[olug] NFS & @Home Networking
Phil Brutsche
phil at giedi.obix.com
Tue Aug 7 00:24:54 UTC 2001
On 06 Aug 2001 18:44:16 +0000, Joe Vernon wrote:
> I've been using Linux for about 2 years now, but I don't have very much
> experience with networking, mainly because I only had one computer. Recently
> I did pick up a second PC. Setting up @Home was a breeze.
Fair enough
> I purchased a second IP address from Cox, I got an old 10 MBit hub from a
> friend who didn't need it, and I had it working very quickly. I then wanted
> to set up some NFS shares between the 2 machines.
Without any sort of protection?
No, don't do that.
The TCP & UDP ports used by NFS (and other sevices NFS depends on) have
been a constant source of problems regarding security. In fact, it's
been one of the biggest sources of hacked systems on RedHat 6.x systems.
Yes, you've got RH 7.1 which isn't vulnerable to that particular
problem, but it's good practice anyway. You never know if a root
exploit on RH 7.1 will rear it's ugly head the day after, a week after,
or a month after you get a particular service working.
See below for what you should do.
And yes, I feel strongly about security.
> I read the NFS howto and I managed to set everything up without much
> trouble. My problem is that whenever I send anything back and forth
> with NFS it seems to be going through the internet as I am getting
> stuck with @Home's 256 Kbit upload cap which is painfully slow for
> large files.
And can be a bad thing to do anyway.
Why so slow BTW? I though it was a 32Kbyte (384Kbit or so) upload cap,
which is what I see.
> How do I make this NFS traffic stay local and use the full 10 Mbit
> transfer speed? I would imagine this involves setting up some type of
> local IP addresses. Can this be done without adding more NIC cards?
Yes, but more NIC cards would be advisable. Add one to each system for
a private ethernet (you can use an ethernet cross cable to get by
without a hub) that can carry your private network chatter.
Either that or add a NIC card to one of the systems and have it "proxy"
("do source NAT" is a better term but you're probably not familiar with
it yet) for the other Linux system.
> I know the cards are cheap
Damn straight. I have some to *give* away (they're 3com 509B ISA cards)
if you decide to go that route.
If you would prefer PCI I know for a fact that new 10/100 ethernet cards
are typically $10 or less (before shipping) on eBay.
> but I would really like to avoid adding any new hardware if possible.
Hrmm...
I see someone else has already posted this, but here I go:
The problem is that your two computers are on the same ethernet network,
but different IP networks. They also don't know that they are on the
same ethernet network, so traffic from one has to go out the cable
modem, then back again, before it will hit the other.
The solution is to make the computers aware of the fact that they are on
the same ethernet network.
This is how the computers in my example are configured:
alice:
ip 1.2.3.4
netmask 255.255.255.0
broadcast 1.2.3.255
gateway 1.2.3.1
bob:
ip 1.2.4.23
netmask 255.255.255.0
broadcast 1.2.4.255
gateway 1.2.4.1
You would do this to make them think of each other as the same network:
On alice run:
route add -net 1.2.4.0 netmask 255.255.255.0 dev eth0
(if you have the iproute2 package installed you could use:
ip route add to 1.2.4.0/24 dev eth0)
On bob run:
route add -net 1.2.3.0 netmask 255.255.255.0 dev eth0
(with iproute2 that would be: ip route add to 1.2.3.0/24 dev eth0)
You should put the appropriate line in the /etc/rc.local of the
appropriate computer to make these changes stick between reboots.
--
Phil
(the evolution beta rocks!)
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list