LinuxMCE Forums

General => Users => Topic started by: slice16 on May 29, 2009, 01:10:16 am

Title: Access file server on external network
Post by: slice16 on May 29, 2009, 01:10:16 am
Hi All,

I am just wondering whether it is possible to map (and set to store) data that sits on the other side of your external NIC?

I know this sounds a little silly, but my network is in two segments, 1 is my main PC network (192.168.2.0/24) which my LMCE box external nic connects to. I then have my LMCE network (192.168.80.0/24). All my mds etc are on the lmce side. I do have a large file server sat in my main network. Am I able to map this to LMCE without moving it over?
Title: Re: Access file server on external network
Post by: itspac on May 29, 2009, 01:16:15 am
I use a file server on the external network of my lmce box. I just have to add the file server address and MAC usinf the web admin. Then I reload router and let lmce do the rest

Btw I disable the firewall on lmce
Title: Re: Access file server on external network
Post by: Pnuts on May 29, 2009, 01:17:06 am
Your best option would be to move it over... Move everything over.

However, as long as your only going from internal to external, you should still be able to access everything on the external NIC directly by IP, possibly by name depending on how your router is setup.

You shouldnt even need to port forward or do some type of configuration if your trying to go from external to internal networks.
Title: Re: Access file server on external network
Post by: ivanp on May 29, 2009, 01:36:40 am
Its been posted before, check here http://wiki.linuxmce.org/index.php/NAS#Add_NAS_to_the_.22External.22_LAN (http://wiki.linuxmce.org/index.php/NAS#Add_NAS_to_the_.22External.22_LAN).
Title: Re: Access file server on external network
Post by: colinjones on May 29, 2009, 01:43:04 am
It is possible, but don't do it! Just move the machine into the internal network, you are trying to swim upstream for no reason....

See here for an explanation as to why it is perfectly possible to run internal and external networks with hosts on them, but realistically there is NO reason to do so!

http://wiki.linuxmce.org/index.php/Network_Setup
Title: Re: Access file server on external network
Post by: Marie.O on May 29, 2009, 09:04:47 am
I use a file server on the external network of my lmce box. I just have to add the file server address and MAC usinf the web admin. Then I reload router and let lmce do the rest

itspac, if you have done, what you wrote, your system would not be working!

DO NOT ADD THE MAC ADDRESS OF AN OUTSIDE SYSTEM, or you will screw up your dhcpd.conf file to the point where it won't allow dhcpd to start.

IP-address alone works fine and dandy. btdt and still doing it.
Title: Re: Access file server on external network
Post by: slice16 on June 07, 2009, 06:51:10 pm
Hi All,

Sorry for the long delay in my reply (teach me not to pay the phone bill :) ). Thanks for the replys, I will get this setup now.

I am wanting to keep the two networks separate is mostly down to me using smoothwall and do not want to setup a double NAT (smoothwall is running a vpn connection to a few of the families houses). I just don't like the idea of lmce been my main gateway to the internet, and would like to be able to shutdown without everything else loosing connectivity.
Title: Re: Access file server on external network
Post by: itspac on June 07, 2009, 10:55:23 pm
Btw. My system does work. Don't know why. But it does
Title: Re: Access file server on external network
Post by: tschak909 on June 07, 2009, 11:54:16 pm
If you PROPERLY set things up, your core stays up.

*hmm*

why do you guys fight this?

Just set it up like we tell you to, and stuff works, and it works well.

"nooo, i'm a control freak, and I want to control __EEEVERYTHING___"

Fine, augment Smoothwall onto your lmce core after you set it up. But let the core be the center of the network. The system works better for it, and you'll have access to all the features.

-Thom
Title: Re: Access file server on external network
Post by: colinjones on June 07, 2009, 11:59:13 pm
To emphasise one of Thom's points - the core is designed to be left on permanently. If you intend to be turning it on and off as needed, then you are setting yourself up for failure as you will need to reengineer the system. Work with the idea that the core stays on, and you will have no issue.
Title: Re: Access file server on external network
Post by: itspac on June 10, 2009, 01:37:17 pm
I listen to what you guys say..   all i can say is that if i use my free will and setup things outside  of the recommended way... i don't ask you for help with it if/when i have problems...

Title: Re: Access file server on external network
Post by: totallymaxed on June 10, 2009, 01:51:08 pm
I listen to what you guys say..   all i can say is that if i use my free will and setup things outside  of the recommended way... i don't ask you for help with it if/when i have problems...



Sounds a fair position to me ;-)

Andrew
Title: Re: Access file server on external network
Post by: Marie.O on June 10, 2009, 09:07:07 pm
itspac,

I use a file server on the external network of my lmce box. I just have to add the file server address and MAC usinf the web admin. Then I reload router and let lmce do the rest

I listen to what you guys say..   all i can say is that if i use my free will and setup things outside  of the recommended way... i don't ask you for help with it if/when i have problems...

That's fine with me. The only thing I do not understand is, you are saying you plugged in the MAC address and IP address of your outside NAS system. And you do not have a problem. That seems strange, as each time I added the mac address AND ip address, it would screw DHCP after I added a new MD. Could you post your /etc/dhcpd.conf file maybe together with mac address of your external NAS? I'd like to take a look at the details.

Thanks
Title: Re: Access file server on external network
Post by: itspac on June 17, 2009, 12:38:59 am
itspac,

I use a file server on the external network of my lmce box. I just have to add the file server address and MAC usinf the web admin. Then I reload router and let lmce do the rest

I listen to what you guys say..   all i can say is that if i use my free will and setup things outside  of the recommended way... i don't ask you for help with it if/when i have problems...

That's fine with me. The only thing I do not understand is, you are saying you plugged in the MAC address and IP address of your outside NAS system. And you do not have a problem. That seems strange, as each time I added the mac address AND ip address, it would screw DHCP after I added a new MD. Could you post your /etc/dhcpd.conf file maybe together with mac address of your external NAS? I'd like to take a look at the details.

Thanks

I can do that.. problem is...  Im in the process of moving. I wont get everything and connected until beginning of July..
Title: Re: Access file server on external network
Post by: NikAmi on June 24, 2009, 10:52:42 am
No...you don't have to place your PC inside the LinuxMCE network and I most definitely wouldn't. I don't claim to know what I'm talking about all that well, but in my mind what you need to do is establish a static route for the information to go through. To do this, your outside and inside networks should ideally be on separate subnets and address spaces. For examples sake, lets make the external network use IPs in the 192.168.1.X range and be on the 255.255.255.0 subnet and lets mate the LinuxMCE internal network be on he 192.168.0.X address space and be on the 255.255.249.0 address space. Here's where it gets tricky and I have had problems in the past between various distros/devices/OS. You need to set up a static route that directs all traffic headed to ("destination") 192.168.1.0 through the external interface ("gateway") Try one of the three options:
Make sure to set the subnet (or netmask) to 255.255.255.0 and select the correct interface. This tip comes from my experience with Linux in general and not just LinuxMCE although it should be equally applicable.

If there is no GUI to do this, try entering the following (adjust the address/device for your setup) into a console:

ip route add to 192.168.1.0 dev eth0 (might be 192.168.1.0/24)

Keep in mind that the preceding command will be erased when the system is rebooted. To make this permanent, you must edit the /etc/network/interfaces file and add:

post-up ip route add to 192.168.1.0 dev eth0 (might be 192.168.1.0/24)

Edit: Upon further research into the topic, it appears you may keep the subnet masks the same without any problems and it may be beneficial to do so as there are some weird calculations performed in binary to determine certain address information. Experiment with it and see what works.
Title: Re: Access file server on external network
Post by: colinjones on June 24, 2009, 03:06:21 pm
NikAmi - you need to do MUCH more research before commenting on this. There are hundred's of people on these forums that know, in depth, about routing. Don't assume ignorance on such a simple topic. There are many other reasons for this that you need to understand first.

Simple point: if you want a LMCE network that is supported and you can get help for, your core must have 2 NICs, connected to your external home network and your new internal LMCE network. Of course they must be different subnets, that's a given. The external can be anything you want, the internal needs to be 192.168.80.0/24. And you should move all your equipment into the internal network for simplicity, whether or not you think you want it to interact with LMCE at this point. Effectively making your "external network" a simple cat5 cable from your core to your broadband router.

Start your research here - http://wiki.linuxmce.org/index.php/Network_Setup but carry on reading into the FAQs, hardware requirements, and basic concepts of LMCE. There is much to understand such as playing with LMCE's routing is both unnecessary and highly inadvisable, never attempting manual mounts/symlinks for media, etc, etc... but most fundamentally, don't start redesigning/re-engineering a highly complex system until you understand it very well. Implement it as designed, and let it do its thing, don't second guess it or you will fall into a trap that many have where you end up fighting for control with it, without all the facts. In that fight you will loose and break your system in the process! Once you have a working system .... THEN start tinkering...
Title: Re: Access file server on external network
Post by: Dale_K on June 24, 2009, 04:57:47 pm
If you PROPERLY set things up, your core stays up.

*hmm*

why do you guys fight this?

Just set it up like we tell you to, and stuff works, and it works well.

"nooo, i'm a control freak, and I want to control __EEEVERYTHING___"

Fine, augment Smoothwall onto your lmce core after you set it up. But let the core be the center of the network. The system works better for it, and you'll have access to all the features.

-Thom


Thom, I respect you immensely for both your knowledge and effort in this project.  However, this post is as realistic as the LinuxMCE video touting the ease and functionality of LinuxMCE installation.

Please consider that these forums are absolutely riddled with posts demonstrating that the core WILL go down.  I can't say this strenuously enough, if you build a LinuxMCE core and you plan to expand it's capabilities, IT WILL GO DOWN.  I could point to many posts that demonstrate people having to reinstall because everything got screwed while they were trying to make their TV, STB, Phone, whatever work (it has happened to me on more than one occasion). 

Imagine a scenario where a regular guy like me is working on his LinuxMCE installation at 11PM (as I usually do) and for whatever reason, hardware failure, my own ignorance of LinuxMCE, etc. my core now boots to an SQL database error.  It's now about 1AM and I have to get up for work in 5 hours so I can't reinstall or attempt to research this error.  Now, I have to go to work in the morning and I won't be home until about 6PM and a repair/reinstall will take at least 2 hours.  So, in the recommended configuration this scenario creates these problems:  My wife and son will have no internet that day, my Web/FTP server is down AND my TV doesn't work.  In the above configuration the Core has no affect on my computers whatsoever and a happy wife = a happy life.

I agree that the intention is to have the core control everything, it's simply not realistic in most people's situation.  For you it probably is, but please remember that your knowledge makes short work of minor problems that for most of us with little LinuxMCE knowledge are catastrophic.

The other issue I have with your reply and the many others wherein you say the same thing is that the impression is that your LinuxMCE won't work correctly in this configuration.   That is simply untrue.  The core doesn't give two shits about what's on the other side of the external NIC as long as the internet is there.  To the core, the above setup is exactly the same as the recommended setup.  I guarantee you can not point out a LinuxMCE feature that does not work because of this configuration.  The only difference is that the network devices on that external network are 'external' to the LinuxMCE network and special configuration has to occur if you want interactions between the two (it's really not even that 'special' just standard routing/firewall stuff).  But special configuration to make stuff work is a staple of LinuxMCE so there's not much difference there.

I do apologize if there is an aggressive tone to this post but it's a passionate response to what seems like you always having a "you're an idiot" tone to the posts you make on this topic.  It really is insulting to us that prefer this setup for stability and reliability of our home networks.
Title: Re: Access file server on external network
Post by: tschak909 on June 24, 2009, 05:35:48 pm
NikAmi. Why wouldn't you? this system is designed to handle every single machine inside a house, and it works better this way. It drives me crazy when I see people with over-complicated network setups simply because they feel this need to segment off LinuxMCE from the rest of the system, and thus miss out on all the features.

-Thom
Title: Re: Access file server on external network
Post by: NikAmi on June 25, 2009, 12:14:35 am
Thom-

I don't know about most people, but I would be a little wary of making a machine my Internet gateway when it has control over my home's lighting, phones, and security. If anything, I would want to either lock that off from the Internet completely or only allow certain devices to communicate with it at all. Not to mention that in my house, and possibly in many others, I have an existing network that splits WAN, LAN, and WLAN traffic to form a captive portal for all WLAN users and disallows communication between WLAN users and the LAN unless specifically granted. I am sure that this is all possible in LMCE, but if this system has been in place for years and has worked flawlessly, why take it down? I will admit, if I only had one or two computers (or for that matter one network), it would make the most sense to just use the Core as the router.

Also, from what I am hearing, going from one release to another can cause problems which could potentially render the Core useless. I don't know about most users, but I would certainly want to update my Core whenever you guys come out with updates, patches, and new features. Any of these updates could, potentially, cripple the Core whereas my router hasn't needed an update since I installed it 2 years ago (granted the software is old and I am contemplating installing the newer version when I get home). I definitely see the merit in including the router in the software and using it for your entire network, but many of us have our reasons for wanting to separate the two.

Even though I only installed LMCE once just to muck around with it after 710 had been released I really appreciate the work that you and all the other devs are putting into the project and the enormity of it.
Title: Re: Access file server on external network
Post by: merkur2k on June 25, 2009, 03:15:32 am
Why dont you actually install and use the system before making coments like this?
To hit some of your points;
LinuxMCE includes a firewall. The *exact* same firewall code found in many consumer grade hardware routers.
but
nothing is stopping you from puting another firewall in front of it if it makes you feel any better.
of course you just add another piece of hardware that must be configured, maintained, and adds a point of failure. all for redundancy of features that the system already does.
A captive portal wifi system is great for an untrusted environment such as a coffee house. Do you really have that much riffraff on your private wifi network that you feel the need to segregate it?
If you are worried about breaking the system during an upgrade, isn't that what backups are for? Commercial entities dont just slap a new cd into a server and hope for the best, they use parallel hardware to do a test first or use other methods of ensuring success and having a fallback in case it doesnt work. This could be as simple as swapping out a hard drive for a home user and dealing with a couple hours of downtime. Or use the method you seem to be pushing for your needlessly overcomplicated network; "if it aint broken, dont fix it" (ie dont upgrade unless you need to).
What I see here is a needlessly overcomplicated network that you made up at one point for geek points with friends or something, and now pride keeps you from wanting to change it or something, i dunno. Its not a logical argument in any case. LinuxMCE is designed with the requirements it has for a reason, it needs to be setup in a specific way to deliver the features it promises. This is not optional, you cant just make up these requirements yourself and hope it will work just because thats the way you want it or god forbid you would actually have to change something.
Title: Re: Access file server on external network
Post by: wierdbeard65 on June 25, 2009, 10:59:09 am
I agree with merkur2k, but will be doing what NikAmi suggests, at least at first. In my case, different reasons.

Its all politics and WAF. The fact is, I have an ADSL router. I have a WiFi AP. I have switches. Thse are points of failure whichever "side" of MCE they sit. I work out of the country. My family's internet simply has to work. All the time. No excuses.

I used to have a linux-based firewall/router/busybox configured very much as MCE is intended to work. I was nearly hung, drawn and quartered by the family whjen it went wrong. In the year it was "up" failures were all beyond my control. One day a guy came round to change the electricity meter. The resulting corruption to the HDD because the power was simply "switched off" took me several ours to fix when I got home. Very unhappy wife  >:( Then there as the time my youngest son found the server and switched it off. That's just two occasions. (Did I mention the occasional crash?)

I accept that having the family machines "outside" excludes them from MCE. I accept that it isn't optimal. I accept that you guys will throw your arms up in the air in horror.

My plan is to start like this. One MCE core and one MD. Everything else "outside". Add a few more MDs and an "inside" WAP. Next comes wifi orbiters.

Once family are happy / I am confident, other machines MIGHT be moved over if the benefits are there to be seen. (If course a UPS will need to be purchased first!)

Guys, the ideal way is just that - but we don't live in an ideal world. If my MCE box shuts down the internet just ONCE, for ANY reason, then the project will be perminantly terminated by the rest of the family. Routers / switches etc can be power-cycled and they just start working again. Server's can't cope with that.

NikAmi - WHAT??? I have to agree with merkur2k completely here. Are you paranoid or just after geek points? Do you live in an area where people regularly try to hack in through your wifi to get at your LAN network? Is what you have there that valuable? I reckon, if so, it would be easier to move to a less inhospitable area!  ;D
Title: Re: Access file server on external network
Post by: colinjones on June 25, 2009, 12:49:12 pm
Why dont you actually install and use the system before making coments like this?
To hit some of your points;
LinuxMCE includes a firewall. The *exact* same firewall code found in many consumer grade hardware routers.
but
nothing is stopping you from puting another firewall in front of it if it makes you feel any better.
of course you just add another piece of hardware that must be configured, maintained, and adds a point of failure. all for redundancy of features that the system already does.
A captive portal wifi system is great for an untrusted environment such as a coffee house. Do you really have that much riffraff on your private wifi network that you feel the need to segregate it?
If you are worried about breaking the system during an upgrade, isn't that what backups are for? Commercial entities dont just slap a new cd into a server and hope for the best, they use parallel hardware to do a test first or use other methods of ensuring success and having a fallback in case it doesnt work. This could be as simple as swapping out a hard drive for a home user and dealing with a couple hours of downtime. Or use the method you seem to be pushing for your needlessly overcomplicated network; "if it aint broken, dont fix it" (ie dont upgrade unless you need to).
What I see here is a needlessly overcomplicated network that you made up at one point for geek points with friends or something, and now pride keeps you from wanting to change it or something, i dunno. Its not a logical argument in any case. LinuxMCE is designed with the requirements it has for a reason, it needs to be setup in a specific way to deliver the features it promises. This is not optional, you cant just make up these requirements yourself and hope it will work just because thats the way you want it or god forbid you would actually have to change something.

Merkur2k - whilst I agree with your points.... I would like to ask the tone be scaled back a little :) we are in agreement, yet lets be less pointed in the expression! NikAmi just dropped in.... s/he clearly has significant technical background, and is attempting to apply it here. There are many areas that stand out in our environment that can only be absorbed with exposure. But I did particularly connect with the "*exact*" bit ;)
Title: Re: Access file server on external network
Post by: NikAmi on June 25, 2009, 11:26:54 pm
The reason I set up the network this way is because my parents and siblings regularly have people over that bring their own devices (PDAs, iPhones, laptops, etc.) that need to use our internet connection and in the past, I have found people sitting on our network who weren't authorized. This little system allows me to authorize our home laptops and smartphones to use the encrypted AP while allowing my siblings and parents to authorize guests to use the system over the unencrypted AP. A small webpage pops up when someone not recognized connects to the open access points and requires that someone in the family type in a password that grants the user access to the network for a certain amount of time.
Title: Re: Access file server on external network
Post by: wierdbeard65 on June 26, 2009, 12:05:33 am
I'm sorry, but where on earth do you live that this such a huge problem?

Just to repeat what you said, you have people who, by definition, you know and trust well enough to invite into your home, yet you are worried that once they leave they might come back within range of your AP and steal some bandwidth?

You said you found people sitting on the network who were not authorized. What problem were they causing? Hacking your bank details from your secure servers? Maybe you were worried that your best mate was accessing your online "little black book" and stealing all your best leads for a Saturday night? Ok, perhaps that last comment was a bit cheap, but PLEASE.

The simple fact is, if you put a BIG lock on a door, then thieves will wonder what you're protecting and will be all the more interested in breaking in.

In any case, there is no reason why both of your AP types couldn't be on the "inside" in this situation. Once you have access (because you belong or because you are an authorized guest (do you frisk them on the way in and out, by the way :) )) the why do you need to segregate the traffic? Or do people sit in your kitchen on their iPhones trying to hack your music collection?

You clearly have some knowledge of network security, but a little knowledge can be a dangerous thing. Don't even get me started on password security (I teach this stuff to VoIP engineers for a living, BTW, so I know what I'm talking about here).

Let us get this straight and recap, you want to re-engineer MCE to ensure that visitors, who you trust enough to invite into your home, cannot access the network from "inside", yet you think you might need to tear down the security built into MCE to allow access from "outside". Is that correct?
Title: Re: Access file server on external network
Post by: itspac on June 26, 2009, 01:50:14 pm
hey guys,, this post turned from a simple type "can i do this" to a philosophical discussion on networks. 

The basic answer was, yes you can put a file share on an external network, but its not the recommended way to do things.

If you must know i put the file server on the external and i have linuxmce on a different segment thsn the rest of my network is because i only have a 810 alpha box which i'm still experimenting with hardware seeing what i cant change and if i screw it up i can reinstall it and not have problems with other computers and devices not being on the network.