I picked up an old Sun UltraSparc 10 this last week and I set it up yesterday with Ubuntu 6.06 Server. I think I’ll have it run my irssi/bitlbee server, and I was also thinking it could be my local DNS/DHCP server.. but this is where I get into unknown territory for my network. As long as I’ve had high-speed I’ve set a hardware router in place and have not had to deal with this. As the title suggests I’m thinking outloud with this post, mainly just looking for some feedback to make sense of how to put this together. Here is my current network setup.
Current Network Setup
I have DSL which comes in the DSL Modem which is configured with PPPoE transparency (I believe) so that the current router can submit the PPPoE login information. The current router (Netgear Wireless + switch) has the PPPoE information and acts as the DHCP/DNS. This then uses an out-port from the Wireless Router back to a Netgear 8 port 10/100/1000 switch, also daisy-chained to another identical switch which all the machines in the house are connected to. (No I don’t have 16 machines in my house, but I have LAN ports in each room for mobility).
DSL -> Wireless Router (DHCP/DNS/FIREWALL) -> Switch 1 & 2 -> machines
Attempted Network Setup
What I would like to do is remove the Wireless Router as the DNS/DHCP and simply use it as an access point. I would like to use one of my servers as the DNS/DHCP server and I suppose that would end up being the firewall as well. This new setup would then be something like:
DSL -> Sparc (DHCP/DNS/FIREWALL) -> Switch 1 & 2 -> Wireless Access Point & Machines
I have done a bit of reading regarding pppoeconf on Ubuntu and I have been able to set that up on the server. The problem was then that the Sparc machine could get out but nobody else could. I understand I’ll need to activate ip_forwarding on that machine and probably put together an iptables MASQUERADE rule, but what else do I need here?
ifconfig shows the PPP connection and WAN IP. I then have eth0 and eth1 (although I’m assuming PPP is using one of those as well?) So we make eth1 the external, PPP connected device, and give eth0 a static IP such as 192.168.0.1? For this machine to allow network traffic to the internal network does it *need* a named server going or would it work if the clients had external DNS configurations (like the ISP or opendns.org?) At this point do I need DHCP server going as well? There are reasons why I would want this (initially the reason for this whole spagetti mess), but for initial connection testing is it *required*? Can the clients just configure static networking on the same subnet?
I guess I’m wondering, at the minimal level, what needs to be wired to what & what services are *required* to allow connection from all the machines? The details on configuring DHCP and DNS I can take care of, I just want to make sure everything is wired properly. Any thoughts?
I guess what I would ask is why you are doing this? For my money, I’d go with a solution that is already tailored to do what you want. For a home network, the simpler the better and if your router is doing it’s job, I’d say let it.
If it’s a proof of concept, great but make sure that it’s secure if it’s protecting your home network. That’s going to be the tricky bit coming at it from the ‘how do I do this’ angle. Perhaps what you might want to do is create a segment on your network and use the UltraSparc to connect them. Then you have two networks and you can play from both sides until you’re comfortable with the security.
If it’s just to put a Linux box on the border, I’d suggest checking out a project like ipcop that is a distro just to act as a firewall/router. I might even check some of the dd-wrt, openwrt projects to see if their firmware runs on your netgear router.
For DNS, I use dnsmasq. It’s great for small networks where you know all of the local IPs and hostnames.
I second dnsmasq. It’s a very useful little DHCP/DNS server that automatically adds your DHCP clients to a local DNS server.
I’d also recommend shorewall, which is a veyr useful configuring tool for iptables. I run dnsmasq and shorewall on a Debian box that serves as my access point to the outside world.
Definitely DNSmasq, and leave your wireless router doing what it has been doing minus DHCP. DNSmasq does DHCP, internal DNS (very useful if you have more than one machine at home, like I do), and it’ll even do everything you need for netbooting Linux: PXE, TFTP, etc., all in one service.
BTW, netbooting a MythTV frontend is great!
I would have to go with Chuck on this one. Why are you doing this? If its for new skills. I would keep the two networks separate, until you know it’s tight. So for now, go:
dsl->router->switch->sun->switch->test network.
You’re going to need more than just one or two rules for the sunbox, if it’s your router. You have to remember that most routers designed for home networks block all the ports first, and then forward only those that have been asked to be forwarded. If you don’t have the proper rules in place before you use the sun as a firewall / router, you’ve just opened up every box on your network to the world.
Why not just use smoothwall. It has a DNS server and DHCP server setup you could use. Set it up with two Ethernet connections one to the DSL and the other to your LAN Switch. Might take a bit of configuration but not to hard I should think.
There’s no relationship between NAT and DHCP/DNS. Static configuration on the clients will work just fine for testing. Make sure to give the clients addresses within the subnet defined by the netmask on eth0.
You’ll want to have your DNS server forward DNS requests to your ISP’s nameservers, they will certainly be able to resolve names faster than you can, no matter how “fast” your connection is.
For that, you’ll want the ‘resolvconf’ package; the reason why is left as an exercise for the reader. 🙂