LinuxMCE Forums

General => Users => Topic started by: kingjos on December 04, 2007, 11:07:35 pm

Title: Why use core as network gateway?
Post by: kingjos on December 04, 2007, 11:07:35 pm
Can someone explain to me why you would want internal network traffic running through a LinuxMCE core to the internet?  The reason I ask is because I am running a Smoothwall box as the gateway on my network and feel that it offers me more networking features than the core machine would be able to do.  The only networking service I really want to use from LinuxMCE is the DHCP server seeing as how it allows you to network boot Media Directors from the core.

If anyone can help me better understand how the core works that would help me out a bunch:

Thanks.
Title: Re: Why use core as network gateway?
Post by: rrambo on December 04, 2007, 11:14:53 pm
The core has its own firewall.. and routes internet traffic to whatever gateway you are using now...  I still have my wrt54g running dd-wrt...  this is my gateway to the internet...  all my clients pull an address from the core and get routed through the core with it's internal firewall and then to my router before getting out to the internet..
Title: Re: Why use core as network gateway?
Post by: tschak909 on December 04, 2007, 11:45:23 pm
it has more to do with the intended use of the system from a typical home standpoint. This system provides what most people don't have:

(1) a proper gateway with QOS and a firewall tuned for home use
(2) it needs to be the master DHCP for the plug and play networking aspects
(3) telecom: SIP does not traverse NAT all that elegantly, in fact the only protocol that does 99%, is IAX2. This works around that

If you need something different, go ahead and hack away, but you're on your own.

-Thom
Title: Re: Why use core as network gateway?
Post by: Matthew on December 05, 2007, 12:48:00 am
it has more to do with the intended use of the system from a typical home standpoint. This system provides what most people don't have:

(1) a proper gateway with QOS and a firewall tuned for home use
(2) it needs to be the master DHCP for the plug and play networking aspects
(3) telecom: SIP does not traverse NAT all that elegantly, in fact the only protocol that does 99%, is IAX2. This works around that

The core doesn't have to be the network gateway, it can be attached to the LAN as a single device on a single NIC along with other devices the core serves by DHCP, as the wiki describes in "DHCP Plug and Play" (http://wiki.linuxmce.org/index.php/DHCP_Plug_and_Play). But, as that article mentions, since managing other network devices for LMCE (like IP phones, MDs, etc) as plug & play requires their configs to be served by DHCP, that means the core must be the LAN's DHCP server - and even then, it's an imperfect solution. The LAN can have only a single DHCP, which must in that case be the core (because the DHCP protocol doesn't allow a DHCP server to automatically include configs from external servers like the core). So the core must be the LAN's DHCP server, which service is usually assigned to a firewall. Since LMCE does include a firewall for security, the SIP routing and QoS for other media streams, it's most convenient to make the core also the gateway to the rest of the network.

The core can be the router for the entire LAN and all its devices, so long as there is no extra DHCP server connected to the "inside" ethernet interface, with its "outside" ethernet interface connecting directly to a WAN (which outside connection must receive its own DHCP configs from another server, like a DSL, cablemodem, or another router with a DHCP server assigning the outside interface's IP#). Or that outside interface can be one of many devices connected to the WAN gateway, but all LMCE devices (like MDs, IP phones, etc) must be connected to the inside interface to get their DHCP configs. Of course the core's outside interface could be connected to a gateway to yet another LAN, rather than a WAN, but ultimately the outside interface must be routed to the Internet for the entire LMCE system to take advantage of Internet updates to its bundled SW, including OS and all the other packages that make it run.