Networking 101

Got questions? We have answers!
Post Reply
JacquesT
Posts: 118
Joined: Mon May 21, 2018 2:06 pm
Location: Somerset, UK

Networking 101

Post by JacquesT » Thu May 24, 2018 4:26 pm

So when it comes to networking I'm a dumb ass. Seriuosly, it took me about 4 hours to get NFS to work on Debian, and about 2 days to set up my install setup for Irix on Debian.

However, I have a project in mind and this time I want to do it properly. To try and explain what I want to end up with, I'll tell you what I have at the moment.

So incoming into the house is a standard ADSL line with a BT 'Home Hub' or router. (That's British Telecom for those across the water) https://www.shop.bt.com/products/bt-sma ... -C6NX.html This has a couple of ethernet ports out the back and has is also a shitty wifi ac/n, bla bla access point.

I have 2 Macbook Pros, a few mobiles and an ipad (not all mine, but family's) that connect to the wifi. That needs to stay that way, if possible.

I currently have a MacPro and my Octane connected via a cat6 cable that has been threaded through the roof to a 5 port switch (hub?) under my desk. The MacPro has a built in factory broadcom Airport card which works OK but gets really rubbish signal strength. I'm not convinced it's just the signal strength as I can place the router 6 ft away and it will still play up. (I've tried another card, same result. I suppose that's what you get when you stick the radio antennae inside an aluminium box, and then inside a second aluminium case). But I can live with it...I'm thinking of getting a PCI card with external antennae.

So here's the rub. I need to get rid of the network cable dangling from the ceiling as it's in the lounge. I'd also like to remove Debian from my MacPro as it's my 'production' machine (ArchiCAD, SketchUp, inDesign, Mischief and Krita) and I don't want to leave it on 24/7.

So I thought I'd get a small board computer (Pi / odroid etc) as a simple server to serve files and to use for remote desktop for browsing via when I'm on the Octane that can be left on 24/7. As I won't have a physical cable connecting the router and SBC, it will have a wifi connection to the router for internet access. My router is my DNS server at 192.168.1.254 and everything is on subnet mask 255.255.255.0.

So in a nutshel, I'm looking to -

1) have the laptops and phones etc keep connecting to the router as is...no change. They get assigned IP's within a range.
2) have a SBC act as a server to serve files to all devices on the network.
3) have the SBC use it's ethernet port to 'tunnel' an internet connection to the ethernet port of the Octane and let the Octane have a static IP and resolve to 192.168.1.254 (like MacOS Internet sharing). Don't really want to have the sbc act as a dns server...if possible.
4) have the sbc to remote desktop into for the octane for browser access
5) have the MacPro connect to the router on standard wifi or via a new pci wifi card.
6) make sure all of this is secure.

How should I set up my router for this?
How do I go about setting up the sbc network settings for file access (NFS?), rdesktop and as a passthrough for internet to the Octane? What about things like user ID's etc? My UID on my MacPro is the same as my Macbook Pro and it's the same on my Octane.

I know this may sound like 'everyday' stuff for most folks with a networking background, but I design buildings for a living! :D

And seriously, if there is a 101 book I can read just point me in that direction, happy to dig my nose into a book. Or a website etc. Or if you feel like writing a simple how-to guide, that would be massively appreciated.
:Octane: 1x 400Mhz R12k, 1Gb, V8, 6.5.30
:O2: 300Mhz R5200, 384Mb, 6.5.30, FPA with :1600SW: [300Mhz R12k project in the works]

mrthinlysliced
Posts: 41
Joined: Mon May 14, 2018 9:21 am
Location: Colchester. UK

Re: Networking 101

Post by mrthinlysliced » Thu May 24, 2018 5:28 pm

I'm no expert either, so take this with some grains of salt:

(1) SBCs are on the whole sloooowww for serving files (unless you are careful about the model)

(2) File serving will be slooooowwww too over wifi

(3) You say "secure" but how secure do you really want? I personally consider these old OSs "risky" - and so they should sit in their own "DMZ" - which means strict control over what they can talk to. Do you want the Octane to have direct internet access? What about connections from the internet to the Octane?

My suggestion for the scenario you describe would be basically a private network between Octane + SBC:

[*] Give the Octane and SBC wired interfaces fixed IP addresses on a different network to your regular one (e.g. 172.16.64.X)

[*] Set up the SBC to do connection sharing for the wireless interface (something like this - https://askubuntu.com/questions/3063/sh ... ernet-port)

[*] Expose any services you want like NFS on both networks on the SBC (bind_address=* or however the service wants it)

[*] If you want to go gangbusters and set up NIS/OpenLDAP for user IDs you can, but I find this overkill for small numbers of users/hosts. Sync the user IDs by hand and run "chown -R user:group /the/files"

[*] Might be worth looking using things like nmap to double check what can scanned from either side of the bridge.

User avatar
dexter1
Posts: 66
Joined: Thu May 24, 2018 9:30 am
Location: Zoetermeer, The Netherlands

Re: Networking 101

Post by dexter1 » Thu May 24, 2018 6:00 pm

I've written most of this before i saw mrthinlysliced post, but it looks like it's overlapping a lot.

First thing that comes into my mind is to make the SBC a router with masquerading. The SBC will have a wireless link to the main BT router, and cable link to the switch with the MacPro and the Octane. That cabled segment will have a different ip-range (can be your choice). All traffic from your MacPro and the Octane will be routed first through the SBC, sent across wireless to the BT, and from there the internet.

Something like this: https://medium.com/linagora-engineering ... 18f0044819

Security will have to come from the SBC, run a firewall to shield the subnet with the octane. A lot of communication can be tunneled securely with ssh, so this might be a (slow) option.

Alternative is putting the SBC in bridging mode so all devices get ip-addresses in the same range from the main BT router, although the Octane needs to get a static ip address which must be configured on the BT.

JacquesT
Posts: 118
Joined: Mon May 21, 2018 2:06 pm
Location: Somerset, UK

Re: Networking 101

Post by JacquesT » Wed May 30, 2018 2:46 am

Thanks both, very helpful, I'll do some further digging around your suggestions.

I'll probably pick up a Pi 3B+ this month as it seems half decent with built in wifi, ethernet and quad core cpu. I know everything is limited to USB 2 bus speed but that is enough for my transfer requirements.
:Octane: 1x 400Mhz R12k, 1Gb, V8, 6.5.30
:O2: 300Mhz R5200, 384Mb, 6.5.30, FPA with :1600SW: [300Mhz R12k project in the works]

mimd
Posts: 5
Joined: Mon Jun 04, 2018 1:08 pm

Re: Networking 101

Post by mimd » Mon Jun 04, 2018 3:20 pm

The keyword missing in terms of networking is NAT. That will allow you to discover iptables rules to turn the Pi into a NAT router in order to "bridge" the networks:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o external -j MASQUERADE
iptables -A FORWARD -i internal -o external -j ACCEPT
iptables -A FORWARD -i external -o internal -m state --state RELATED,ESTABLISHED -j ACCEPT
where internal (wired) and external (wireless) are the appropriate interface names. Assign static IP addresses for the internal network, and use the IP address of the Pi as the default route / gateway. You can add more iptables rules as appropriate to lock down the network.

Of course, there are router distributions that provide web interfaces and advanced capabilities, but iptables is often the most simple solution for simple tasks.

Be careful with DMZ terminology. It is highly likely if you place your Octane in your home router DMZ, it will be exposed to the world wide web with minimal protection. I do not think this is what you want to achieve.

Post Reply