[SPARCbook] Review Project X

d neal wise sparcbook at sunhelp.org
Mon Mar 5 16:53:35 CST 2001 

On Mon, 5 Mar 2001, Matthews, Jack wrote:

>  I need a router or switch. Netgear 308 may be best for me. I need a hub or
> swith hub combo. It needs to do subnetting. By the way there looks to be an
> ISDN connector at the rear plate of my Sparcstation 20 There is also an
> ethernet hub looking card at the rear with four ports. I don't have a manual
> for it so I'm guessing.I have one public IP only.
> Will this suffice or do you think I still need the switch still?

That ethernet hub looking card is likely a quad ethernet card. Just a
suggestion... try looking at the part numbers of cards and so on,
consulting the sun hardware FAQ (see http://www.sunhelp.org) rather than
guessing. It's going to take you a *lot* longer if you trial-and-error
this as much as you seem to be trying to do. Please make sure you consider
security with what you're doing. Statements like "i need a router or a
switch" pretty much scream 'grab my IP address from the email headers and
do me in.' 

> I am bringing all cable down to the lower level for wall jacks. So only one
> level needs wiring.
> I need a firewall. I think best is the SS20 for this as the Colbalt qube 2
> has one ethernet jack only.

what a waste of a sparc 20. You'd probably have more fun with this as a
workstation.
 
> I have heard that the sparcbooks don't like to be mobil if the NIS+ is setup
> on them?

If they can't talk to the NIS server (i.e. are disconnected from the
network) objects not in the local hosts,networks,netmasks,passwd,group and
so on files will not be available to the system. The solution is to make
them NIS secondaries. Then you can worry about your complete environment
credentials walking around. I'm saying that's how to fix the problem
you're worried about... I'm also saying the fix is a bad idea :)

> However, isn't NIS a great thing from solaris 2.6? 

NIS is a great thing from sun going back a lot longer than that. It's also
great and very unsecure. Which is really too bad. It's very convenient to
run NIS at home (automounter/amd et al). I did so for a number of years
but my paranoia got the best of me and I chucked it. I've cobbled together
something more secure but less functional than NIS. tradeoffs tradeoffs

Don't use NIS and connect to a public network. NIS suffers from overdoing
its job. You can pull too much information out of a NIS server.

> Maybe there is a work around?  

suggestion: 

1) take this elsewhere :) there's a lot better sources of information for
home networking than a sparcbook list. A lot of people on this list are
probably only just keeping up with their mail load. Off topic things add
to that.

2) consider a free, open source unix - your choice - to deploy for a combo
firewall/router. set it up and put the collection of hosts you list above
behind that. Deploy such a thing on a p75-p120 with a reasonable amount of
ram and disk. again... lots of info out there. For that matter you'll
likely find that sparc 20 (and *probably* the cards in it) supported by
NetBSD or OpenBSD (and probably linux sparc). You may not find the ISDN
supported though (think like the sparcbooks :). To get
political/philosophical I have a real problem with using closed source
platforms/applications for security solutions.

3) To answer your 'do I need a switch question' here is what I think your
goal likely is


                     Internet
                      |
                      |<-some kind of link ISDN, POTS/PSTN (phone),
                      | ethernet to a cable modem/DSL, etc
                      |
                      *
-----------------------------------------------
| firewall host uses single public address on |
| external (whatever medium) interface        |
|  use NAT to translate internal addresses    |
| to external ones                            |
|                                             |
|                                             |
|                                             |
| use rfc1913 address space internally        |
----------------------------------------------
                      *
                      |<-ethernet cable 
                      |
______________________|____________________
| switch or hub                           |
__________________________________________
      |               |              |
      |               |              |
      |               |              |
      |               |              |
      |               |              |
      *               *              *
      ^
plug these into your other machines :) 

You'll find this to be basically what most people's home network looks
like.

sites
---------------
http://www.ietf.org/rfc/rfc1918.txt?number=1913 <- read this!!
http://www.openbsd.org
http://www.linux.org (start here and look around. linux isn't very
	centralized)
http://www.netbsd.org

I use the little netgear 508 switches at home (10/100FDX) and they're good
considering the price. 

Just a tip... always assume your firewall will fail you. Use that
perspective to consider how you deploy the rest of your environment. This
means considering all host-based security options (firewalls on every host
only allowing intended services, lots of logging). Yes this means a lot of
management overhead. I've found it to be a lot less overhead than
attemping to recover data/services on a compromised machine.

good luck and have fun!

regards,

neal
___________
d neal wise - nwise at spy.net
SPY internetworking  -  will network for food
http://www.spy.net

More information about the SPARCBook mailing list