[GLLUG] Penguicon - Net Connectivity

Peter Smith psmith.gllug at gmail.com
Thu Apr 10 18:41:59 EDT 2008 

    Hrmph. Not gonna make the meeting tonight. Got a lot to do tomorrow, 
and not done enough prep for it all. Though, one of the things to do is 
to go and get The Big Switch...guess I'm only getting the one. Ah well. 
Specs on it tomorrow night, and more grumbling...I can dig up a 4 port 
or two to run around.

One of the prep things to do for THIS meeting was info on our 
net.connect at the con. Looks like we're feeding thru whatever the MPcon 
people have, so this missive is a consolidation of that thread's info. 
If we need to change anything or get more info, let me know, and I'll 
bounce the questions to their net guy, Nick Adams.

-----------------------------

On Tue, Apr 8, 2008 at 7:54 PM, Nick Adams <nickadams at mpcon.org> wrote:

    Jer - I need to know what the Computer Lounge folks need in terms of 
network access.  Also, are the linux loading/slamming/booting fests 
included with them or are the on their own?  Am I providing connectivity 
for them also?

On Wed, Apr 9, 2008 at 4:36 AM, Jer <jer.lance at gmail.com> replied:

    Umm, to the best of my knowledge... wait, I don't know any of this 
shit.  Hold on!  Peter Smith, meet the guys at MPCon through whom your 
Internet connectivity will be hampered...err, managed. MPCon guys, meet 
Peter Smith, the GLLUG patsy who got roped into running the computer 
lounge this year.

Play nice, boys.


------------------------------
So, I said 'Hi Dr. Nick!' and proceeded to tell him what I knew. :) 
Here's the summary of that conversation. Of course, I only have ONE 
switch now, so...sigh...
-------------------------------
Here's my current understanding of the plan.

I've got two switches coming in as a donation from my former workplace. 
One of those will be running the 'public network' consisting of 24 smart 
Linux terminals, 6-8 hardwired plugins for portables/whatever machines, 
and a low-range wifi, connected to a server that will be behind the 
security desk. The other switch will have our 'ancillary' units hanging 
off it; a machine or two behind the security desk to keep us sane, one 
or two boxes that will feature 'Linux' gaming (as opposed to Windows 
games running off Linux boxes), our 'burnbox' units that produce the 
distros for people to take home (which I believe will have a rather 
recent copy of the MSU repository if someone gets off their butt before 
the con), as well as the server for Convention registration, which I 
believe will also be using some sort of WiFi to connect up to their 
terminals.

Normally, from what I understand casually from various GLLUG planning 
meetings, we'd then connect up the switches to whatever feed the hotel 
supplies, and deal with it from there. At a previous ConCom meeting, 
when I brought up security and such things on the ConNet (including you 
guys), he suggested we might feed it through you first, and then to us, 
letting you do the throttling for the both of us, and isolating your 
systems from ours.

Both the Keysigning Party and the Packaging Fest will run out of the 
lounge. Hopefully, they'll both use local resources as much as possible. 
The former shouldn't have too much of an impact on the net; the latter, 
well, who knows what people are going to want to package in...but the 
majority should be available from the burnbox.


 >From Nick Adams


I planned to make sure you were isolated form us.

Do you need two IPs for both your networks, or just one?  I assume 
you're running your own DHCP services or do you usually lean on the 
hotel for that ?

<then, later>

I set up your network, you'll be on your own VLAN.  I will set up 2 ports
for you on my switch, if you need more ports for your stuff, let me know.

You're set up with 10.10.10.0/23 (510 addresses) with the first 49 reserved
for static addresses.  Rest are DHCP.  If you need a larger subnet, let me
know.  :)

Network: 10.10.10.0
Netmask: 255.255.254.0
Broadcast: 10.10.11.255
Gateway: 10.10.10.1
DNS: 10.10.10.1
NTP: 10.10.10.1
DHCP Start: 10.10.10.50
DHCP End: 10.10.11.254

I block P2P (at layer 7,) MS-SQL, 8080, and SMB traffic at the internet,
both ways.  The router machine also has a transparent caching proxy running
to help keep things under control.  I also run the snort IDS.

I don't know if you plan to further NAT behind this or run connected
directly to it, either way, you should have what you need.

