Messages

What you have described is the standard network setup.... but you still haven't explained what you want to do, that you think you can't do with this setup. But whatever it is, you can already do it, either with the firewall turned on or off.

Are you wanting to use the dd-wrt as your Gateway Device(Firewall) or on the Internal network?

Either way .... before any more angst is caused, explain what it is you feel you can't achieve with the standard topology.... be specific! You can either route directly through the core with the firewall turned off, or you can NAT through it with the firewall turned on.... all perfectly possible. None of this effects whether you can use dd-wrt or not, that is your choice, but retain this network topology!

DD-WRT will be used with the router the comes in before linuxmce. The standard topology works fine I am not trying to re-route anything around my core, it works perfect and I want to keep it that way. I just want some better management with QoS that isn't limited to just a console. And as I have multiple consoles I am looking for UPnP support. I know linux has modules for this but I just want what I know works.

I have been using the standard setup for quite some time, but my lack in understanding iptables every command causes some inequalities. I enjoy using the dd-wrt firmware as it provides every in and out an average networking guru would want. Linuxmce provides the port forwarding gui but I have just been venturing for more.

I know Thom you answer way too many networking questions and the standard reply to all of them is to stick with standard. Some people like more, some like less, some like to stay in the middle and some just like to make a mess out everything. Well, I have been in the middle for a while and am just looking for more functionality on the networking side.

Ok here is where we are, the last topic that got started went off into a tangent in a completely different sector of networking discussion.

Original Thread:
http://forum.linuxmce.org/index.php?topic=7743.0

This is a quote from Oatz (Hope you don't mind Oatz) in wanting to setup linuxmce as a routing device (still using both NIC ports!) and having a router before acting as a gateway.

So I have an issue with LinuxMCE and my network design and here is my "so-far" working solution.
Perhaps someone could let me know if I have broken anything I don't know about, let me know how nutty I am, etc.
First off, I'm a DD-WRT junkie. I love this tight little linux package on my routers and the way it turns all the iptables, OpenVPN, QOS, etc. linux complexity (and goodness!!!) into a easy to use web GUI.

At first I installed LinuxMCE 710 and turned my DDWRT router into a stupid switch, letting LinuxMCE handle all the dhcpd, DNS, gateway, etc. But I'm seriously missing a ton of things that were configured in my DDWRT router:
- QOS
- WAN thoughput and statistics (in colorful little pngs!)
- OpenVPN
- Much more

Now sure you can do ALL of this stuff in Kubuntu + a degree in Linux networking. But DDWRT gives me all this without said degree and leaves my Linux brain to worry about other more interesting things, like media scripts and flickr photos syncing Wink

Sure the ideal solution for me would be to have the DD-WRT super awesome WebGUI merged with LinuxMCE (*cough*), but until that great day.....

I decided enough was enough, the simple port forwarding thingy in the LinuxMCE admin tool was not going to cut it as my DDWRT replacement. So here it goes:

Project LinuxMCE as DHCPD (192.168.80.1) and DDWRT Router (Netgear 834Bv2 192.168.80.150) as DNS, GATEWAY + all the other DDWRT goodies! YAY!

1) sudo su

2) Edited 1 line in /etc/resolv.conf to add my DDWRT router as DNS resolver
Code:

nameserver 192.168.80.150


3) Edited /etc/network/interfaces and added the gateway (FYI eth1 now is disconnected, would like to remove this interface completely!)
Code:

auto lo
        iface lo inet loopback

auto eth1
iface eth1 inet dhcp
auto eth0
iface eth0 inet static
        address 192.168.80.1
        netmask 255.255.255.0
        gateway 192.168.80.150


4) Edited /etc/dhcp3/dhcpd.conf and changed the routers line
Code:

option routers 192.168.80.150;


5) Restarted the involved daemons:
/etc/init.d/./networking restart
/etc/init.d/./dhcp3-server restart
/etc/init.d/./dhcdbd restart

Now I have my cake and I'm eating it. Perhaps this cake is not as good as I think it is, perhaps this cake smells funny? But so far ignorance is bliss.

The big question here is: Does LinuxMCE really need to serve any core network role beyond a DHCP server?

Ok so you read it? Good.

What I was wanting to do was disable linuxmce's firewall and enable the firewall on the gateway device. Before the other thread unfortunately and inevitably got locked Colinjones was telling me by turning off linuxmce's firewall it will disable QoS for VoIP, which I don't plan on using, and NAT'ing to the internal network.

Network Setup:
ISP ----->Gateway Device(Firewall)----->LinuxMCE(No firewall)----->Switch----->Internal Clients

So I did some reading and found an article regarding NAT'ing between two different subnets. I will be using a DDWRT equipped router to perform these functions as it is the only way to do Advanced Routing in the cheapest manner. Advanced routing on the DDWRT firmware basically forwards all the outside requests to the inside designated subnet.

The article I found regarding this is here:
http://www.dd-wrt.com/forum/viewtopic.php?t=46262&highlight=&sid=02f79e5068c5331dd996995e1cd414c8

Now, I was just wanting to know if this would work as laid out?

One of the functions that DHCP performs is detecting new devices, particularly as you turn Orbiters on and off. Another, and critical one, is enabling MD functionality. Without DHCP, no MDs. full stop. If you are not using HA or multiple MDs, then I suspect that LinuxMCE is not the product for you. Try MythTV, VDR or XBMC....

Shaz - you haven't said anything at all about why you want to turn off the firewall. Quite simply, Why?? If you want to use another firewall, then do so! Why do you feel this implies you need to turn off the one in LinuxMCE? Are you afraid of being too safe?! Just leave it on, as it too performs other functions in LinuxMCE.

You are talking about turning off the firewall and DHCP, loosing Orbiter, MDs, pnp, QoS, having to manually edit DHCP at various intervals, etc, but I don't see any reason for doing any of this. Just leave both on. If you want also to use your own firewall, then do so. But don't make this any more complicated than you need to.

No, if I were to turn one of my routers into a gateway/dns and leave linuxmce to dhcp I would turn the firewall off on linuxmce and let the routers firewall be enabled. I will still have a firewall up, just one. What Oatz was talking about was the easy use of the dd-wrt interface and I also enjoy using its interface to handle my network. I don't want to turn off the dhcp service on linuxmce, that would just make things way to overly complicated and is not my intentions.

Ya that was my intentions to use my Gateways firewall. I really don't have any new devices being added as they are all registered. I will still keep linuxmce the IP distribution box though to keep its functionality.

So would it work to do as Oatz said in his first post and disable linuxmce's firewall and use the gateway before its firewall? And also having to re-edit the dhcpd.conf on reboots.