Challenge:
1 House (Duplex)
2 Sides
1 Hole in the Basement
2 Different Groups of College students
11 People wanting access
4 Network Ports
1 Server
So I live in a duplex and both sides of the house are friends with each other. We all need access to one central server to share certain files as well as stream content etc…
Here are some obstacles:
1) both have separate Charter internet connections
2) Both have their own router with a different network configured
3) There is no central DNS to serve both, just their router devices
4) Both have streaming boxes as well as need for individual download
5) The server must use the internet connection from its originating side
5) I’m hungry
So here is the solution:
I have 4 network ports on my server. Each streaming box on each side of the house would get one and the other would be used for normal data download via http/ftp/smb etc.. This will ensure consistent integrity of the connection when streaming (since we only have 100Mbps internally).
I will remove the default gateway added from the other side of the house as to ensure our internet connection is the only one used. As for DNS, ill explain that in a minute.
Here’s a outline of what i did:
a) I connected the server via two cables on our side of the house directly into our switch. I got an IP from our router (192.168.1.*) and statically set it in DHCP so it never changes. I logged which interface would be for serving the streaming media box and which would be for data moving from each user.
b) I then connected the other side of the house after running some cables through the basement (luckily there were holes) to their switch and again set static IP’s (192.168.0.*). At this point, the server had a default gateway set for both the 192.168.1. and 0. but the 0. had priority. This was unwanted. So a quick
route del default gw 192.168.0.1 dev eth2
route del default gw 192.168.0.1 dev eth1
took care of the issue. Note that there were four default gateways because of each connection to each router. Here, I removed the two to the other side of the house where the WAN connection is slower for obvious reasons.
c) Now for services. Here is a better breakdown of the IP’s so you can grasp how I’m doing this:
Our Side:
eth3 - 192.168.1.89 - nfs (streaming only) Boxee Box
eth4 - 192.168.1.253 - samba, http, ftp (download etc..)
Their Side:
eth2 - 192.168.0.108 - samba (streaming only) WDTV
eth1 - 192.168.0.104 - http,ftp (download etc...)
So first things first. Got NFS working and decided to just serve it out on 192.168.0.0/16 since it uses rpc and that uses tons of ports (tcp and udp). Since no one else except me even knows what nfs is, I decided it wouldn’t be an issue even though I could probably set interfaces to serve that out on as well.
For http, apache’s “Listen” configuration flag came in handy and I choose the interfaces I wanted it on.
For ftp, I used the “listen_address=xxx.xxx.xxx.xxx” flag in the vsftpd.conf which worked well. Except the fact that I can’t serve simultaneously on two interfaces with only one instance of vsftpd. No issue….since this is a simple anonymous connect, I just copied over my config to vsftpd2.conf, edited the listen address to the other ip address that needs access, and started another instance of the server in a screen session using that config file:
screen -S othervsftpd
vsftpd /etc/vsftpd2.conf
ctrl+a
Boom. Headshot!
For samba, all I needed to do was edit the smb.conf and add:
interfaces = eth2 eth4
bind interfaces only = yes
#for public anonymous access
security = share
#define public share
[pub]
comment = awesomeness
path = /pub
guest ok = yes
writable = no
browseable = yes
guest only = yes
public = yes
Obviously there are other global settings you would need to configure but with that, you would serve out your share successfully and serve on the necessary interfaces.
That’s all I needed to do for services. Quite nice actually.
d) DNS!!
So this required some thinking. I wanted people to be able to type in something short or a single word to get to the box but didn’t want to run a dns server.
Each router on both sides sets itself as the DNS provider when a client connects. With that in mind I went to work.
On our side:
Our router is an Asus rt-n66u which is a Beast. I enabled telnet, logged in, and set the /etc/hosts file with:
192.168.1.253 server
With that done, whenever someone on our side of the house types “server” for the hostname, it will resolve to the ip address I want them to use (non-streaming dedicated).
For the other side of the house I couldn’t do this because their router is..well cheaper. So I used a domain name I forgot I had and just set the ip to the internal ip I wanted them to use. I of course don’t plan to use this domain for anything else so it will work well. You could even use a subdomain for a domain you already own!
So I set the “hostname.com” to point to 192.168.0.104 in my dns settings at namecheap.com!!
=> The problem with using nmbd and not doing the weird stuff above???
Yes. I know. But nmbd only runs where I set samba to serve on those other interfaces remember? So that wouldn’t work very well. And even still, I would have to use “hostname.local” which is kinda lame because it would go to a random ip address being offered by the server and not any specific one I’d like users to go to.
I may be wrong about nmbd. It may be more flexible but I decided that this solution would work out great and since I’m a busy college student, I will leave it for the time being.
So far, so good. The boxee runs great on NFS and the WDTV in all its jenkyness is running pretty well on SMB. Everyone can access stuffs easily without auth and therefore, everyone seems to be happy.
As for the firewall, since I’ve specified the interfaces for my services to run on, I decided to do the following:
-A INPUT -s 192.168.0.0/16 -j ACCEPT
Boom. Done!