If you have any questions, let me know. ;)

Regards,
-Nick AdamsHrmph. Not gonna make the meeting tonight. Got a lot to do 
tomorrow, and not done enough prep for it all. Though, one of the things 
to do is to go and get The Big Switch...guess I'm only getting the one. 
Ah well. Specs on it tomorrow night, and more grumbling...I can dig up a 
4 port or two to run around.

One of the prep things to do for THIS meeting was info on our 
net.connect at the con. Looks like we're feeding thru whatever the MPcon 
people have, so this missive is a consolidation of that thread's info. 
If we need to change anything or get more info, let me know, and I'll 
bounce the questions to their net guy, Nick Adams.

-----------------------------

On Tue, Apr 8, 2008 at 7:54 PM, Nick Adams <nickadams at mpcon.org> wrote:

    Jer - I need to know what the Computer Lounge folks need in terms of 
network access.  Also, are the linux loading/slamming/booting fests 
included with them or are the on their own?  Am I providing connectivity 
for them also?

On Wed, Apr 9, 2008 at 4:36 AM, Jer <jer.lance at gmail.com> replied:

    Umm, to the best of my knowledge... wait, I don't know any of this 
shit.  Hold on!  Peter Smith, meet the guys at MPCon through whom your 
Internet connectivity will be hampered...err, managed. MPCon guys, meet 
Peter Smith, the GLLUG patsy who got roped into running the computer 
lounge this year.

Play nice, boys.


------------------------------
So, I said 'Hi Dr. Nick!' and proceeded to tell him what I knew. :) 
Here's the summary of that conversation. Of course, I only have ONE 
switch now, so...sigh...
-------------------------------
Here's my current understanding of the plan.

I've got two switches coming in as a donation from my former workplace. 
One of those will be running the 'public network' consisting of 24 smart 
Linux terminals, 6-8 hardwired plugins for portables/whatever machines, 
and a low-range wifi, connected to a server that will be behind the 
security desk. The other switch will have our 'ancillary' units hanging 
off it; a machine or two behind the security desk to keep us sane, one 
or two boxes that will feature 'Linux' gaming (as opposed to Windows 
games running off Linux boxes), our 'burnbox' units that produce the 
distros for people to take home (which I believe will have a rather 
recent copy of the MSU repository if someone gets off their butt before 
the con), as well as the server for Convention registration, which I 
believe will also be using some sort of WiFi to connect up to their 
terminals.

Normally, from what I understand casually from various GLLUG planning 
meetings, we'd then connect up the switches to whatever feed the hotel 
supplies, and deal with it from there. At a previous ConCom meeting, 
when I brought up security and such things on the ConNet (including you 
guys), he suggested we might feed it through you first, and then to us, 
letting you do the throttling for the both of us, and isolating your 
systems from ours.

Both the Keysigning Party and the Packaging Fest will run out of the 
lounge. Hopefully, they'll both use local resources as much as possible. 
The former shouldn't have too much of an impact on the net; the latter, 
well, who knows what people are going to want to package in...but the 
majority should be available from the burnbox.


 >From Nick Adams


I planned to make sure you were isolated form us.

Do you need two IPs for both your networks, or just one?  I assume 
you're running your own DHCP services or do you usually lean on the 
hotel for that ?

<then, later>

I set up your network, you'll be on your own VLAN.  I will set up 2 ports
for you on my switch, if you need more ports for your stuff, let me know.

You're set up with 10.10.10.0/23 (510 addresses) with the first 49 reserved
for static addresses.  Rest are DHCP.  If you need a larger subnet, let me
know.  :)

Network: 10.10.10.0
Netmask: 255.255.254.0
Broadcast: 10.10.11.255
Gateway: 10.10.10.1
DNS: 10.10.10.1
NTP: 10.10.10.1
DHCP Start: 10.10.10.50
DHCP End: 10.10.11.254

I block P2P (at layer 7,) MS-SQL, 8080, and SMB traffic at the internet,
both ways.  The router machine also has a transparent caching proxy running
to help keep things under control.  I also run the snort IDS.

I don't know if you plan to further NAT behind this or run connected
directly to it, either way, you should have what you need.

If you have any questions, let me know. ;)

Regards,
-Nick Adams

More information about the linux-user mailing list