[TCLUG] Home or SOHO Small Network HOWTO Wanted

Tue Apr 6 21:17:13 CDT 2004

Chris Schumann said:

<replies inline>

> Hi all,
>
> I'm going to be moving soon, and I thought it would be a good opportunity
> to redesign my home network. I know it's a big topic, but let's play
> anyway.
>
> Requirements:
> - Local private network
>   - Authenticated users (Windows and Linux) have their own home folders
>   - Roaming profiles would be nice
>   - Common shared folders
>   - Shared printer
>   - Wired and wireless access
>   - Guest account can print, web surf, access public folders
>
> - Internet presence
>   - Public HTTP server (probably Windows and Linux machines)
>   - Remote SSH (not at first)

It sounds like you would want to have a linux and a windows web server? I'm
assuming you will have only one IP, so this would be tricky since you'll
only be able to set your router to forward port 80 traffic to one machine.
If this is for your own purposes, you could use a different port for one
server and just remember to include it in the URL. SSH will be just a matter
of forwarding port 22 traffic to the machine you want ssh for.

> I guess my questions are....
> - What equipment will I need? I'm guessing two routers is the key to this.
> A WAP with WPA will be purchased (I'm currently using WEP128).

I'm  not sure why you need two routers, unless you're counting the WAP as a
router. If your going to trust the WAP to do authentication for network
access, you'd just need the router to the Internet, and allow the WAP to
provide wireless services. Not all WAP's act as routers, in case you didn't
know. Your more paranoid option would be to use a firewall with a third port
(DMZ) and VPN capabilities and attach your WAP to that, no authentication
needed for 'net access, need to use the VPN for LAN. WPA would probably be
good enough for your purposes, and easier.

> - Can Samba provide roaming profiles, or am I limited to a MS solution? Do
> I need true roaming profiles if having "My Documents" on the network is
> good enough? (although a desktop and start menu that are customized would
> be really nice too)

I find roaming profiles to be a pain, set up login scripts and get your
users accustomed to using a mapped drive for document storage. Your script
could even make sure that the users My Documents folder is mapped to the
network if you are handy with windows scripting, actually quite easy. I've
never done it, but the docs say you can do roaming profiles with Samba, you
might want to do a google on that.

> - Is it possible to have machines usable by authenticated users and guests
> and keep guests out of the private network shares, or should I make guest
> users use their own or dedicated machines?

Yes. Set up your samba box as a PDC and use domain security. If the guest is
assigned no privileges to domain resources, it doesn't matter what machine
they are logging in to. You can give them access to printers without giving
them access to document shares.

> Many thanks,
> Chris Schumann
>
HTH,
Josh

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list