[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Home Network Setup (info)
Greetings,
I ran across this article earlier today, and I thought there might be some
people
out there who would be interested in this type of setup. It covers simple
network
setup using SAMBA, as well as setting up the server to allow multiple people
to access the Internet through a single dial-up simultaneously. This is one
of the
first step-by-step account that I have come across, and it immediately
cleared
up the routing method for the dial-up (boy, I wish I had this information a
year ago.
It could have saved one of my clients over $2500.00 in software costs).
Anyway, enjoy.
Jason Burke
-------------------------------Start----------------------------------------
Moshe Bar is a systems engineer.administrator in Israel, managing some large
UNIX establishments. This came as a letter, but clearly deserves a somewhat
larger place. I'll link to it from a number of places.
Moshe Bar
baham@netvision.net.il <mailto:baham@netvision.net.il>
<http://mbar.webjump.com/>
Dear Dr. Pournelle
For those of your readers who have recently started using Linux and want to
network it in their small office or home network, I have here a small report
on how to set it up and and what pitfalls to avoid.
I recently was asked by my sister to set the five computers in her home on a
more professional standing, since she recently lost important work because
of lacking backups and because she was tired of moving diskettes around from
her computers to her son's and her husband's.
Additionally, she wanted to use the one internet connection for the whole
family, especially since her son, Ytzchak was insisting on getting
connected, too. Also, local calls in Israel as well as ISP accounts are
charged by the minute and quite expensively so.
I think this is a fairly common requirement nowadays, so let me describe the
solution I provided them.
Since my sister, Adi, insists on using Word and Excel for her work at home,
we had to keep her PII 200Mhz,4.3GB machine as it is. Same for her husband's
P180MHz, 3GB. Ytzchak, my nephew however, wanted to have Win95 for games as
well as Linux to try out on the same PII266Mhz, 9GB machine. Finally there
were one unused P100Mhz,1.2GB and one P120Mhz with a broken usable disk,
both running Win95.
So, I decided to make the unused P120 the family server running RedHat Linux
5.1 and installd an Adaptec SCSI-2 PCI card, a SCSI Seagate 9.1GB
disk and an Intel 10/100 Pro card in that system. All of that I had at home,
so no additional costs were incurred so far. The machine had 32MB Ram and it
wouldn't need more than that as a server anyway. I proceeded with the
install of Linux and it duly found the Adaptec 2940 SCSI card, the drive and
the Ethernet card, all in the first try!
I configured Linux to run with the following services enabled: httpd (web
server), innd (news server),ftp, telnet,audio server, SAMBA and firewall. I
intentionally left out all routing deamons such as routed and gated. I also
configured named to act as a caching-only server, getting its DNS resolution
from the DNS top-level servers in the states. This would make the machine
somewhat slower in the first few days of usage, because it would have to go
to the States for every DNS look-up but it would soon stack its cache will
all relevant DNS information that my sister's family usually requires. The
configuration of a DNS caching-only server is a four-step process and I can
send any of your readers the configuration files on request. Same goes for
the SAMBA configuration files.
Then, I installed my sister's US Robotics Sportser 28800 modem to the serial
port and configured the PPP scripts for access to the ISP of my sister.
Knowing that the first RS-232C port must either be /dev/cua0 or /dev/cua1 or
/dev/cua2, all I had to do is start up the minicom terminal program in linux
and try all three combinations to see under which one, I would get the ATZ
init command to print an OK on the screen. Once I knew that /dev/cua1 is the
actual port, I wrote the ppp connect script which I can send to anybody
needing on request.
So far, so good. The machine dialed into the ISP and connected on first
trial. Alas, I couldn't get it to ping nothing in the internet and I could
also not telnet into my work machines. Curiously enough, if I did telnet to
the specific IP address of my work computers it would get there without
problems. Therefore a DNS problem must be the cause. I realized that I was
still running on the first-ever boot of the newly resurrected machine and
that therefore the named daemon was not notified to start doing some work.
That was fixes by typing "ndc start" as root. Still connected to the ISP, I
tried pinging www.yahoo.com <http://www.yahoo.com/> and after one or two
seconds I got the reply from there. So far, so good, still.
I called that machine Rambam, after the great 12th century Rabbi, philospher
and doctor. Rambam is connected to a 10/100 hub from a no-name Taiwanese OEM
manufacturer with 8 ports, also a spare from my home.The <http://home.The/>
IP address of Rambam is 192.168.1.2 and its netmask (for the whole family
network, too) is 255.255.255.0.
Next, I bought four 3Com 100mbit cards at the PC discount for something like
90$ each. Yes, I know it is expensive, but Israel is still in war-mode
economy and we have taxes for about anything. I installed the cards on the
two Windows95 machines of my sister and my brother-in-law, installed the
drivers and the TCP/IP stack for that card, respectively.
The I told the TCP/IP configuration panel of Win95 (through the Network
Control Panel) , that the default gateway is Rambam with IP 192.168.1.2 and
that the DNS server is also Rambam with that same IP address. I assigned the
the two machines 192.168.1.3 and 192.168.1.4 respectively. This steps need
about three or four reboots to get it going, but in the end I could ping
Rambam and I could see the public folders and the user's folders in the
Network Neighborhood panel. Since I also wanted NT-style network logins, I
needed to make Rambam (remember it is a Linux machine) act as an NT PDC
(Primary Domain Controller). The latest Samba version can do that, doo.
