Re: 2 nics; 1 pc; 2 networks

On Tue, 30 Jun 2009 07:33:46 -0700, nestwasright wrote:

> Here's what I'm trying to get done. I need two networks; local and
> internet. I have 2 nics installed on all machines. Each nic has an RJ45
> runining from it to the local router that does not go online and the
> other router that goes online. I'm using the LAN ports on the local
> router. I can't go online with this setup, however. I first have to
> disconnect the local cable before I could go online. The local router is
> to serve files locally and seen by all machines with dual nics and
> connected to it; the local router. Ideas? Is this possible?

Yes, but why are you doing it this way?
You are just exposing every machine to "the internet"

If you have to disconnect cables, then you rrouting isn't set up properly.





--
Great advances in Debian Linux; post a bug report and get spam in three
days.







--
Great advances in Debian Linux; post a bug report and get spam in three
days.

"nestwasright" <(E-Mail Removed)> wrote in message
news:335502d4-439d-45c9-93fc-(E-Mail Removed)...

>So how would you, terryc, propose doing it? I think the suggestions by
>Bit Twister makes sense. How would you do it...or how does his
>suggestion expose all the machines to the Internet?

I dont really understand what are you trying to achieve is that for tests?

Can't you just keep it simple? Try connecting all PC's to the gateway router +
if there's such a need, use the second router to create
a second subnet. Using two nics isn't a good idea, it complicates things.

On Tue, 30 Jun 2009 13:42:24 -0700 (PDT), nestwasright wrote:
>
> I think your idea truly exposes all the machines to the internet,
> defeating the need to have two physical separate networks which
> undoubtedly would be more secure than what you're proposing.

Running Winders on the lan creates the possibility of sniffing any
id/passwds sent across lan connection.

etc/hosts file locations:
Windows XP = C:\Windows\System32\Drivers\Etc\hosts
Windows 2K = C:\Winnt\System32\Drivers\Etc\hosts
Win 98\ME = C:\Windows\hosts
Windows Vista = C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

"nestwasright" <(E-Mail Removed)> wrote in message
news:971ba9e0-f202-4952-8a42-(E-Mail Removed)...
>On Jun 30, 1:00 pm, "Wojciech Pietruszewski" <gotohell@once.> wrote:
>> "nestwasright" <nestami...@gmail.com> wrote in message
>>
>> news:335502d4-439d-45c9-93fc-(E-Mail Removed)...
>>
> >>So how would you, terryc, propose doing it? I think the suggestions by
> >>Bit Twister makes sense. How would you do it...or how does his
> >>suggestion expose all the machines to the Internet?
>>
> >I dont really understand what are you trying to achieve is that for tests?
>>
>> Can't you just keep it simple? Try connecting all PC's to the gateway router
>> +
>> if there's such a need, use the second router to create
>> a second subnet. Using two nics isn't a good idea, it complicates things.
>>
>I think your idea truly exposes all the machines to the internet,
>defeating the need to have two physical separate networks which
>undoubtedly would be more secure than what you're proposing.
>
yeah but you mentioned that each PC has two nics, where one of them is connected
to the gateway router and
the second one is used for local connection and that makes them "exposed" to the
internet.
You could either use the local router to disable any trafic from the internet
that goes into the fileserver (if there is any and if the router allows ya to do
that) or use a firewall on the server to allow local traffic only.

internet----[router]----PC1
|
|------------PC2
|------------PCn
|-----[router/FW]----file server


BTW, is that what you're trying to achieve?
internet----[router]----PC1------[router]----file server
| |
|------------PC2-------|
|------------PCn-------|

On Tue, 30 Jun 2009 11:50:03 -0700, nestwasright wrote:

