novel.
> >
> > Regards,
> >
> > Luke
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> --
> Who is General Failure and why is he reading my hard disk?
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: RFC on solution to Rejean's situation
` Rejean Proulx
@ ` Steve Holmes
0 siblings, 0 replies; 12+ messages in thread
From: Steve Holmes @ UTC (permalink / raw)
To: Speakup
You asked about needing hard disks. I would say, at the very least
you gotta have hard disks in your machines. You need to load the
basic software for running the router and IP tables, etc. You can go
into a lot of these neighborhood computer stores which might sell used
parts and find a hard disk for most any size. I find these days that
a 5 gig sells for almost as much as a new 40 gig so beware. If the
BIOS won't work at all with one of these new drives you might have to
try and find one of these smaller drives. For any decent linux box
where you want to recompile the kernel and such, you better have at
least a one gig or more. Obviously, the more space, the more you can
do with varied setups and all that.
BTW, I also dislike the long name on the list reply-to name. I just
did a list reply from mutt and mutt picked up that awful long name. I
editted it out before starting on this message. If any mutt users
don't have that reply option turned on to see the address when you do
a 'l' or 'r' command, just catch it on the way out when you hit 'y' to
send the message.
--
HolmesGrown Solutions
The best solutions for the best price!
http://ld.net/?holmesgrown
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: RFC on solution to Rejean's situation
@ Luke Davis
0 siblings, 0 replies; 12+ messages in thread
From: Luke Davis @ UTC (permalink / raw)
To: Speakup
If we do it (Alan S. seems to think I'm nutts for suggesting it, so let's
work that out, as I want to hear his further thoughts).
No hard drive will be necessary for this, although a few floppies might.
If we need to, we can setup a large RAMdisk which loads off of floppy
initially, then, if more is needed, it can obtain it via FTP or SMB, from
one of the other machines. However that shouldn't be necessary, as the
utilities to make this work, are not vast.
On Sun, 2 Nov 2003, Rejean Proulx wrote:
> Thanks, I've got garbage lying around that I can probably get 128M for. It
> might be overkill, but here it is. One of the boxes is a 333MHZ so it
> should be plenty. Does it need a hard drive or can I just boot it off a
> floppy for this sort of thing. None of my garbage has hard drives anymore,
> but I'm sure I could come up with a hard drive.
>
> Rejean Proulx
> Visit my family at http://interfree.ca
> MSN is: rejp@rogers.com
> Ham License VA3REJ
>
> ----- Original Message -----
> From: "Alex Snow" <alex_snow@gmx.net>
> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
> Sent: Sunday, November 02, 2003 10:14 AM
> Subject: Re: RFC on solution to Rejean's situation
>
>
> > I'd say the router should probably have at least 32mb possibly 64.
> > I've seen a pentium 133 act as a router for about 25 or so computers
> > all making heavy use of the internet and connecting to each other
> > using smb shares.
> > On Sat, Nov 01, 2003 at 05:59:57PM -0600, Luke Davis
> > wrote:
> > > Hello, folks
> > >
> > > After talking to Rejean about solutions to his situation, we came up
> with
> > > the following. I would like comments from the users experienced with
> this
> > > sort of thing, about whether our solution will work as I believe...
> > >
> > > Now, the groundwork, and useful information summary:
> > >
> > > 1. The network consists of many Windows machines, and a single Linux
> > > machine.
[rest cut]
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~ UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
RFC on solution to Rejean's situation Luke Davis
` John covici
` Luke Davis
` Rejean Proulx
` Allan Shaw
` Luke Davis
` Rejean Proulx
` Geoff Shang
` Alex Snow
` Rejean Proulx
` Steve Holmes
Luke Davis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).