VectorLinux
September 20, 2014, 03:41:18 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: First steps in networking  (Read 1453 times)
Freston
Vectorite
***
Posts: 165


« on: December 31, 2007, 06:45:14 am »

I think I'm needing a little help getting started in networking. I know having computers work together is what Linux is designed for. It shouldn't be hard at all. I've found a lot of very comprehensible information out there to help people like me. There's just one thing. It's not really giving me the picture I need to understand what is going on inside this machine o' mine. And therefor I can't get it to work Sad


The hardware:
One new lappy with ethernet cable
One old lappy gone wireless
One cable modem
One wired/wireless router
One network capable external drive (wired ethernet connection)

My intend:
To hook them up, so I can ssh from one machine in the other and vice versa. I also want to be able to access my external drive through the router. And do this securely, so that no one else can access my files.



Now, I can ping my router from both machines. I can access Internet from both machines. But I can't see one machine from the other. I've got the ssh deamons running, I've build authentication keys and copied them to both machines. Ehm. But I can't even seem to ping one machine from the other.

Reading up on these things, I felt I wandered into a maze. I lost track of where I'd already been, switched strategies (ssh, shared folders, ftp) and to top it all, I broke internet access on both machines. Of course I didn't let this compromise my main install, but my test installs are broken atm. One of the mistakes I made was to skip steps that later on seemed necessary. For example, I can't seem to log in to my router.

This let me to the following idea. I'll make a fresh default install of 5.9 on both machines. I'll add or enable the necessary services and applications.





Now I'll probably am overlooking very obvious information or sources. But if someone can put me on the right track, I'll be very grateful Cheesy
Logged
nightflier
Administrator
Vectorian
*****
Posts: 4023



« Reply #1 on: December 31, 2007, 07:14:46 am »

First of all: Wireless security. Do you use WPA encryption?
Logged
bigpaws
Vectorian
****
Posts: 1850


« Reply #2 on: December 31, 2007, 07:47:42 am »

The first step is to get ping working for
every machine.

After that the rest is a little smoother.

There may be firewall involved stopping pings.

Windows machines must belong to the same network
group. win98 can get a little tricky.

Bigpaws
Logged
saulgoode
Vectorite
***
Posts: 340



« Reply #3 on: December 31, 2007, 08:41:37 am »

Are you using DHCP to assign your IP addresses or are they specified in '/etc/hosts'?

When you are pinging, are you using IP addresses (e.g., "ping 192.168.0.2") or named hosts (i.e., "ping machinename")?

What are the contents of '/etc/resolv.conf'?

What is the output of 'route -n'?
Logged

A complex system that works is invariably found to have evolved from a simple system that works.
Freston
Vectorite
***
Posts: 165


« Reply #4 on: December 31, 2007, 10:30:26 am »

Quote from: nightflier
First of all: Wireless security. Do you use WPA encryption?
Ehm... Good point. I had some trouble loggin in to my router. Don't know why. Hard reset of everything with a plug did the trick.

I keep breaking my wireless connection though, by enabling encryption. It looks real easy, enter a key here, enter the same key there, press apply and *poef* gone is the connection. Can't get it back. Even the lights of my wireless card go out. Delete connection, disable encryption, create connection and I'm back online.

I have a good mind to safe encryption for later.


Quote from: Bigpaws
The first step is to get ping working for
every machine.

After that the rest is a little smoother.

There may be firewall involved stopping pings.

Windows machines must belong to the same network
group. win98 can get a little tricky.
Luckily there are no Windows machines in my little network. That said, pinging around was proving difficult enough.

Still, now that I have access to my router all of a sudden, several pieces start to fall into place. I can ping and nmap both my router and my other computer. Which is good.

Quote from: saulgoode
Are you using DHCP to assign your IP addresses or are they specified in '/etc/hosts'?
DHCP

Quote from: saulgoode
When you are pinging, are you using IP addresses (e.g., "ping 192.168.0.2") or named hosts (i.e., "ping machinename")?
Well, curious I tried both. But only the IP pings gave output. I assume that in order to look up machines by name, you need some sort of DNS registration.

