This forum is in permanent archive mode. Our new active community can be found here.

Home Networking

RymRym
edited April 2006 in Technology
So, does anyone have any specific questions about home networking or networking in general? I can go into labourious, excruciating detail if you desire.
«1

Comments

  • edited April 2006
    If you run your own DHCP server on a Linux box to make it into a router for your home network, is it overkill to also run your own DNS and proxy servers?
    Post edited by Katsu on
  • edited April 2006
    If you buy a Linksys it does DHCP and routing for you. Your ISP will provide DNS services. We decided we would like more control over DHCP than our router allows, so we disabled the DHCP server in the router rand set one up on a separate machine. We also setup a DNS server on the machine to create a TLD for our local network. You only really need to turn a Linux box into a router if you want use it in place of a Linksys. Make sure you have a lot of network cards if you do this. I don't know how useful a proxy server would be. They seem to just make things difficult and cause trouble.

    http://ipcop.org/
    Post edited by Apreche on
  • edited April 2006
    I would say that proxy is overkill for a home network unless you really need some other feature of the proxy. Even if you enable a cache in the proxy, unless you have a lot of people that browse the same pages I don't think you will see any speedup.

    As for DNS, there are two reasons to run a local DNS. The first as scott pointed out is to have your own internal domain, which is quite handy. The second is to setup a caching nameserver. Caching helps for two things, a lot of cable connections are higher latency connections, and the nameservers for your ISP could be overloaded and/or misconfigured. You can setup your nameserver to only accept authoritative information (best), or to use the cache of your usual nameserver.

    I have always liked the control of my FreeBSD based router over the store bought devices, and with cable/dsl being less then 10Mbit connections the little p233 box that does it keeps up just fine ^_^.
    Post edited by Jameskun on
  • There is a third reason to run your own DNS: redundancy. DNS servers can and do go down. A true DNS server (with root hints) can resolve addresses independently of your ISP's DNS servers, and you'll thus still be able to surf when they're not responding.
  • edited April 2006
    yeah, that's why I said '(best)' by only accepting authoritative information, since ISP's tend to have crappy nameservers, and sometimes are misconfigured in such a way they they can have security issues ^_^.
    Post edited by Jameskun on
  • Yeap ^_^

    Of course, we assume you out there configure -your- nameserver correctly. Don't want any cache poisoning, now. ^_~
  • Speaking of which, Rym still hasn't enabled caching on our name server.
  • N.A.T.?

    Like I've said before, I have hosted servers on games like JA and stuff. What I did was I had one PC on 24/7 hosting the server and I used another PC within my LAN to play on it along with a bunch of people from the internet. The way I did this was by enabling the DMZ. That was back in the day when I had a Linksys router. Now I have a router called 2WIRE. As soon as I got, it I enabled the DMZ for the server PC again and I had people from the internet connect to it. I also still connected to it within my LAN on my other PC. However, now it's dropping packets from the server PC if I try to connect to in within my own LAN when I have it set for internet usage and I don't know how to fix this. I can connect to it if I have the server set for LAN, but I can't connect to it when the server is set for internet like I used to be able too even though other people online can connect to it without any problems. I've tried port forwarding, but that didn't really help. Back when the server was working, my PC used the port number 29070 to connect to a JA game I had set up. The server PC used to use the port number 29070 to host the server. Is it bad for these two port numbers to be identical? Any help I can get at all would be a lot of help for me.
  • All right. You need to understand what the DMZ actually does, which itself is compounded by the fact that some consumer routers have different definitions of the term...

    In general, you'll want to forward specific ports to your game server. You said that you tried port forwarding and it failed. What ports did you forward and to where?
  • I'm using the actual game to host a server and it uses the port number 29070 with the UDP protical thing. The PC I use to play on the server also uses the port nubmer 29070 UDP. Back when I had my Linksys router, the two identical port numbers didn't mean a thing and I was able to connect to my server from within my LAN even when it was dedicated to the internet. Then I switched to that 2WIRE router and it worked for a while. Now it doesn't and it's dropping the packets. I don't think that the 2WIRE router is able to have an internet server hosted on the same port number that I'm trying to use to connect to it when I'm in the same LAN, which sounds like the N.A.T. thing you talked about in your network podcast.
  • Well, when forwarding a port, you have to specify specific port numbers and protocols (TCP or UDP), as well as specific internal PCs to which to forward those ports. If you forward port 1983 to 192.168.100.1, then any incoming connection on your external IP address destined for port 1983 will be forwarded internally to that port on 192.168.100.1.

    What ports did you forward specifically when you tried to do this, and to where?

    You can NOT have two services using the same incoming port and protocol without multiple IP addresses. If your game client needs to accept incoming external connections on port x, and the server also needs to listen on that port, then you cannot run both the client and the server at the same time without purchasing an extra IP address from your ISP.

    Now, if your client only needs to accept incoming connections on port x from the server (NOT from other clients), then this could work with only one IP address, provided the port forwarding and routing rules are set up correctly.

    In general, I would advise AGAINST using the DMZ feature for this sort of thing. Turn it off. Then, figure out which ports specifically need to be forwarded, and forward them accordingly. I'm sure someone has made a short guide for your specific game out there.

    Steam has issues with this, and has a nice built-in workaround where you can change the incoming port on a per-client basis in order to be able to set up the proper port forwarding.
  • Rym, I'm trying to set-up the use of Bittorrent on my machine, which is a single computer behind a wireless router. I know how to set up port forwarding, it's a fairly simple procedure on my router, but I have a secondary problem.

