[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: [suse-security] Advice Please - Extending a Network

On Saturday 10 January 2004 23:03, Philip B Cook wrote:
> > If the hardware solutions described are not an option then you have two
> > options using Linux (i) seperate subnets or (ii) a bridge.  The latter
> > consists of extra modules in the kernel which effectively turn your box
> into
> > a switch, thus saving the expense, and all LAN traffic goes across both
> > segments.  Alternatively split the LAN into two subnets, have two IP
> > addresses, one for each NIC and have DHCP serve different IP addresses to
> > hosts on each segment.  This is more traditional in some ways but can be
> > annoying for users, depending on what applications they use.  For
> > instance if they are SMB clients that want to browse a "Network
> > Neighbourhood" then you'll need to implement a WINS server (and possibly
> > a domain server) to keep the two subnets talking to each other.
> >
> > Carl Peto
> > Linux Server Support
> > Bookman Associates
> It seems to be quite hard to find an 8 port hub with a coax connector,
> though I will keep looking.
> In the meantime can you expand on what I need to do following your (i)
> seperate subnets suggestion.
> I am already running  ...
> 1) DHCP(providing IP addresses to the local machines and also updating the
> DNS zone files automatically)
> 2) DNS (administering the local domain and forwarding to my Cable Company's
> DNS servers)
> 3) SuSEFirewall2 (blocks everything inbound, there are NO services
> accessible from the internet other than those initiated by the local
> network machines)
> 4) Samba to support Windows Clients
> 5) Squid
> so I think I have all the parts running I need, but need some pointers on
> how to add the extra interface into the settings for each.
> Thanks everyone for your advice.
> Philip

If you do add the extra interface you are going to have a routing problem
between machines on different interfaces.  Maybe this is not a problem.
If all the machines only talk to the server and not to eacy other then
this will not be a problem.  Simply add the new interface and set up
your dhcp server to dish out ips in a different subnet for that interface.
Remember to have your samba set up to allow the new interface.

But remember, you can avoid all of this reconfiguration by simply
replacing the server nic with a 10/100 cat 5 nic and getting a cheap 4 or 5 
port switch/or hub with a cat 5 port.  

I guarentee if you know more than one computer
geek they will trade you one of these older hubs for a $25 10/100 switch.

You only need it till you are fully cut over and off the coax.  They you may
never use it again, or perhaps only for printers or something slow, so
you don't care that its a hub rather than a switch and you don't care
that its only 10meg instead of 10/100 or even 10/100/1000.  Its a short
term solution to keep your coax on line till you get the cat 5 opperational.

Further this system puts your server a less risk than adding another

John Andersen

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here