Re: Small Network Setup with Debian Router
On Wednesday 31 January 2007 23:01, David Duong wrote:
> On Mon, Jan 29, 2007 at 09:57:48PM +0100, Kristian Lampen wrote:
> > Hi,
> > I plan to set up a home network, a little bit more than a
> > DSL-router-box with the PC's connected to it. I could do so, but
> > for reasons of fun (hobby), the learning aspect and be in touch
> > with future technologies, I want to do it more flexible and
> > controllable.
> >
> > This is my plan:
> >
> > [WiFi Access Point]
> >
> > | PC3 PC2 PC1
> > | LAPTOP
> >
> >
> > [-------Switch--------------------]
> >
> > | NIC 1
> >
> > [Debian Router]
> >
> > | NIC 2
> >
> > [DSL-Modem]
> >
> >
> > outside(WAN)
> >
> > All network interfaces should be Gigabit-interfaces.
> >
> > So, my questions are:
> >
> > 1. Is this network setup realisable?
>
> I have the same exact setup as that diagram.
Snap
> My Debian Router is
> running Debian (duh) Sarge with Shorewall.
I was running Sarge, I updated to Etch about 3 months ago. I just use
my own iptables script as a firewall, kicked off
from /etc/networks/interfaces thusly
# This is the network card for connecting from the outside (MAC address
registered)
iface eth0 inet dhcp
pre-up /etc/firewall $IFACE
pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
> > 2. Is it correct to place the WiFi Access Point connected to the
> > switch, or better directly to the Debian Router?
>
> I have a WiFI AP connected to my 5 port switch, I set it to use WPA2
> and with a very good and long password.
Me too - I have two interface cards in my debian router, I don't want
any more.
My router also runs a mail server and external web site (apache, with
java applications via tomcat)
> > 3. I want to have the possibility to see the whole network traffic
> > with the router. Not only the traffic from the PC's through the
> > router to the outside world. How can I manage this? Do I have to
> > buy a switch with the port-mirroring feature? If so, how do I have
> > to connect it to the Router?
>
> This I am not sure of, but before I was responding to this I was
> reading other people's comments and they have some very good
> responses to this question.
If the switch is working correct you could never see the traffic,
because it remembers where the mac addresses are and will not send
traffic down each ethernet link.
>
> > 4. Does someone have examples for Switches I could use?
>
> I am currently using a 5 port Linksys switch 10/100
Me too
I would just add that originally I had both a netgear and a d-link
router connected directly to the wan. Around about Christmas 2004 (or
may be it was 2003, I cant remember) there was a worm out there which
was systematically attempting to connect to every sub address on the
ethernet lan network. My ISP's cable network actually looks like a big
ethernet lan, and an the peak of this infection, I was getting 7000 arp
messages (these are the ones asking if the you have a particular ip
address) a second. These started to crash these routers because of the
volume. It was then that I put my 1Ghz celeron debian PC as the
router, and it has never once even broken sweat dealing with the volume
of data.
--
Alan Chandler
http://www.chandlerfamily.org.uk
Reply to: