My networking project (need help, tips, tricks, etc...)

[12ozmouse]

Hello!

I'll explain the setup.

In my household I've got a computer running XP home, another running XP Pro, a macintosh desktop running OS X tiger, and an ibook running OS X tiger as well (both mac's are wireless). They're all sharing the internet via a D-link DI-524 router but not network has been setup yet.

I've recently dug out an old computer (1ghz, 512mb sdram etc..) of which I've found a use for. And here comes the networking bit.

a) I would like to install Fedora or SUSE on the old computer and use it as a file server for any of those computers in my household. Mainly for sharing files, music etc.. I'm new to linux though so I'm wondering if anyone has some good resources for networking xp, OS X and linux together.

b) I would also like to be able to power the computer on and off remotely. I don't want it running 24 hours a day, only when i need it. I know of "wake on LAN" but i've never tried setting it up. Does anyone have an links to resources on that.

c) I would also like to be able to access the files on it remotely. When I'm out and about on my ibook i would like to have access to my files. I'm not sure if i should do that via a VPN (would love to try and set one up) or just setting up a regular FTP on the linux machine. Also, can you use "wake on LAN" with a VPN setup? Could I wake my computer up that way even when I'm not in the same building? Also, I have a dynamic IP with my ISP, i've heard of something called "no-ip" (I think)? Supposed to give you a static IP so you can connect to a server with a dynamic ip service. ANyone know details or a link for that?

d) I would also like to host websites off the linux machine, not for real hosting business but more for testing out websites and playing around with server side scripting. Does anyone have tutorials for setting up web hosting and apache and all that fun stuff on linux?

Right now this seems like a big project for me but I hope to learn alot from it so I appreciate any help. I'm still trying to wade through google for some of these answers but hopefully some of you can help me out.

Thank you in advance and I look forward to any answers i can get!

 

[mikeyp410]

That is alot of networking that you want to do there. I would get a consultant of someone that you know to help you out with this. I think it may be tough for everyone to throw responses at some many issues on this forum. Just my opinion though.

 

[12ozmouse]

ya, it is a big project.

I was hoping at least for some bits and pieces from people. Not a full answer on how to do that.

Have the fun of this stuff is figuring it out yourself but i wouldn't mind a little help

 

[mikeyp410]

Well one hell of a server or 2 servers can take care of all your needs. Take the old box and depending on your file transfering, make it a file server/IIS/VPN server and then get another box for your DC.

 

[12ozmouse]

my DC?

is it possible to wake the computer up remotely through a vpn network?

 

[mikeyp410]

DC = Domain Controller. I would imagine you would use one.

as far as the VPN goes, I am not sure about that.

 

[blue68f100]

From what I have read, you should have full control of your network, providing you are using a VPN router. When you connect, and setup the tunnel corectly, it should look as if you were there. With that said you should be able to do it. Have not tried it.

 

[riser]

Wake-on-Lan = Magic Bullet software

IP = use DynamicDNS.com For a small fee, they'll keep an updated record of your ever-changing IP address and give you one to stick to use.

Not sure if WOL works over VPN, you'd have to make sure you have security and ports opened for it, though it should work if done correctly.

 

[fredweston]

From what I have read, you should have full control of your network, providing you are using a VPN router. When you connect, and setup the tunnel corectly, it should look as if you were there. With that said you should be able to do it. Have not tried it.

Haven't read all the way through the thread yet, but this is not the case. Since WOL uses a Layer 2 (MAC) address, you can't use it unless you are on the same physical LAN. MAC addresses don't route across the Internet (IP addresses do), so it won't work. Some routers have a built in WOL thing, where you can login to the router, type in the MAC address of the PC you want to wake up and the router will send the WOL packet for you.

What I'd do in your position is use the linux box as the router. It would look something like this:

Internet => Linux Router => Existing router => PCs

You'd disable DHCP on the existing router, and plug the linux router into a LAN port on the existing router instead of the WAN port. So, the existing router would have nothing plugged into the WAN port, it will essentially be acting like a regular switch instead of a router.

Red Hat is pretty easy to set up. Especially for an older box like that, it should have all the drivers you'll need. Turning it into a router is easy, basically all you have to do is set up the two network cards, then enable IP forwarding with a few iptables rules. All of this is very well documented online, just search through Google for it.

As for the website, apache is good, free, and easy to setup. Plus it will run very well on your older machine. Couple it with mySQL if you want to use a database too.

Regarding the dynamic IP, DynDns.org is the site I use. They don't give you a static IP, what they do is give you a hostname (think yourname.dyndns.org). Then you run a small program on one of your computers that periodically checks your IP address. If it's changed, then it alerts dyndns and they update your IP in their database. This way, yourname.dyndns.org always points to whatever your current IP address is.

