[solved] wireless router setup

[esp]

Ok, I have a crazy desire to turn my wireless router into a hub. How do I do this? Basically, my wireless router sits between my main linux server (file server, firewall, etc) and the rest of my network. The problem is, getting NFS to work from one network (composed of the linux server and the router) and the other network (the router and other boxes), has been rather difficult. If I can get everyone on the same network (or appearing that way) life will be much easier.

So, here's how it's all set up right now (NFS is not working, internet and such is)

(from the outside in)
Cable Modem (Comcast)
|
linux server (box A)
external eth0 to cable modem: dhcp
internal eth1 set to 192.168.69.1
running firewall script, dnsmasq, samba,
not quite yet running NFS, NIS, NTP, telnet, Apache, php
|
Netgear WGR614 wireless router
external IP: 192.168.69.2
external Gateway: 192.168.69.1
internal IP: 192.168.68.1
running wireless server, 4 ports of ethernet bliss
|
2 PC's, 1 laptop(wireless)

PC1: 192.168.68.5 (this is a WinXP machine, NOT MINE!)
PC2: 192.168.68.68 (gentoo!!)
Laptop: 192.168.68.3 (dual boot Gentoo/Win2003 Server)
--->Laptop runs wireless or 10/100 card.

I would really like to get everything working on the 192.168.68 network. (all netmasks are 255.255.255.0)

I know the easy way to do this would be to switch the position of the server and the wireless router, but then the server becomes just a peer (unless I use another hub) and the laptop, when on wireless, is not being protected by the hardcore firewall scripts on the server, and if in Win2003 mode, could let bad little Windows vibes out of my network!!! So that solution sucks.

If anyone has a better way to set this up so NFS and such will work right and everything is still behind the protective linux firewall, please contribute.

>>esp

[shadow255]

If security is really your primary concern, you shouldn't be trying to run services like NFS, Apache and least of all telnet on your firewall machine. The purpose of a firewall machine is to screen your trusted network as much as possible from the untrusted network on the outside. Every service you add to a system increases the chances of something becoming vulnerable to attack, regardless of how careful you are in binding to proper interfaces.

My recommendation is that you set up a completely different machine on your inside network to run these services. If you're using an expensive rig to act as the firewall, I'd say set up a less expensive machine with reliable parts to take its place and move the server out of that role. Good luck with your endeavor, whatever you decide.
_________________
Vogon poetry is of course the third worst in the Universe. -- Douglas Adams, The Hitchhiker's Guide to the Galaxy

[esp]

Good points, all. First, I am using an old machine as the server, k62-450 processor. Second, I would be (trying) to use all services you mentioned internally, not externally. (bound to 192.168 network only) However, you bring up a great point about the possibilities of misconfiguration. I will be sure to be extra careful if I decide to end up implementing these services. I am wanting file-server stuff on the firewall machine largely because as firewall/dnsmasq, it is an always-on machine anyway, and file services also should be always on. I'd rather not have to run two machines in always-on if I can help it. the apache/php stuff can be easily put to the Gentoo box, as I am just using it for local testing. Telnet may never get implemented, but the idea is to be able to remote-manage the server, and telnet was my first thought. I'd rather not have to even attach a keyboard, mouse, or monitor to the server, if possible. Telnet's a perfectly sloppy way to get around this.

>>esp

[shadow255]

Telnet as a remote-administration tool is in pretty much every way inferior to ssh. Even if it's only running over your internal network, ssh is the way to go for console sessions on a headless box. Just my $0.02...
_________________
Vogon poetry is of course the third worst in the Universe. -- Douglas Adams, The Hitchhiker's Guide to the Galaxy

[esp]

thanks for the tip. I'll look into ssh.

Still, it would be nice to at least get NFS up and stable through that wireless router.

>>esp

[mohaine]

Why not use the WGR614 as your firewall/router? Just move your server to the other side of the WGR614, and setup the WGR614 to forward any external open ports you need to the server's IP address. Just make sure you disable the firewall script and dnsmasq.
It looks like the only ports you need to forward are 80 and 22. 80 for apache and 22 for ssh in place of telnet.

Telnet really is bad. It is worth the switch to ssh just for scp and sftp.



(from the outside in)
Cable Modem (Comcast)
|
Netgear WGR614 wireless router
external IP: WAN IP
internal IP: 192.168.68.1
running wireless server, 4 ports of ethernet bliss
|

linux server (box A)
external eth0 to cable modem: dhcp
internal eth1 set to 192.168.68.2
samba not quite yet running NFS, NIS, NTP, telnet, Apache, php

2 PC's, 1 laptop(wireless)

PC1: 192.168.68.5 (this is a WinXP machine, NOT MINE!)
PC2: 192.168.68.68 (gentoo!!)
Laptop: 192.168.68.3 (dual boot Gentoo/Win2003 Server)
--->Laptop runs wireless or 10/100 card.

[esp]

I've got the problem solved, somewhat.

Basically, I'm just not using the external jack on the router. I have my server box and the gentoo box plugged into the router, but it's not really doing any routing. The laptop plays nice with the others this way, and everybody's set to use the server as a dns server. The server is running dnsmasq, and nfs is now working nicely. I've got samba running as well, and it works ok. I really need to look into getting ssh set up. I just haven't gotten to it yet.
(from the outside in)

Cable Modem (Comcast)
|
linux server (box A)
external eth0 to cable modem: dhcp
internal eth1 set to 192.168.68.69
running firewall script, dnsmasq, samba, nfs
not quite yet running NIS, NTP, telnet, Apache, php, ssh
|
Netgear WGR614 wireless router (attached to internal ports only)
external IP: 192.168.69.1 (just for kicks, not actually hooked up to anything)
external Gateway: 192.168.69.1
internal IP: 192.168.68.1
4 ports of ethernet bliss (1 used by server)
|
1 PC, 1 laptop(wireless)

PC1: 192.168.68.68 (gentoo!!)
Laptop: 192.168.68.3 (dual boot Gentoo/Win2003 Server)
(both are set to use 192.168.68.69 as DNS Server, 192.168.68.69 as gateway)
--->Laptop runs wireless or 10/100 card.


And so far, so good. Everybody's on the same subnet

>>esp