[Imc-tech] Yay Router!

[Zachary C.Miller]

Nearly 11 hours later...

I came, I saw, I recompiled.

There is now a working debian masquerade router with DHCP server in
the wiring closet all hooked up properly and running!

Now you can plug in a computer to ANY of the B jacks on jacks 1-12 and
get on the net. If the computer you plug in supports DHCP then it will
"just work".

Sergei is a Special Case

For some reason Sergei's ethernet card is not compatible with our
hub. When Sergei is plugged into our hub the entire hub ceases to work
even if Sergei is off. This took me a while to figure out.

This could be a sign that we really ought to get a newer hub. 

So Sergei (Jack 7B) is still plugged directly into the DSL router and
gets its DHCP info from it. This has a couple of consequences:

1) Sergei is not behind the firewall and is as open to attack as it
has always been while other machines are now a bit more safe behind
the firewall.

2) Until/unless we reconfigure the DSL router's DHCP server it is
possible that the DSL router will assign Sergei the same IP address
that the linux box is using because the linux box isn't using DHCP to
get its IP address because we specifically want to make sure the linux
box has a static IP address. We can remove the linux box's IP address
from the set of IPs that the DSL router hands out to prevent this but
I am too tired to figure out how at the moment. 

So if at some point you boot Sergei and the whole net ceases to
work...try rebooting Sergei again (so it gets a different IP
address). The IP address of the linux box is 64.5.74.245. That is the
one that Sergei should not get.

Managing The Hub

I tried connecting a dumb terminal to the hub to I could play with its
management features but I found out that it has a password set. Paul
do you know the password? Would the person you bought the hub from
know the password? Kinda sucks if we can't config the hub but it isn't
the end of the world.

Root Password for the Router

The Linux box's root password is known only by me at the moment. If
you feel you have a need for it let me know. 

The linux box can be remotely accessed via SSH at indie-245.soltec.net.

Connecting a Computer Without DHCP

If you want to connect a computer that does not support DHCP then you
can use these network numbers (these are the numbers for our internal
LAN which is behind the linux router):

IP address: 192.168.1.16 - 192.168.1.127
Subnet Mask: 192.168.1.255
Network: 192.168.1.0
Gateway: 192.168.1.1
DNS Server: 192.168.1.1

IP Allocation Scheme

My IP allocation scheme is that all IP's from 192.168.1.1-192.168.1.15
are reserved for our use for servers and such. All IPs from
192-168.1.16-192.168.1.127 are for static allocation to people without
DHCP. All IPs from 192.168.1.128-192.168.1.254 are handed out by the
DHCP server on the linux box.

Other Things Done

While I waited many tedious hours for the kernel to build on this
machine (on my machine at home it takes 5 minutes to build a
kernel. on this one it takes about 2 hours and due to mistakes I had
to build the kernel 3 times!) I did a number of random chores:

I cleaned up the wiring closet, vacuumed it, and organized some of the
wiring. 

I attached all the wall boxes to the wall in the back room using
screws and adhesive and I also secured the cables with tacks.

I feel like there is some other stuff but I can't think of what it is.

The Hardware

The linux box is a Compaq Deskpro XL 560 with 14MB RAM and 256MB
harddrive (I had to get _real_ creative to squeeze everything onto
that harddrive). It has a SCSI interface but its system drive is
IDE. It has a "lance" ethernet board on the motherboard and a
"ne2k-pci" ethernet board in a PCI slot. It has a monitor but once we
feel the machine is working well we can take the monitor away for use
with a different machine and just plug a monitor in when we need to do
diagnostics.

When you boot the machine you can enter "diag" at the LILO prompt to
enter the BIOS setup program which physically resides as a bootable
partition on /dev/hda3...this is a silly compaq-ism. 

The Software

This is a very minimal linux install. There are some security updates
that I ought to run but I don't feel like it now. I can do this
remotely...in the mean time there aren't really any fears of security
compromise because all the ports are wrappered to block everyone
except ssh and snmp and there are no other interesting daemons
runnings.

I'm just ranting now. I'm sleepy. Goodnight.

Someday I'll teach everyone how to deal with Debian and how this
machine works but for now I'm taking a good long break since
everything "just works" and I've spent a _lot_ more than my prescribed
share of time here tonight...but it was fun and satisfying.

I'm such a volunteerism junkie. 

-- 
Zachary C. Miller - @= - http://wolfgang.groogroo.com/
IMSA 1995 - UIUC 2000 - Just Another Leftist Muppet - Ya Basta!
 Social Justice, Community, Nonviolence, Decentralization, Feminism,
 Sustainability, Responsibility, Diversity, Democracy, Ecology