I have 6 PC's with Linux installed and Cable modem with LAN connection, How can I hookup all these P

Discussion in 'Linux Networking' started by GS, Jan 17, 2005.

  1. GS

    GS Guest

    I have 6 PC's with various Linux flavors and Cable modem connection
    from Comcast (LAN connection provided on Cable Modem), also 8-port
    Linksys switch, How can I hook all these PC's to Network, I have half
    dozen extra NIC cards. If I install one extra NIC card in one of the
    Linux PC (two NIC cards in one PC) and connect one NIC card to cable
    modem and other NIC card to 8-port switch will it work (do I have to do
    any configuration)?. Or if I connect cable modem directly to one port
    on the switch and other 6 PC's to switch on other 6 slots, will that
    work?. Thanks.
     
    GS, Jan 17, 2005
    #1
    1. Advertisements

  2. GS

    James Knott Guest

    You can use one of the computers as a firewall, that included address
    translation. Place it between the cable modem and the switch.
     
    James Knott, Jan 17, 2005
    #2
    1. Advertisements

  3. GS

    GS Guest

    If I install extra NIC card and enable firewall from services (service
    iptables start) then PC acts as a firewall inbetween my cable modem and
    switch right?. do I have to do anything special?. Thanks.
     
    GS, Jan 27, 2005
    #3
  4. GS

    Malke Guest

    Why not make it easy on yourself and just buy an 8-port router?

    Malke
     
    Malke, Jan 28, 2005
    #4
  5. GS

    GS Guest

    I want to make my own Router using Linxu Box. Thanks.
     
    GS, Jan 28, 2005
    #5
  6. GS

    James Knott Guest

    You could, but it's easier and more secure to use one of those cheap
    firewall/router boxes. Also, if you add a 2nd NIC, that computer has to be
    on, for the others to access the internet.
     
    James Knott, Jan 28, 2005
    #6
  7. People who really should know better keep recommending "those cheap
    hardware firewall/boxes". They are neither - they are a hardware NAT
    layer, with bugs. They don't do routing, and they are not
    particularly good as firewalls. They certainly will cause you grief if
    you're looking to do anything past what a windows user would be
    expected to want (browse from multiple computers.).

    You cannot run virtual domains on apache from behind one, even using
    the so-called DMZ, for example. There are also issues with running a
    simple apache server behind one if you're trying to do anything but
    simple text. Nor will a mail server work properly without you doing
    some peculiar configuration dances involving chicken blood.

    Calling those things a router is as bad as the "Netscape web
    accelerater service" - otherwise known as "configuring squid
    properly".

    Mike-
     
    Michael W Cocke, Jan 28, 2005
    #7
  8. GS

    GS Guest

    Mike,

    If I buy that cheap Router boxes from some shop, those may not work as
    a real firewall right?. That is what my idea, I want to make one of my
    Linux box as a Router, it might consume more power compare to
    commercial firewall boxes getting outside, actually I want to put Linux
    firewal code in a customized hardware, where can I find the customized
    hardware, so that I can load the Linux code into that and I can
    configure that as a Router?.
     
    GS, Jan 29, 2005
    #8
  9. GS

    baruah Guest

    When you put 2 NICs in one of the Linux machine and provide access to
    you other clients its as good as a router.

    you can do MASQ or NAT using IPTABLES on it whatever you prefer
    depending on your situation.

    MASQ if you get Dynamic IP from your ISP. NAT if you get Static IP.

    Enable IP forwarding in the machine.

    In order to have faster access for your clients you can set it as a
    Transparent Proxy also, using Squid, so that common pages are cached.

    If you want your linux machine with 2 NIC acts like a true router like
    Cisco, you can go ahead with something called "Zebra".

    -baruah
     
    baruah, Jan 29, 2005
    #9
  10. I'm not certain I understand you, but take a look at the shorewall web
    site. There's a special version of shorewall that someone has
    optimized to run in a dedicated box... I recall reading about it, but
    the details have paged out.

    There's also a complete router package - all protocols - available for
    linux. Used to be named ALICE, now I believe it's the linux router
    project. I'm not sure if it's been optimized for dedicated hardware,
    but most 'real' routers I've worked with look a lot more like PCs than
    those linksys things. I just took a look thru google to see if I
    could find a short description, but there are too many entries listed
    under 'linux router' (and have you looked thru there?)

    Are you sure you really need a full router? Very few people do. If
    this is just for home or small business use, take a look at shorewall
    or smoothwall. (or the iptables docs, of course)

    Mike-
     
    Michael W Cocke, Jan 29, 2005
    #10
  11. GS

    James Knott Guest

    They do route, in that they direct traffic to an external network. As for
    NAT, that in itself is a good step towards security. However, I would
    never recommend it be the only method used. Running firewalls on all
    computers is also a good idea.
     
    James Knott, Jan 29, 2005
    #11
  12. I suspect we're talking about apples and oranges... A router performs
    the following task;

    Say you have 2 routes from your site to the internet, 3 hops, and 1
    hop. The 1 hop is on a lightly loaded T3, the 3 hop is on a fairly
    loaded T1. You need to get from somewhere in your system to
    kernel.org. What's the fastest route, depending on current loading?
    Then unplug the 1 hop cable and try it again - it will still go thru,
    using the other route. You can hang a dozen T1s off a real router,
    and when NYC has another power failure, the traffic will be routed
    around the hole in the grid.

    A router will route your packets properly. One of those hardware boxes
    won't even be connected properly.

    As a NAT layer, Linksys can't even get that right I wasn't kidding
    when I said you cannot run apache or postfix behind one - they've
    implemented dnat and about half of snat. And the DMZ doesn't work
    right either - according to the docs, the DMZ is supposed to be an
    unfiltered bit stream for designated ports. Then how come they munge
    the packets?.

    At least they finally fixed the bug that made it impossible to do a
    traceroute thru a linksys until after you pinged it... WHAT a design!

    Mike-
     
    Michael W Cocke, Jan 29, 2005
    #12
  13. GS

    James Knott Guest

    Many businesses have a router from Cisco or other, where they have only one
    connection to the internet and one connection to the local lan. This is no
    different from what one of those cheap boxes can do.
    There may be deficiencies in various models, though the general router
    principle still applies. I haven't used a Linksys, so I can't comment on
    them. Then again, don't they run Linux in their boxes, which can be
    reconfigured to add a lot of additional function? I seem to recall a few
    articles about modifying a WiFi model, including making what is
    essentially, an AP for a coffee shop etc., in a box.

    The basic principle of routers, is forwarding off network packets in the
    appropriate direction. Any thing beyond that, including firewall filtering
    etc., is an enhancement. My SMC can funtion as a simple router, without
    filtering or NAT, if I decide. However, I have configured it to pass
    incoming ssh & vpn traffic to a specific Linux system.

    As I said, those boxes can be put to good use, between any computer and the
    internet. I certainly wouldn't want to run a Windows box, without one (nor
    with one either <g>) or better.

    Incidentally, IIRC, the first routers were mini-computers, with the micro
    PDP-11 (LSI-11) systems a popular choice. Later on, companies such as
    Cisco came up with dedicated routers.
     
    James Knott, Jan 30, 2005
    #13
  14. If they choose to waste money, that's not my problem.
    They do now - but only on the upper level units that actually cost
    about what an inexpensive pc running linux and the linux router
    package would cost. Cisco bought Linksys last year (IIRC), so it's
    tricky to say who makes that particular unit. Before they were
    bought, Linksys made nothing like that....
    Hmm. I suspect it's more semantics than anything else... It sounds
    like we're almost saying the same thing, only differently. :cool:>
    Precisely... And I still don't see why you (not you personally,
    anyone) would want to reduce the number of capabilities available to
    them while spending more... You can build a linux pc router firewall
    faster, easier, cheaper than most mid-level and above dedicated
    routers, and much more securely than using almost any dedicated
    router..

    Mike-
     
    Michael W Cocke, Jan 30, 2005
    #14
  15. GS

    James Knott Guest

    Google on WRT54g and Linux
    I've seen those boxes going for as little as "free", after rebates. When I
    bought my SMC 7004VWBR, it cost me $20 (CDN) after rebates.
    That's not much to spend these days.
     
    James Knott, Jan 31, 2005
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.