I wouldn't bother with setting up any sort of domain or central authetication for a network that small. To be perfectly honest, it's way more than you need. You can always do it down the road if you want. For your filesharing, you want to look up information on Samba, which is the linux equivalent of Windows filesharing. Specifically, there is a web-based admin tool for it called SWAT. Another web-based admin tool is called WebMin. This works for the whole server though. It has plugins for virtually everything from samba, to dns, to apache, to email, to general system setup. It's very handy for newcomers because it groups all the admin stuff in a central place.

That's some info to get you started. If you need more, just post back as needed and we can give you help with specific problems.

 

[blue68f100]

Fred if you router only support port forwarding vpn what you say is true. But the new bussiness class VPN routers allow full access to all equipment if setup to connect to the router and not a pc. The only problem is with the lmhost table is not being passed, must know IP address to locate and connect.

Look at Netgear VPN 338 and 538 models if you will need to do file transfers. These models have Intel X-scale cpu to handle the encryption plus lots of ram. The limiting speed is the uplink speed. The 318 model that most but only supports port forwarding, with speeds related to dial up. Does not have the ram and cpu power to handle the 3des encryption.

But if you are going to do your own hosting and run a Apache server, build your self a box to handle it all.

 

[fredweston]

Fred if you router only support port forwarding vpn what you say is true. But the new bussiness class VPN routers allow full access to all equipment if setup to connect to the router and not a pc. The only problem is with the lmhost table is not being passed, must know IP address to locate and connect.

I'm not sure which aspect of what I said you're disputing, but I assume it's the wake on lan bit. Really, the VPN architecture (transport or tunnel mode) has no bearing. If you think of it this way, VPNs are designed to connect layer 3 networks. That is to say, a home network with 192.168.1.0/24 and an office network with 10.0.0.0/24 for example. Since these are two RFC1918 networks, routing between them over the Internet is impossible. So in steps VPN, and tunnels the packets between the gateways, then the gateway on the other side dumps them back out on to the remote LAN.

But look at how the traffic actually travels across. Let's extend the example to look like this:

Host1 => Gateway1 => Internet <= Gateway2 <= Host2

Let's assume the following addressing scheme:
LAN 1: 192.168.1.0/24
Gateway1: 192.168.1.1/24
Host2: 192.168.1.5/24

LAN 1: 10.0.0.0/24
Gateway1: 10.0.0.1/24
Host2: 10.0.0.5/24

If we send a ping from Host1 to Host2, it works fine. Now if we were to run a protocol analyzer on Host2, we would see the ICMP packet look something like this:

Src IP: 192.168.1.5
Dst IP: 10.0.0.5
Src MAC: <mac of Gateway2>
Dst MAC: <mac of Host2>

The IP fields remain unchanged since IP is routable, but as soon as any packet traverses the VPN tunnel, the local gateway is going to insert the MAC of it's LAN interface as the source mac in the packet.

You can see this more easily by pinging any Internet host you like, such as www.newegg.com. After you run the ping, do an arp -a to examine your arp table. There won't be an entry for that host because the ping reply had the mac of your router's LAN port. Now ping some other host on your LAN. For me, that's 172.16.1.2. When I ping that, and rerun arp -a, I now have an entry for 172.16.1.2.

This is just an illustration of how layer 2 info (MAC addresses) doesn't go anywhere beyond the borders of your physical LAN. So if you were VPN'ed in and tried to input a MAC address of a PC on the LAN you're VPN'ed to, then it would have no idea who has that MAC address. It'll send out a RARP request saying who has MAC aa.bb.cc.dd.ee and get no reply.

Sorry for the overly long explanation.

 

[blue68f100]

Fred, I'm releative new to VPN and still learning.
Thanks for explaining it. Simplification never hurts as other reads these post. I was aware of the DNS problem from another forum and of the LMhost problem. I under stand you can run a local/secondary DNS server to correct the short commings. In my case I know all of the maching IP address, at worst the narrow range.

 

[fredweston]

Not sure what you mean by the "dns problem". Clarify?

 

[blue68f100]

When you set up a VPN tunnel, It's my understanding is that you can not connect using Machine Names. I think this is actually a LMhost problem. But IP address work all the time.

 

[fredweston]

Usually that's the case, but like you said you could run your own DNS server to alleviate the problem. However this only works if your clients register their names in DNS. This is one case where low-tech is an easier solution. If you can run a WINS server and have machines register with that, it will be easier to have all clients use WINS resolution. If you only have one or two machines with static IPs, you could use the hosts file.