Re: Setting up a home LAN
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 15 January 2002 9:07 pm, Stephen Gran wrote:
> Hello all,
> I'm getting ready to set up a home LAN, and I wanted to first check
> that my assumptions are correct, and ask for any references that might
> help with this.
> The LAN will be:
> A firewall, runny potato or woody (haven't decided yet, as I prefer the
> stability of potato, but may need the newer dhcp-client to connect,
> and may want a 2.4 kernel for NIC's). Will do nothing more than
> firewall and forwarding, maybe mail serving if I hook a Doze box up.
I have a single server/gateway/firewall box for my home network. I run woody
(a bit out of date because of problems I have raised elsewhere) and 2.4.17
(the most stable of the 2.4 series - which I needed to be able to configure
the firewall using iptables).
As well as the iptables firewall/NAT it also runs the following services for
the family
- - fetchmail -> exim (with spam filtering) -> pop3/imap server (gets email for
the whole family from a range of isps)
- - leafnode/mailman (usenet news gated to mailing lists)
- - dhcp server (for machines on the lan)
- - name server (including a private .home domain for the home machines on the
lan)
- - ssh server (this is the only way into my machine from the outside)
- -apache web server
- -samba (domain controller)
- -backup server (cron jobs to collect data from windows machines)
I does all of this on a 128MB p2-400 with a couple of large disks (for backup
data) without needing to catch breath. Since I have added some spam
filtering it occassionally has to sweat a little when fetchnews dumps a large
set of messages from the newsgroup through mailman and then out throught mail
but apart from that it is very comfortable.
> My main workstation, runs woody.
> A laptop, runs Win95 right now, but not for much longer. Distro TBA.
> A dual boot Sid/Win98 box.
>
> The only shared services will be printing and 2 exported directories,
> both coming off the main workstation.
>
> I think that the firewall box should be set up with 2 NIC's - eth0
> will be the external, and use dhcp. eth1 will be internal and have a
> static address, and should have an /etc/network/interfaces like:
> iface eth1 inet static
> address 192.168.1.1
> netmask 255.255.255.0
> network 192.168.1.0
> broadcast 192.168.1.255
> Then configuring all the other boxen to staic IP's using 192.68.1.1 as
> a gateway is trivial. The only thing I'm not sure of is, can I
> specify what addresses are valid for forwarding? This is just a home
> LAN, after all, and security within the LAN is not that important, but
> it seems like there should be a way to specify "we forward for only
> these addresses" somewhere. I know you can set it up with dhcp, but
> if you use static addressing, is there such a way, without adding
> routes manually?
>
> Second question: I've seen a bunch of of hubs out there, but I'd like
> a few suggestions if you guys and gals don't mind. I'm inclined to
> stay away from the USB and/or wireless ones. I've also read in some
> of there specs that some have built-in firewalls, routing, and so
> forth. Will any of the built in routing confuse the firewall's
> routing?
> Enough questions for now, but looking forward to your responses,
> Steve
- --
Alan - alan@chandlerfamily.org.uk
http://www.chandlerfamily.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8RSDI1mf3M5ZDr2kRAngTAJ91b3MtAYzrQLzJi9Jho++wb3VeJgCeM3+S
kUWO+7D5e6xpQbyB50YottY=
=tInX
-----END PGP SIGNATURE-----
Reply to: