Chris Schumann wrote: >Hi all, > >I'm going to be moving soon, and I thought it would be a good opportunity >to redesign my home network. I know it's a big topic, but let's play >anyway. > >Requirements: >- Local private network > - Authenticated users (Windows and Linux) have their own home folders > - Roaming profiles would be nice > - Common shared folders > - Shared printer > - Wired and wireless access > - Guest account can print, web surf, access public folders > > > >- Internet presence > - Public HTTP server (probably Windows and Linux machines) > > You will _need_ just one router, then use port forwarding (I'm using this method). Technically you need 2 IP addresses, one your ISP uses to connect you to the Internet, the other is assigned to your router. All traffic will go to your router from the Internet, you tell the traffic (directed by "ports") to the internal IP address. Port forwarding is not as fast as a direct connection but it's more secure. Only ports you open have traffic passing to computers on the internal network. Example :www.fred.org:1001 where www.fred.org is on port 80. The router has that port assigned to a specific internal IP address like 192.168.0.10. So when the websurfer enters www.fred.org:1001 they get to the webserver the router is pointing 1001 at. You can provide links on the website (www.fred.org on port 80) to other machines on the internal network. If you want to have another machine with an IP address exposed to the Internet (3 IP addresses) you may have to pay for a "block" of IP addresses, generally 5 addresses, this can be $$$. HTTP on port 80 SSH on port 22 FTP on port 21 Terminal Services (windows) on port 3389 Many ports are not used, 1001-1009 are unassigned so you wont have conflicts. > - Remote SSH (not at first) > >I guess my questions are.... >- What equipment will I need? I'm guessing two routers is the key to this. >A WAP with WPA will be purchased (I'm currently using WEP128). > > > Just plug the WAP in to the router or a switch. >- Can Samba provide roaming profiles, or am I limited to a MS solution? Do >I need true roaming profiles if having "My Documents" on the network is >good enough? (although a desktop and start menu that are customized would >be really nice too) > > > Roaming Profiles in a home network are close to worthless, how often will you need to use another machine in the same house? The only time I touch another machine is to fix it and my machines are off limits. I have 2 servers one for Web serving, file, and print (W2K). The other is RH Linux 8 watching the Internet connection and generally being the cop after the router (need to purge old logs...). I have XP Pro Workstation, Fedora laptop, my wifes W98 laptop, my kids W89 desktops. I have a laser printer on an HP Jetdirect, and a color inkjet on the parellel port of the W2K server. With the Linux laptop I don't connect to a Samba share to print, I go directly at the JetDirect. It's a wired and switched network Leave the "Guest" account disabled, use a JetDirect and you will not have to worry about printing from Linux or Windows using the "guest" account. Create an account that only has access to specific things don't let the account have access to private information. As long as a machine can be plugged in to my network and it is running DHCP, it can get to the Internet. It can't touch the Linux, XP Pro, or W2K machines, they are as secure as possible or as a home network needs to be. If your buddy is hacking your home network I might evaluate the friendship ;-) Domains are not the the best for small networks, Domains require a large overhead of resources like disk, memory, backup, and bandwidth to maintain. With all the machines I have on the network I don't bother with a Domain. I just map the drives necessary at the specific machine and make them persistent. Sam. >- Is it possible to have machines usable by authenticated users and guests >and keep guests out of the private network shares, or should I make guest >users use their own or dedicated machines? > >Many thanks, >Chris Schumann > > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >http://www.mn-linux.org tclug-list at mn-linux.org >https://mailman.real-time.com/mailman/listinfo/tclug-list > > > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list