> On Jun 30, 10:25Â*am, terryc <newssevenspam-s...@woa.com.au> wrote:
>> On Tue, 30 Jun 2009 07:33:46 -0700, nestwasright wrote:
>> > Here's what I'm trying to get done. I need two networks; local and
>> > internet. I have 2 nics installed on all machines. Each nic has an
>> > RJ45 runining from it to the local router that does not go online and
>> > the other router that goes online. I'm using the LAN ports on the
>> > local router. I can't go online with this setup, however. I first
>> > have to disconnect the local cable before I could go online. The
>> > local router is to serve files locally and seen by all machines with
>> > dual nics and connected to it; the local router. Ideas? Is this
>> > possible?
>>
>> Yes, but why are you doing it this way? You are just exposing every
>> machine to "the internet"
>>
>> If you have to disconnect cables, then you rrouting isn't set up
>> properly.
>>
>> --
>> Great advances in Debian Linux; post a bug report and get spam in three
>> days.
>>
>> --
>> Great advances in Debian Linux; post a bug report and get spam in three
>> days.
>
> So how would you, terryc, propose doing it?

As I do not know what you are trying to achieve, I can not make any
recommendations.

The sticking point is why put a second nic in the PCs?


Way back when, I actually set up a lot of PCs with two nics. One went to
the corporate WAN for internet and novell services. The other went to the
internal LAN for printing, access to section data, backups and internal
printers.

>I think the suggestions by Bit Twister makes sense.

That is the basic way.



--
Great advances in Debian Linux; post a bug report and get spam in three
days.

On Thu, 02 Jul 2009 07:56:13 -0700, nestwasright wrote:


>> Way back when, I actually set up a lot of PCs with two nics. One went
>> to the corporate WAN for internet and novell services. The other went
>> to the internal LAN for printing, access to section data, backups and
>> internal printers.
>>

> What you did, as explained, is exactly what I'm trying to accomplish.
> Would you provide more details on how you actually got your project
> done, please?

As the other guy said.
For examples sake*, my ADSL modem router has/gets a valid world routable
IP number from my ISP. It has dns & dhcp** and all computers connected to
it*** pick up a network number of the form 192.168.0.x.

funny-guy@some-nix-computer:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

So, first line tells the computer where all the other internal computers
are; such as the ones that provide file server, the various print
servers, the scanner server, the backup machine, etc.

So given the adsl modem router has an inbuilt firewall (hint do not
forward any ports for any reason or allow management of it from outside),
there is no reason for me to have a second internal only network.

In my experience, almost all of the adsl modem routers are *nix boxen and
there is not one case of cracking such a box. Most breakins are
deficencies in the opened port application; icq, p2p, skype, torrent,
etc. Then after it comes down to badly configured/misconfigured boxes.

However, if you did have a real need for a second internal network, then
you would see this;

funny-guy@some-nix-computer:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.x.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1


If you use dhcp, then AFAIK, you are going to have to set up a dhcp
provider on the internal network.

Hint, if you issue IPs by hand, the computer takes the first IP in.../etc/
hosts. If your purpose was to have backup run on the internal network,
you would put the ip address of the backup server first.

so an example hosts might be
127.0.0.1 localhost

192.168.0.1 external-gateway # external only ip.

192.168.0.2 my-boxen # external
192.168.1.2 my-boxen # internal
192.168.0.3 other-boxen # external
192.168.1.3 other-boxen # internal
192.168.0.4 tother-boxen # external
192.168.1.4 tother-boxen # internal


192.168.1.5 file-boxen # internal to file server/sharer
192.168.0.5 file-boxen # external
192.168.1.6 print-boxen # internal to print server.
192.168.0.6 print-boxen # external ****
192.168.1.7 backup-boxen # external
192.168.0.7 tother-boxen # internal


Note if the boxen does not have to communicate with outside, do not
install a nic for the external connected lan. You can get around distro
updates, by running your own mirror and having everything update off that.


* naturally I'm not telling you anything significant about my network.

** I do not dhcp. Since I have no wireless kit, I do not need it as I
allocate permanent internal ip numbers and avoid all the flaky dhcp
problems

*** they actually, all, except one, connect to a 1GMb switch, that piggy
backs off an ethernet port in the adsl modem router. Note, this gives me
1gb for backup, transfering files, sending print jobs, etc.

**** mythical as unless you are using an old PC, it will not have a
second NIC. Okay, or some special printers like hp5si, etc which allow
two NICs.



--
Great advances in Debian Linux; post a bug report and get spam in three
days.