    I was told by my ISP, Clearwire, that they close off traffic on certain ports to cut down on network traffic. I need to try and figure out what ports I can tell my client to use by what is open to the net. How can I check what ports my ISP has locked off to help increase my torrenting speed?
  • Call them and ask. It worked when I called Optimum Online. The guy was surprisingly forthcoming when he realized I wasn't the usual doofus.
  • Huh.

    Didn't think it would be that simple. The default one for the client seems to be working now, but I'll remember that in the future.
  • Bittorrent will work even if the incoming UDP is blocked: it will just be slower.

    If nothing else, pick a random ephemeral (high number) port. The ISP can't really block any of those without causing all sorts of problems. As long as your client allows you to specify it, then it will work.
  • Ok now at my house, I set up MAC filtering for the wireless network because it's easier than entering a WEP password every time... Does MAC filtering work better or worse than WEP/other wireless security?
  • Here's a tip for wireless internet. Do not get SBC Yahoo DSL, or a 2wire router. The router is the more importantly horrible piece of equipment.
  • WEP and WPA will encrypt the traffic to your wireless access point, and also deny any access to people that do not know the key. the MAC filter simply checks the MAC address. For the most part, either will keep your neighbors out.

    If somebody wants in to your network, a MAC filter can be trivial to get around. anybody could snoop the traffic, find out what your MAC address is, then they can clone your MAC and get access. WEP is pretty much broken as well, but is the only encryption that works with the DS. If you want to secure a home access point for real, use WPA.

    In the past I have just done a simple MAC filter and not really had problems, most people will see another wireless network, try to connect and if it doesn't work they will just leave it alone. I am lacking in an AP at the moment but I would probably go with WEP and MAC filter, the computer should be capable of remembering the key so you don't have to type it in all the time.
  • MAC filtering doesn't really work for security except to keep idiots out. Smart people can MAC spoof to get into the network. If you are really concerned about securing your wireless network the only way is WPA. WEP is very easily hacked by anyone who knows what they are doing. However, if you use WPA then Nintendo DSes will not be able to connect. I repeat, WPA is the only way to make your wireless truly secure.

    Also, if you use WPA or WEP you shouldn't have to enter the key more than once. You usually enter it once, and your computer remembers it forever. If that is not the case, then you are doing something wrong.
  • Thanks Rym, I think I've got the problem solved. Now I'll have to wait until I get a friend to test it out with me.
  • Speaking of networking, what do you guys think of cisco certifaction and A+ and all that. I remember you guys were saying how stupid they are and I agree. But who are the people who care about it? Did you say large companies use it, and small businesses don't care?
  • Stupid people care about certifications. If you are interviewing with a person that knows nothing about technology they will think that certifications mean something. If you are interviewing with a smart person they will know that stuff doesn't mean shit. However, if you don't have a college degree then a few certifications can make someone possibly feel more comfortable hiring you than if you had nothing. Basically, if a company actually cares about certifications, then that isn't a place that a smart person will enjoy working.
  • Uber-companies with massive HR departments care. So do small companies that don't know anything about IT and refuse to outsource, but think they're experts.

    They care much much more, however, for a Bachelor of Science or a Masters. They also care much more about actual work experience. Certifications should be at the bottom of your list. I've never been asked about them by a company I actually wanted to work for.

    A Cisco cert is like an Associate's degree: you'll end up in a low-level networking job somewhere with no real advancement opportunities. A++ is, as far as I can tell, completely useless.
  • My dad has a friend who owns a custom computer building/repair business. He cares about these Dell, Gateway, HP, etc. certifications because he can get special parts faster and cheaper. That kind of certification would be worth it, right?
  • I don't think that's the same kind of certification...
  • Oh. Fuck.
  • This topic makes me gush almost as much as jabbering about computers. Switching to gigabit earlier this year has given me much more usable bandwidth. My cable modem gates to 3 switches: a 24 port in my office, a 4 port locally and an 8 port in the living room for the TiVo, 360, PS3 and media server. I'm using Draft N wireless for everything else. I'm a big fan of FreeNAS servers for streaming movies and sharing files.
  • This topic makes me gush almost as much as jabbering about computers.
    Wait until we talk about our plans for in-house networked services. Imagine a portal for the house, complete with fileshare information, remote control of the media players, home automation, an internal wiki, VPN access, and a bunch of other fun things.
  • edited October 2008
    Regarding MAC spoofing: How easy is easy? Could you go into a little more detail on the subject of how one can detect MAC spoofing (if at all). I would imagine that two devices with the same MAC on the same network could be a problem. Also, isn't network equipment supposed to announce running in promiscuous mode, which you would need for the initial sniffing? Is it easy to get equipment that doesn't?

    Also, is there any benefit to switching SSID broadcasting off?

    And finally; why the funk isn't this shit easier already?
    Post edited by Dr. Timo on
  • Also, is there any benefit to switching SSID broadcasting off?
    Same with MAC filtering, it only stops the stupids. I did it for a while, but it was a bit annoying when people would come over and sometimes XP would just forget there was a wrieless network. Now I use WPA with the SSID on and it gives me no trouble (most of the time).
    And finally; why the funk isn't this shit easier already?
    "This shit" is the easiest it has ever been. Linksys gives you a CD that will set everything up for you. How much easier does it need to be?

    Also FreeNAS and PFSense are awesome.
Sign In or Register to comment.