[NTLUG:Discuss] LAN Planning II

bryn konti bkontr at yahoo.com
Wed Aug 28 00:58:13 CDT 2002 

Aside from the problems you already mentioned, here
are my suggestions based on providing greater
configuration options and higher performance: The
Ascend router is likely  to be slow (in comparison
with the linux router)  which defeats the purpose of
having a really fast switch.  Why not configure your
linux box as the main router?  Also, I would recommend
 getting an auto-sensing 10/100 switch...that way you
can connect the wireless AP to the switch.  


Cheers,
Bryn




--- Aaron Goldblatt <lists-ntlug at goldblatt.net> wrote:
> Based in part on the suggestions put forward here,
> I've decided to 
> go the 802.11b solution.  I'd much prefer a wired
> LAN in my home, 
> but the up-front cost is more than my wife can bear.
>  Plenum- and 
> riser-grade cable is just too expensive for me to
> justify right now.  
> With equipment purchased on Ebay, I was able to get
> an AP and 
> card for $200 for decent equipment.
> 
> Now I'd like yall to take a look at, and critique,
> the current plan.
> 
> You can find my hand-drawn diagram of the network at
> 
> http://www.goldblatt.net/network.png
> 
> Here's how it will work:
> 
> Internet connectivity will be provided by an Ascend
> Pipeline 85 I 
> picked up.  ISDN is my only reasonable option at
> this time (ADSL 
> not available, IDSL comes with a $600 startup price
> tag and 
> $3x/mo more than ISDN, etc), so ... there we are.
> 
> The Pipeline 85 doesn't support many-to-many NAT
> (for my /28 IP 
> block from the ISP) without a remote DHCP server
> (not possible), 
> and its many-to-1 NAT capabilities are wildly
> limited, so NAT via 
> the Pipe isn't a good option.
> 
> Also, I found that all the 802.11b APs I looked at
> had a 10BaseT 
> (not 100BaseT/TX) port, so putting the AP on my
> 100BaseTX 
> 3Com hub (which will not switch down) was not an
> option.
> 
> Here's the legend for the picture:
> 
> - "PIPE85" is the Ascend Pipeline 85.
> - "W2K" are Windows 2000 machines.
> - "AP802.11b" is the 802.11b AP.  The W2K machine it
> talks to will 
> have a live, routable IP.  It'll be running 2000
> Professional, not 
> Server.
> - "3COM 100TX HUB" is my 100TX hub that won't switch
> down to 
> 10BaseT.  Everything plugging into it must have a
> 100 card.
> - "HPDJ" is a Hewlett Packard Deskjet with a device
> akin to an HP 
> JetDirect box on it, turning the DJ into a fully
> IP-capable printer.
> - "LINUX" is, obviously, the Linux box, and the key
> to the whole 
> project.  (See below.)
> - The black lines represent 10BaseT or 802.11b
> links.  The red lines 
> represent 100BaseTX links.
> 
> The 10BaseT and 100BaseTX networks will have
> separate address 
> spaces.  In the map I selected 198.175.18.x/28
> simply because I 
> know it's routable and belongs to my ISP, but I
> don't actually know 
> (or really care) exactly what block I'll get.
> 
> The 10.100.1.x network is, of course, private and
> non-routable.
> 
> I intend the Linux box to provide the following
> services to both 
> networks:
> - NFS
> - Samba
> - SMTP relay
> - DNS
> - IMAP
> - FTP
> - Web
> 
> The Linux box will also do IPMasq on a many-to-many
> basis and 
> DHCP for the private network.
> 
> In each case, I know how to restrict incoming
> connections from the 
> public side to acceptable IP address ranges.  If
> you're not in my 
> block, I won't relay for you, for example.  That's
> not a big deal.
> 
> A bigger deal is name resolution, and suggestions on
> how to handle 
> this are welcome.
> 
> I want to be able to resolve any machine from any
> other machine, 
> and get the "optimum" connection.  That is:
> 
> Private W2K -> Printer == 10.x.x.x A record
> Public W2K -> Printer == 10.x.x.x A record, routed
> by Linux box
> Public W2K -> Linux box == 198.x.x.x interface
> Private W2K -> Linux box == 10.x.x.x interface
> Private W2K -> Private W2K == 10.x.x.x A record
> Internet -> Private W2K == 198.x.x.x A record,
> masq'd by Linux
> I'd like these resolutions to happen with the same
> name all the way 
> around, so that "linux.goldblatt.net" resolves to
> the right address no 
> matter who's asking, depending on which side of the
> network the 
> request comes from.
> 
> Is this going to be a situation where I'll need two
> instances of my 
> name server, and two different (but
> identically-named) zones?
> 
> Please advise on pitfalls I'll need to pay attention
> to, and any 
> improvements I can make to this setup.  Also,
> pointers to a detailed 
> description of IP Masquerade in Linux 2.4 would be
> very helpful.  
> I've looked at the HOWTO's at the LDP, and they do
> seem to work, 
> but I don't understand the syntax and meaning of
> what each table 
> entry does, and that's what I want to know about.
> 
> Thanks.
> 
> ag
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss


__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

More information about the Discuss mailing list