Quote from: saulgoode
What are the contents of '/etc/resolv.conf'?
Code:
cat /etc/resolv.conf
# Generated by dhcpcd for interface eth0
nameserver 192.168.1.254
nameserver=router
Hm...ah! I can add a DDNS in my router so that I have a domain. I need to register of course. It gives me two choices, DynDNS and TZO. I'll have to look into that. Would I need it to access my stuff from other locations?

Quote from: saulgoode
What is the output of 'route -n'?
Code:
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0




Oh, I've also found my external drive. I can ping and nmap it. But alas I can't get access.... yet.

---

Ok. So now I've found my devices after I resetted router/modem/computers I can try to access one from the other?? It sure looks easy enough!Cheesy

Next stop: Security
Logged
Freston
Vectorite
***
Posts: 165


« Reply #5 on: December 31, 2007, 11:11:09 am »

Hmmm... SSH is actually working pretty good Cheesy Wow. Turns out, because I couldn't access my router I couldn't find out the IP addresses of the devices I have, and I assumed that I needed the external IP. Now that my router is resetted, I can see my internal IP's as well as my external ones.

Now about security. Would you consider this a good resource?? It tells me my machine is in super stealth mode, the best achievable result. But seeing that that isn't really my doing, and that I'm able to ping and nmap both internal and external IP's... I don't think I'm all that stealthed. I can't ssh into my machine using the external IP. But then, both my machines have got the same external IP assigned to them. So the external IP isn't pointing to a specific device... I guess it's a router broadcast of some sort.
Logged
bigpaws
Vectorian
****
Posts: 1850


« Reply #6 on: December 31, 2007, 11:34:57 am »

The reason for the same external IPaddress is NAT.

http://computer.howstuffworks.com/nat.htm

If you can use nmap againt the external IP you are
correct that it is not secure. Find the services being
offered and turn them off.

You do not need a dns service to remotely access
your network you will need port forwarding.

Before opening your network learn about how
tcp/ip works and such so that someone doesn't
own your box.

They want your internet connection not really the
information. Then they will be used for bit networks.

Keep reading.

Bigpaws
Logged
Freston
Vectorite
***
Posts: 165


« Reply #7 on: January 01, 2008, 09:55:00 am »

Quote from: bigpaws
The reason for the same external IPaddress is NAT.

http://computer.howstuffworks.com/nat.htm
Ok! Great!

Quote from: bigpaws
If you can use nmap againt the external IP you are
correct that it is not secure. Find the services being
offered and turn them off.
Ports 53 and 80 are open. The DNS and HTML ports respectively.
Code:
Not shown: 1695 closed ports
PORT   STATE SERVICE
53/tcp open  domain
80/tcp open  http
Device type: broadband router|WAP
Running: Netgear embedded
OS details: Netgear DG834 or DG834G (wireless) DSL Router
Uptime: 0.020 days (since Tue Jan  1 17:43:49 2008)
Network Distance: 0 hops
So it's detecting my router, not my lappy. But I'm always afraid that someone can look beyond my router. I guess that's where the firewall function comes in.

[UPDATE]Whilst typing this post, I solved what turned out to be a real easy task. Looking beyond a router is quite easy. And if I can do it....  Shocked
[/UPDATE]

Quote from: bigpaws
You do not need a dns service to remotely access
your network you will need port forwarding.
Ah! I already found the port forwarding function. But I'll keep that disabled until I have my security all set up.
Quote from: bigpaws
Before opening your network learn about how
tcp/ip works and such so that someone doesn't
own your box.

They want your internet connection not really the
information. Then they will be used for bit networks.
Luckily, I did find good info on that. I've been reading up on Internet threats some while now.  That's why I appreciate the value of stealth on my box. Would it be a good idea to have an app like snort running? To see who came-a-knocking?

Quote from: bigpaws
Keep reading.
So I shall  Grin






Thanks for the input!
I was really approaching this networking thing from the wrong angle, and in hindsight misinterpreting output (including errors) from CLI commands. I needed to be set in the right direction. You (all) gave me some good pointers and things to consider, without making me feel stupid. I really appreciate that! Thanks!
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!