[GLLUG] Penguicon - Net Connectivity
Peter Smith
psmith.gllug at gmail.com
Thu Apr 10 18:41:59 EDT 2008
Hrmph. Not gonna make the meeting tonight. Got a lot to do tomorrow,
and not done enough prep for it all. Though, one of the things to do is
to go and get The Big Switch...guess I'm only getting the one. Ah well.
Specs on it tomorrow night, and more grumbling...I can dig up a 4 port
or two to run around.
One of the prep things to do for THIS meeting was info on our
net.connect at the con. Looks like we're feeding thru whatever the MPcon
people have, so this missive is a consolidation of that thread's info.
If we need to change anything or get more info, let me know, and I'll
bounce the questions to their net guy, Nick Adams.
-----------------------------
On Tue, Apr 8, 2008 at 7:54 PM, Nick Adams <nickadams at mpcon.org> wrote:
Jer - I need to know what the Computer Lounge folks need in terms of
network access. Also, are the linux loading/slamming/booting fests
included with them or are the on their own? Am I providing connectivity
for them also?
On Wed, Apr 9, 2008 at 4:36 AM, Jer <jer.lance at gmail.com> replied:
Umm, to the best of my knowledge... wait, I don't know any of this
shit. Hold on! Peter Smith, meet the guys at MPCon through whom your
Internet connectivity will be hampered...err, managed. MPCon guys, meet
Peter Smith, the GLLUG patsy who got roped into running the computer
lounge this year.
Play nice, boys.
------------------------------
So, I said 'Hi Dr. Nick!' and proceeded to tell him what I knew. :)
Here's the summary of that conversation. Of course, I only have ONE
switch now, so...sigh...
-------------------------------
Here's my current understanding of the plan.
I've got two switches coming in as a donation from my former workplace.
One of those will be running the 'public network' consisting of 24 smart
Linux terminals, 6-8 hardwired plugins for portables/whatever machines,
and a low-range wifi, connected to a server that will be behind the
security desk. The other switch will have our 'ancillary' units hanging
off it; a machine or two behind the security desk to keep us sane, one
or two boxes that will feature 'Linux' gaming (as opposed to Windows
games running off Linux boxes), our 'burnbox' units that produce the
distros for people to take home (which I believe will have a rather
recent copy of the MSU repository if someone gets off their butt before
the con), as well as the server for Convention registration, which I
believe will also be using some sort of WiFi to connect up to their
terminals.
Normally, from what I understand casually from various GLLUG planning
meetings, we'd then connect up the switches to whatever feed the hotel
supplies, and deal with it from there. At a previous ConCom meeting,
when I brought up security and such things on the ConNet (including you
guys), he suggested we might feed it through you first, and then to us,
letting you do the throttling for the both of us, and isolating your
systems from ours.
Both the Keysigning Party and the Packaging Fest will run out of the
lounge. Hopefully, they'll both use local resources as much as possible.
The former shouldn't have too much of an impact on the net; the latter,
well, who knows what people are going to want to package in...but the
majority should be available from the burnbox.
>From Nick Adams
I planned to make sure you were isolated form us.
Do you need two IPs for both your networks, or just one? I assume
you're running your own DHCP services or do you usually lean on the
hotel for that ?
<then, later>
I set up your network, you'll be on your own VLAN. I will set up 2 ports
for you on my switch, if you need more ports for your stuff, let me know.
You're set up with 10.10.10.0/23 (510 addresses) with the first 49 reserved
for static addresses. Rest are DHCP. If you need a larger subnet, let me
know. :)
Network: 10.10.10.0
Netmask: 255.255.254.0
Broadcast: 10.10.11.255
Gateway: 10.10.10.1
DNS: 10.10.10.1
NTP: 10.10.10.1
DHCP Start: 10.10.10.50
DHCP End: 10.10.11.254
I block P2P (at layer 7,) MS-SQL, 8080, and SMB traffic at the internet,
both ways. The router machine also has a transparent caching proxy running
to help keep things under control. I also run the snort IDS.
I don't know if you plan to further NAT behind this or run connected
directly to it, either way, you should have what you need.
