RE: more on the remote access server

To: ivan <ivan@freddie.vianet.net.au>
Cc: debian-user@lists.debian.org
Subject: RE: more on the remote access server
From: pat@patoche.org
Date: Mon, 28 Dec 1998 21:56:20 +0100 (CET)
Message-id: <[🔎] 199812282056.VAA00308@vagabond.bde.espci.fr>
In-reply-to: <[🔎] 3.0.6.32.19981228215333.007a3790@pop.vianet.net.au>

[ you should post to debian-isp i think ]

On 28-Dec-98, ivan took time to write :
> So as to gain as much experience and knowledge as I can I want to set up
> the home system so that it emulates a major ISP as closely as possible.  I
> have 3 486 machines and 1 pentium 133 and 1 pentium 200.

i'm working with an isp having one 486 and one pentium computer both Debian
2.0

> As I understand it, a major ISP has on seperate machines proxy server
> (squid), web server (apache), news server (slrn/inn ?), mail server
> (sendmail), IP allocation (DHCP).  No firewall is required because no user

the last two items (DHCP and mail server) don't need specific computers.
of course it depends on the number of customers you have !

> will have a shell account and no machine on my LAN will have any
> information of any value.  If I am right a firewall is not needed by an ISP
> because the clients both send and receive requests and information and so
> the servers have to sit outside of any firewall anyway ???

You're _VERY_ wrong.
You _absolutely_ need a firewall
First to protect your customers : you don't want someone using Back Orifice to
control from the Internet the computer of your customers.
Then to protect yourself: you have to block for example external (ie from
Internet) telnet access to your computers, etc...
In fact it's better to use a 'deny all; allow some' politic.
Deny all trafic then carefully enable some of it.
For example:
allow web access from anywhere to web server
(and not to anywhere else)
etc...

You should also be a 'politically' correct ISP : your firewall has to insure
that all packets you're sending are really using IP from your network (to
prevent IP spoofing from your part) and you should discard all packets coming
from Internet with IP like 10.* or 192.168.* (see RFCs for details), that is
private IPs which should not be relayed.

> I assume that to handle 15 incoming lines I need 15 modems (and 30 lines
> requires 30 modems etc).  How do I connect these 15 modems to the LAN ?  Do

yes.
you have many solutions.
one of them is to buy a cyclade card, you put it in a computer with linux and
then you can plug in it 8 modems for example, and as far (use version 2.0.36
it's better) linux have now 8 new serial ports.

in that case you use pppd, authentication done by standard unix ways
(/etc/passwd and friends)

linux is then doing the routing and everything.
as far as everything goes the customer at the other end of the modem has an
IP (statically or dinamically assigned, both are possible) and is directly
connected to the net.

> I need 3 machines each with 5 serial ports ?  I understood that something
> like the cisco 1603 ISDN router has 'x' number of serial ports that the

that's another solution: buy a specific hardware

> modems plug into and a 10baseT connection to plug into the LAN.  The router
> is then in charge of directing traffic back to the requesting client.  But
> if this is the case, who verifies the logins, assigns IP numbers and
> initiates the ppp connection to the dial-in client ?

don't know for that sorry.

I think you will have audience on debian-isp too.

Patrick

Reply to:

References:
- more on the remote access server
  - From: ivan <ivan@freddie.vianet.net.au>

Prev by Date: Re: [Where can I ge Debian stickers?]
Next by Date: Re: X won;t start after partial slink upgrade :-(
Previous by thread: more on the remote access server
Next by thread: Some newbie questions
Index(es):
- Date
- Thread