Samba is for free and it runs on almost everything, including mainframe
computers and small embedded systems.
I let Rambam dial into my work computer and from there downloaded Samba 1.0
for Linux in the handy RPM install-package format. After installing it and
re-starting the Samba deamons (a deamon is a sort of TSR for Unix) I had
PDC-like behaviour
within the network. Rambam was still running on its initial boot, meanwhile.
The third network card went into the PC of my nephew, but I configured the
PC not to use Rambam for internet connections, after discussing with his
parents. Instead, I installed the unused P100Mhz machine as a Linux box with
all the appropriate software, and made that machine, called Rashi (after the
great 15th century French Rabbi and Torah commentator) have a connection to
the internet trough the home server, Rambam. I also installed a freeware X
server on his Win95 machine to be able to display Rashi's X windows. The
reasoning behind this strategem was that first he would learn by himself how
to connect the Win95 machine to the Internet. But, more importantly, if the
connection was on the Linux machine, he would spend more time there and
slowly learn more and more about Linux. I gave him also root priviliges on
Rashi, knowing that he would sooner or later mess up that machine so bad
that he would need to re-install everything, thereby increasing the learning
effect.
Now, I only needed to make Rambam be also the printer server for both
available printer a HP Laserjet 4L and an Epson stylus color printer. The HP
Laserjet was installed and running under Samba in a few minutes. The Epson ,
I still haven't figured out how to make it print in color, but it does print
black and write.
Now, I only needed to supply the magic commands to make Rambam share that
one Internet link with the whole family. The commands
"ipfwadm -F -p deny" and
"ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0"
run as root do it. Now all outgoing connections are masked as one connection
giving the ISP the impression that one very busy user is sending and
receiveing IP packets. Once the ingoing connections arrive, Linux knows how
to send them internally to the appropriate machine. As an additional bonus
it also acts as a firewall. Guess what? Rambam was still running on its
first-ever boot. And it still did for another 6 weeks after that.
It turns out that my nephew Ytzchak learned rather quickly how to configure
his Win95 box to see the internet, too. But he is using Linux more and more,
especially now that I installed a Basic compiler on his machine.
Finally, I needed to address the original problem of my sister's computing:
the backups. Since, the family was now putting all documents and non-easily
re-installable software on Rambam, the Linux file serfer, it made sense to
install a tape backup there. I had an old DLT tape driver at home, that
nobody was using anymore and installed it on the SCSI chain of Rambam. That
was last week-end. Now, I had to re-boot, there was no other choice.
Re-booting a Unix server still makes my pulse go faster, after more than 17
years of experience. And of course, Rambam didn't boot after power-on. It
downed on me, that I had forgotten making a boot sector on the hard disk
with LILO after finishing the Linux install some 6 weks earlier. Frantic
searching for boot-diskette provided no immediate results. So, I was forced
to make one at work. I installed the needed SCSI kernel on the diskette, put
a LILO loader on it and configured it to look for the the 2nd partition on
the disk, where the root directory is. Drove to my sister and started-up
Rambam, under the unpatient eyes of the whole family (no Internet for 24
hours!). It came up nicely.
First thing, I wrote a LILO loader configuration file in /etc/lilo.conf and
then ran "/sbin/lilo" as root. That installed the LILO loader on the boot
sector of the hard disk. I checked it, and again Rambam came up nicely. It
also recognized the tape drive in /dev/rmt/0n and I therefore added a script
to the cron scheduler to do weekly backups of the user directories. From
time to time, I plan to log-in to Rambam from my home or work and do a full
backup, as well.
For this, I needed to configure Rambam also as a dial-in PPP server. Since
Rambam is running without X windowing system, I couldn't use the utilities
provided by linuxconf for this. But I have found a good manual on how to do
that by hand in ~http://www.swcp.com/~jgentry/dialin2.html
<http://www.swcp.com/jgentry/dialin2.html> .
That's it. The family network is running. It is printing, serving files,
backing up, and sharing one internet connection to all users at home as well
as securing it from outside intruders. The future things-to-do still are:
1. fixing the Epson Color to print in color, too
2. fixing the cabling to look nicer, especially where the server
sits
3. upgrading to the new 2.2 kernel
4. attaching a second modem and running load-balancing when more
then 2 users are active
5. installing the freeware IBM DB2 database server for my sister's
work
I have a set of all configuration scripts available on my website for those
readers who need them. Please send me an email to baham@netvision.net.il
<mailto:baham@netvision.net.il> to ask for it and I will reply with a link
to the files. State family-network in the subject line and you will get an
automated response.
The available scripts (all well documented) there are:
1. Samba config script
2. PPP connect scripts (5 of them)
3. Firewall script
4. Backup scripts (3 of them)
5. DNS caching-only scripts (2 of them and some related files)
6. Example /etc/hosts and /etc/nsswtich.conf
Moshe Bar
--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.