Hello,

I am thinking of networking together the computers in my house (those I have and those I will get). Here is the general network layout I am thinking of:


----------
|---|Computer 1|
| ----------
|
--------- --------------- | ----------
---phone line---|DSL modem|---|firewall/router|---|---|Computer 2|
--------- --------------- | ----------
|
| ----------
|---|Computer 3|
----------



What I am looking for right now are good resources that I can read up on for the configuration and implementation of such a network. Things I would think I need to read up on are configuring the firewall, how to allow each host to talk to each other (ftp, ssh, vnc, etc.), how to have each have access to the internet with only one DHCP assigned IP address from the ISP, how to setup a network printer(s), etc.

What I am looking for right now are good resources that I can read up on for the configuration and implementation of such a network.
If you really want to learn networking well, there isn't a cookbook recipe. I would suggest:

Learn IP addressing first. Many of the details you will be forced to learn here will hold up when working with various protocols. A classic paper on the subject is the following:

www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf

...however note that the formatting has problems with superscripting.
At this point, you should have sufficient background to understand what DHCP is doing. Read the manpage to dhcpd.conf for configuration issues. The NetBSD Wiki has more information:

http://wiki.netbsd.se/How_to_set_up_a_DHCP_Server
Next, start reading on firewalls. Note that NetBSD aficionados can use PF originating from the OpenBSD project. One of the better introductory papers is Hansteen's:

http://home.nuug.no/~peter/pf/
As J65nko will say, learning tcpdump is imperative to debugging firewall issues. Wireshark is another popular packet sniffer:

http://pkgsrc.se/net/wireshark
As for the other protocols/applications mentioned, become very familiar with the information in the appropriate manpages. Reading RFC's will build character too.
If you want to play with DNS, I would suggest leaving it out until late in the game. Make sure more basic elements are working well first.

When trying to learn networking, it is best to keep the configuration simple until you have developed enough experience to diagnose the various problems which you will likely encounter. A favorite patron back on BSDForums never heeded this advice, & constantly whined about how nothing worked after he had piled layers of applications on top of each other where he didn't understand any of them.

Lastly, poke around the Internet & decide for yourself what is important to you.

Hello,

Thanks for the resources. I actually do know the basics of networking (CCNA), but they never taught us about what I am planning on doing. It was geared more toward basic connectivity and Cisco router configuration than something like a home network (though it was discussed in a chapter we never got to). I guess the thing I am most timorous about is that while the ISP (and therefore the outside world) will only see me as one host, I'll actually have a small network - and how do I implement that? I don't know if NAT will solve that problem entirely, or if there is a better solution. Hopefully in that documentation you provided, there will be a discussion on this.

I don't know if NAT will solve that problem entirely, or if there is a better solution.
Based upon what you described earlier, NAT should provide what you need. For PF's discussion, see the following:

http://openbsd.org/faq/pf/nat.html

Hello,

Thanks for the resources. I actually do know the basics of networking (CCNA), but they never taught us about what I am planning on doing. It was geared more toward basic connectivity and Cisco router configuration than something like a home network (though it was discussed in a chapter we never got to). I guess the thing I am most timorous about is that while the ISP (and therefore the outside world) will only see me as one host, I'll actually have a small network - and how do I implement that? I don't know if NAT will solve that problem entirely, or if there is a better solution. Hopefully in that documentation you provided, there will be a discussion on this.

Sorry to be blunt but the majority of CCNA students still know *nothing* about networking even though they get pretty good mark, especially when it comes to *nix environment.

If you are given one public IP, in your case, NAT (NAPT) is the only way for more than 1 PC talking to the outside world

Hello,

Sorry to be blunt but the majority of CCNA students still know *nothing* about networking even though they get pretty good mark, especially when it comes to *nix environment.

If you are given one public IP, in your case, NAT (NAPT) is the only way for more than 1 PC talking to the outside world

It's a great program if you will work with only one or two types of Cisco routers (the ones they train you one) - and it at least gives a good foundation for networking basics, such as IP addresses and subnets and the OSI and TCP/IP protocol stacks and what is an ACL (that is what is, not how to make a really good one).

But, you are correct that it doesn't prepare their students well for general *NIX network administration (i.e., setting up firewalls, setting up DHCP, etc.). I'm learning it a bit at a time - slowly, but surely.

Hello,

Based upon what you described earlier, NAT should provide what you need. For PF's discussion, see the following:

http://openbsd.org/faq/pf/nat.html

Thanks, that will provide me with some good reading material.

Wireshark is another popular packet sniffer:


Wireshark is removed from the OpenBSD ports three due to the security issues.:cool: That would be good enough reason for me
not to use it even if I was running some other *BSD.

That would be good enough reason for me
not to use it even if I was running some other *BSD.
While I freely admit what Wireshark does with permissions seems to be a bit kooky, I suspect the OpenBSD project objects most to its free-wheeling development model. I also suspect that until the Wireshark boys fix this, Theo & the gang will not reconsider.

Nevertheless, Wireshark has one of the better GUI's for providing context quickly on multiple levels. While other packet sniffers can only approximate this perspective through carefully crafted filters, it takes time & experience to carefully construct useful filtering on the fly. Most new to packet sniffing obviously don't have this perspective & lose sight of the goal by seeing an endless stream of meaningless hexadecimal values. Wireshark's ability to add context is its greatest value.

Is there a risk in using it? Yeah, but so is getting into a car. I don't discount the OpenBSD project's stand, but this also isn't a production environment. People have to learn somewhere.

when I ordered dsl I spent many hours finding ppp.conf's for pppoe. Discovered
by accident that the self-install kit goes online with a simple
#ifconfig....(stuff)
and then a
#route ...... (stuff) , and not with pppoe.
..........................................
stymied in configuring a Cisco router behind it. Discovered by accident that
an older dsl-or-router haphazrdly configured suddenly works.
..........................................
With that in mind, it would help a lot of people looking to set up dsl on BSD
if you document precisely the steps taken to setup in your situation, put it
somewhere, like here in guides...
....................................

Hello,

when I ordered dsl I spent many hours finding
ppp.conf's for pppoe. Discovered
by accident that the self-install kit goes online with a simple
#ifconfig....(stuff)
and then a
#route ...... (stuff) , and not with pppoe.
..........................................
stymied in configuring a Cisco router behind it. Discovered by accident that
an older dsl-or-router haphazrdly configured suddenly works.
..........................................
With that in mind, it would help a lot of people looking to set up dsl on BSD
if you document precisely the steps taken to setup in your situation, put it
somewhere, like here in guides...
....................................

I guess it depends on how your ISP operates. Mine does all the pppoe on the modem itself, which also acts as a router. So all the computer has to do is a simple DHCP request.

It would appear by your situation that you have to use NAT. You have more than one machine in the network, and are only receiving one DHCP-assigned address... that spells NAT lol.

Also, I see and support ocicat's defense of wireshark. While it may be a security issue itself, it's also a wonderful learning tool with which to familiarize yourself with L2 networking.

As a last posit- If you are going to use OpenBSD for this project (and I highly suggest you do), you may be interesting in pfw (http://www.allard.nu/pfw/) . This is not to discourage you from the CLI management of pf- but rather to show you that it can be done very well from a web interface.