[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [A bit OT] Diagnosing home network

On Friday 26 May 2017 04:17:10 Mark Fletcher wrote:

> On Sat, May 20, 2017 at 09:38:21AM -0400, Gene Heskett wrote:
> > On Saturday 20 May 2017 01:41:20 Mark Fletcher wrote:
> >
> > Couple things here. I have no such problems. My routing is from the
> > cable modem, to a buffalo netfinty router running dd-wrt, so I need
> > no firewall. dd-wrt has very sharp teeth so I don't seem to need an
> > additional guard dog. The output of the buffalo hits an 8 port
> > managed switch, and everything else is plugged into that switch.
> > There are 2 more switch/hubs plugged into that switch so that one
> > cable to the garage hitting an 8 port switch in the garage that
> > feeds 3 machines there, and another cable thats been blowing in the
> > wind for about 15 years now, runs from the house to a 12x16 shop
> > building in the upper rear corner of the back yard, where always 2,
> > and occasionally a 3rd machine is plugged into a 4 port hub.  The 2
> > 8 port switches and the hub are gigahertz capable.  Even the
> > machines in the shop building can access the internet at megabyte+ a
> > second speeds.  Amanda hits them all at about 1:30 am, and even
> > then, with that load on this machine slowing it some, I don't notice
> > a huge networking data slowdown.
> >
> > You'll note no mention of wifi here as its turned off unless I have
> > children visiting with their smart phones.  wifi is slower, and
> > subject to being used by the neighbors as I found my net usage after
> > the kids had been in was up about 80 Gb a month later. I don't
> > couple the wifi to my net, only to the internet, but inspecting
> > dd-wrt's list of dhcpd'd net leases disclosed that a neighbor seemed
> > to have discovered it and was helping himself to my bandwidth. So I
> > had to log back into the buffalo and turn the radio off again. As
> > the garage has vinyl siding, I have to do the same thing on a
> > raspberry pi 3b out there, which has an excellent wifi, and I had to
> > shut it off too. The raspian-jessie defaults enable it, and a dhcpd
> > server, so it was handing out addresses and connections on wlan0,
> > using bandwidth I could see.  Ooops.  And I have to do it everytime
> > I build a new sd card for it. dhcpcd killed forever now, or until I
> > change sd cards.
> >
> > I configured for future expansion, whereas your setup sounds like
> > its machine to machine.  So get a router you can reflash, ditch the
> > firewall, and feed the routerr (after setting up NAT in the router
> > to put your local network on a local address in the 192.168.xx.zz
> > block of addresses) and if you must have dhcpcd for your wireless
> > stuff, do it in the router. Everything here is in /etc/hosts,
> > resolv.conf says order host,dns, and dns is pointed at the router,
> > and forwards dns requests to my ISP's dns servers.  And from this
> > end, its all transparent, but the black hats are SOL, blocked at the
> > router. I've one  porthole cut in that, to allow access to my web
> > page in the sig.  Other than that, no one has come thru that setup
> > and gotten into one of my machines in close to 15 years.
> It seems like you read my original problem as slowness accessing the
> internet. That isn't the problem, I'm concerned about intra-LAN
> speeds. Haven't even got the length of worrying about internet speeds
> yet, since there are so many variables that can impact that, I have to
> be sure my end is in tip-top shape before I start poking at that.
> Mark

I see.  That lashup I've described has not exhibited any such speed 
problems. I have a so-called 10 megabit cable pipe that I quite often 
see 1.2 megabyte download speeds on any of the 7 machines currently 
powered up. Intra-net speeds, from machine to machine rather handily 
exceed that, but I do not have any samba shares, nor any flavor of NFS, 
all intranet data movement is by sshfs mounts.  That has the added 
advantage of being encrypted on the cat5 interconnection.

Regardless of the local net speeds, security starts by posting a guard 
dog that never sleeps between you and the internet, in the form of a 
router with enough flash memory that it can be reflashed with dd-wrt, 
and have it setup to NAT the internet address to a local address, which 
gives you, in 254 address blocks, just short of 65535 addresses that are 
not forwarded out of your local network, ever.  That reduces your 
exposure to the script kiddies to about .000000000000001% of what it 
would be if connected directly to the  network. dd-wrt has no NSA back 
doors that we've found. The only one who has come thru it in the 1.5 
decades I've been using it, was a friend and co-worker whose help  I 
needed and I gave him the ssh logins to do that.  Yet to me, from here, 
its absolutely transparent.

Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to: