Author Topic: LinuxMCE network configuration?  (Read 1388 times)

sincityharley

  • Regular Poster
  • **
  • Posts: 22
    • View Profile
LinuxMCE network configuration?
« on: October 22, 2008, 08:00:43 am »
I currently have my first nic on my LMCE box plugged directly into my DSL modem as per the network instructions that I was reading on how to set this up. My first question is, isn't this an unsafe practice? I was under the impression that you should always have a router or some sort of firewall directly after the modem. .

My other question is, my second nic is plugged into the internet port on the back of my netgear router and the rest of the computers on my network are plugged into the ports 1 and 2. So my question is, is this correct or should the second nic on my LMCE be plugged into port 3?

sincityharley

  • Regular Poster
  • **
  • Posts: 22
    • View Profile
Re: LinuxMCE network configuration?
« Reply #1 on: October 22, 2008, 08:31:38 am »
Another thing I just noticed is my netowrk settings.

EXTERNAL_IFACE     eth0
EXTERNAL_MAC    00:13:D3:C8:DF:31
XTERNAL_IP    192.168.2.3EXTERNAL_NETMASK    255.255.255.0
XTERNAL_DHCP    1
INTERNAL_IFACE    eth1
INTERNAL_MAC    00:13:D3:C8:DF:32
INTERNAL_IP    192.168.80.1
INTERNAL_NETMASK    255.255.255.0
GATEWAY    192.168.2.1
DNS1    192.168.2.1
DNS2    192.168.2.1

If I am plugged directly into my DSL modem why am I pulling a 192.168.2.3 for my external IP? If I am attached to my modem directly with no router, shouldn't that show a public address. Speaking of which how do I go about finding out what my public address is?

Domodude

  • Guest
Re: LinuxMCE network configuration?
« Reply #2 on: October 22, 2008, 10:19:56 am »
Hi,
My first question is, isn't this an unsafe practice? I was under the impression that you should always have a router or some sort of firewall directly after the modem. .
This is safe, since LinuxMCE includes a firewall.

My other question is, my second nic is plugged into the internet port on the back of my netgear router and the rest of the computers on my network are plugged into the ports 1 and 2. So my question is, is this correct or should the second nic on my LMCE be plugged into port 3?
I cannot really visualize how your setup is, but basically it should be like this:
DSL-modem --->  LinuxMCE eth0            (this would be firewalled)
LinuxMCE eth1 ----> Some switch --------> All your other stuff.
Your other stuff will get IP addresses in the 192.168.80.x range.

HTH,
Mark

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: LinuxMCE network configuration?
« Reply #3 on: October 22, 2008, 01:41:49 pm »
I currently have my first nic on my LMCE box plugged directly into my DSL modem as per the network instructions that I was reading on how to set this up. My first question is, isn't this an unsafe practice? I was under the impression that you should always have a router or some sort of firewall directly after the modem. .


No, routers have no part to play in network security. Whoever told you that was mistaken. Firewalls and private subnets have a part to play, neither of which are the exclusive domain of routers. Most DSL "modems" are actually routers anyway.

hari

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 2421
    • View Profile
    • ago control
Re: LinuxMCE network configuration?
« Reply #4 on: October 22, 2008, 02:05:32 pm »
No, routers have no part to play in network security.

I understand what you are trying to tell, but from a network perspective the separation of broadcast domains can benefit security in some cases.

best regards,
Hari
rock your home - http://www.agocontrol.com home automation

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: LinuxMCE network configuration?
« Reply #5 on: October 22, 2008, 02:14:05 pm »
Hari - I think to stay within the context - from a passive DoS situation that separation could be important as you point out, but you don't need a router for that (my point was that they can do these things but the are not the "exclusive domain" of routers). I think it seems clear he was angling at private subnets rather than broadcast domains for eth/ip (which have no relevance to routed traffic except for DoS or DDoS, as I'm sure you'll agree)

hari

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 2421
    • View Profile
    • ago control
Re: LinuxMCE network configuration?
« Reply #6 on: October 22, 2008, 08:09:41 pm »
(which have no relevance to routed traffic except for DoS or DDoS, as I'm sure you'll agree)
Hehe, I'm aware that my note was out of context :-) But I had to correct that sentence.

Btw, with a bit of arp spoofing you would be amazed how fast this could also affect your routed traffic :-)

best regards,
Hari
rock your home - http://www.agocontrol.com home automation

jimmejames

  • Guru
  • ****
  • Posts: 183
    • View Profile
Re: LinuxMCE network configuration?
« Reply #7 on: October 22, 2008, 08:48:28 pm »
Another thing I just noticed is my netowrk settings.

EXTERNAL_IFACE     eth0
EXTERNAL_MAC    00:13:D3:C8:DF:31
XTERNAL_IP    192.168.2.3EXTERNAL_NETMASK    255.255.255.0
XTERNAL_DHCP    1
INTERNAL_IFACE    eth1
INTERNAL_MAC    00:13:D3:C8:DF:32
INTERNAL_IP    192.168.80.1
INTERNAL_NETMASK    255.255.255.0
GATEWAY    192.168.2.1
DNS1    192.168.2.1
DNS2    192.168.2.1

If I am plugged directly into my DSL modem why am I pulling a 192.168.2.3 for my external IP? If I am attached to my modem directly with no router, shouldn't that show a public address. Speaking of which how do I go about finding out what my public address is?

That 192.168.2.3 ip is probably of the same format you've always been receiving from your DSL modem and just didn't notice, by default LMCE use the 192.168.80.x addresses for the internal network.

To find the IP from your ISP, I use:  http://whatsmyip.org/

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: LinuxMCE network configuration?
« Reply #8 on: October 22, 2008, 10:54:04 pm »
(which have no relevance to routed traffic except for DoS or DDoS, as I'm sure you'll agree)
Hehe, I'm aware that my note was out of context :-) But I had to correct that sentence.

Btw, with a bit of arp spoofing you would be amazed how fast this could also affect your routed traffic :-)

best regards,
Hari

agreed, and I'm more than happy to go off on tangents (esp in threads that are getting spiteful otherwise :) )