If you have any questions, let me know. ;)
Regards,
-Nick AdamsHrmph. Not gonna make the meeting tonight. Got a lot to do
tomorrow, and not done enough prep for it all. Though, one of the things
to do is to go and get The Big Switch...guess I'm only getting the one.
Ah well. Specs on it tomorrow night, and more grumbling...I can dig up a
4 port or two to run around.
One of the prep things to do for THIS meeting was info on our
net.connect at the con. Looks like we're feeding thru whatever the MPcon
people have, so this missive is a consolidation of that thread's info.
If we need to change anything or get more info, let me know, and I'll
bounce the questions to their net guy, Nick Adams.
-----------------------------
On Tue, Apr 8, 2008 at 7:54 PM, Nick Adams <nickadams at mpcon.org> wrote:
Jer - I need to know what the Computer Lounge folks need in terms of
network access. Also, are the linux loading/slamming/booting fests
included with them or are the on their own? Am I providing connectivity
for them also?
On Wed, Apr 9, 2008 at 4:36 AM, Jer <jer.lance at gmail.com> replied:
Umm, to the best of my knowledge... wait, I don't know any of this
shit. Hold on! Peter Smith, meet the guys at MPCon through whom your
Internet connectivity will be hampered...err, managed. MPCon guys, meet
Peter Smith, the GLLUG patsy who got roped into running the computer
lounge this year.
Play nice, boys.
------------------------------
So, I said 'Hi Dr. Nick!' and proceeded to tell him what I knew. :)
Here's the summary of that conversation. Of course, I only have ONE
switch now, so...sigh...
-------------------------------
Here's my current understanding of the plan.
I've got two switches coming in as a donation from my former workplace.
One of those will be running the 'public network' consisting of 24 smart
Linux terminals, 6-8 hardwired plugins for portables/whatever machines,
and a low-range wifi, connected to a server that will be behind the
security desk. The other switch will have our 'ancillary' units hanging
off it; a machine or two behind the security desk to keep us sane, one
or two boxes that will feature 'Linux' gaming (as opposed to Windows
games running off Linux boxes), our 'burnbox' units that produce the
distros for people to take home (which I believe will have a rather
recent copy of the MSU repository if someone gets off their butt before
the con), as well as the server for Convention registration, which I
believe will also be using some sort of WiFi to connect up to their
terminals.
Normally, from what I understand casually from various GLLUG planning
meetings, we'd then connect up the switches to whatever feed the hotel
supplies, and deal with it from there. At a previous ConCom meeting,
when I brought up security and such things on the ConNet (including you
guys), he suggested we might feed it through you first, and then to us,
letting you do the throttling for the both of us, and isolating your
systems from ours.
Both the Keysigning Party and the Packaging Fest will run out of the
lounge. Hopefully, they'll both use local resources as much as possible.
The former shouldn't have too much of an impact on the net; the latter,
well, who knows what people are going to want to package in...but the
majority should be available from the burnbox.
>From Nick Adams
I planned to make sure you were isolated form us.
Do you need two IPs for both your networks, or just one? I assume
you're running your own DHCP services or do you usually lean on the
hotel for that ?
<then, later>
I set up your network, you'll be on your own VLAN. I will set up 2 ports
for you on my switch, if you need more ports for your stuff, let me know.
You're set up with 10.10.10.0/23 (510 addresses) with the first 49 reserved
for static addresses. Rest are DHCP. If you need a larger subnet, let me
know. :)
Network: 10.10.10.0
Netmask: 255.255.254.0
Broadcast: 10.10.11.255
Gateway: 10.10.10.1
DNS: 10.10.10.1
NTP: 10.10.10.1
DHCP Start: 10.10.10.50
DHCP End: 10.10.11.254
I block P2P (at layer 7,) MS-SQL, 8080, and SMB traffic at the internet,
both ways. The router machine also has a transparent caching proxy running
to help keep things under control. I also run the snort IDS.
I don't know if you plan to further NAT behind this or run connected
directly to it, either way, you should have what you need.
If you have any questions, let me know. ;)
Regards,
-Nick Adams
More information about the linux-user
mailing list