ssh within home LAN issues
Eric "Shubes"
plug at shubes.net
Fri Apr 21 13:01:35 MST 2006
Using IPCop will work nicely, but you will need a dedicated IPCop box
between your router/AP and the cable modem, as you envisioned. I don't
know if it's excessive or not (noisy fans can be irritating), but FWIW,
IPCop will give you stronger security than your router/AP alone.
How to build an IPCop box?
1) Acquire an old box destined for the boneyard. I use an old emachine
333 w/ 160M ram and 3G hdd. That's overkill though. You can get by on
much less than that. I'd look for Pentium-150 (or equivalent), 64M ram,
500M+ hdd, CD-rom, and a floppy is handy for backing up your
configuration. Make sure that the box can boot from the CD-rom.
2) Outfit the box with 2 network interfaces. Just about any ol' nic will do.
3) Download and burn the iso (on another box).
4) Boot the install cd to install the software. The installation program
is pretty straight forward.
5) Plug it in, configure settings for your environment, and you're on
your way.
Alternatively, there are some hacked versions of that router available
on the internet (it is a Linux box, after all). You might find one that
allows the dhcp server to allocate ip addresses bases on mac addresses
(that's the feature you're looking for which isn't available on the
standard version). You might end up toasting the unit in the process, so
you should realize that this route is a bit riskier. I would (and did)
go with the IPCop solution.
One more point to ponder. If you have a switch that is separate from
your router, you could add a wireless nic (called the 'blue' interface')
box, and it would become a wireless AP, making your linksys obsolete.
Finding a wireless nic that would work with IPCop could be a bit of a
chore though. :( Just a thought.
If you have any problem with IPCop, I'm sure you can find help here.
Alternatively, there is a very active IPCop mailing list too.
Dazed_75 wrote:
> Thanks Alex. I am not sure how this helps since I don't believe I can
> put IPCop on the Linksys Router and Wireless AP that is my DHCP server
> (and a DHCP client to my Linksys Cable Modem) especially since some of
> the boxes I may want to ssh between are wired and some wireless.
>
>>From what I can see this solution might work if I put a dedicated
> linux box BETWEEN the cable modem and router/AP with 2 Ethernet
> interfaces and IPCop but frankly that seems a bit excessive. I may
> well be wrong about this as networking is not exactly a strong suit
> for me and I only spent a short time on the IPCop web site, but please
> tell how me if so. Learning is good. :)
>
> On 4/19/06, Alex Dean <alex at crackpot.org> wrote:
>> On Apr 18, 2006, at 5:25 PM, Alan Dayley wrote:
>>
>>> Dazed_75 said:
>>> --[clip]--
>>>> Hence 3 questions for now:
>>>> 1 - How best to not have to use IPs for the ssh functions?
>>> I am interested in the answer to this one. I solved it by going to
>>> fixed
>>> IP addresses for my home computers.
>> That's what I did as well. Static DHCP made this a lot easier. The
>> client machines still get their IPs via DHCP, but the DHCP server
>> always gives the same IP to a given MAC address. (Allowing you to
>> see all your client machines and their IPs in a single place.)
>>
>> IPCop has a nice local DNS (they call it 'edit hosts') setup, so you
>> can give descriptive names to machines. I used to have all the IPs
>> memorized for my local machines, but since setting up IPCop I've
>> really liked being able to access them by name instead.
>>
>> alex
>>
>> ps : If you have OSX machines on your network...
>> The domain name '.local' (ie : machine1.local, machine2.local) might
>> give you problems. I chose this initially for my local network, and
>> I was unable to find any of my Linux boxes from my Powerbook. I
>> eventually figured out that Apple has a separate name-resolution
>> system (Bonjour, multi-cast DNS) which uses '.local' by default.
>> When I tried to access debian.local, OSX didn't even try to use
>> normal DNS. It just said the machine could not be found. Changing
>> my local addresses to use '.localdomain' worked around the conflict.
>> You can also tell OSX to search DNS for '.local' addresses with the
>> instructions here : http://docs.info.apple.com/article.html?
>> artnum=107800
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change you mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
> --
>
> Nothing is really work unless you would rather be doing something else.
> - James M. Barrie
--
-Eric 'shubes'
****************************************************
This message has been scanned using Contraxx
Technology Group mail server v8.0.3 and is virus free.
Message sent from Mail Server 3
****************************************************
More information about the PLUG-discuss
mailing list