Thursday, April 23, 2009

Ubuntu 9.04 Desktop Edition

Just released a few hours ago. My laptop is already running it. All I need to do is to simply upgrade from the previous version through the Update Manager. It's a breeze.

Ubuntu Desktop is my preferred desktop OS. It is pleasing, easy to use and has almost all that you need. If you are pretty savvy, as in you know how to install stuff and all, then switching to Linux is not that hard. It's a matter of getting use to something totally different.

http://www.ubuntu.com/products/whatisubuntu/904features/

Wednesday, April 15, 2009

How to build your own hot spot, the right way.

The following is taken from an article on CNET entitled How to be an ISP: Build your own hot spot
(Note: I have informed CNET of the mistake and the writer has since updated his article)


"The easiest way to do this is to use two routers. The first router is used for your home to create a private network. With most existing Internet providers, this router will act as a gateway with NAT. You don't need to worry about what passwords or data travel over this network (you can allow Windows file sharing, or you might telnet from one local machine to another) because only trusted people have physical access to the network. If this router is wireless-capable, you will need to encrypt the connection to make sure only trusted people can connect to the network.

The second router is the wireless router that you want to use to offer access to the public. This router needs, in turn, to have NAT function of its own. This means once plugged in the first router, the second router will take the connection to the Internet from the first router and create a captive local network of its own, separate from that of the first router. In short, the NAT function of the second router acts as a firewall that separates the two networks"


There were no topology in his guide but if I understand the writer correctly, based on a typical home setup, what he suggested should look like the following


If I am right, then the above mentioned part of his article is totally wrong.

By having another network behind a router and NAT does not protect the network in front of it. In fact, the protection is the other way round. This is the case with any typical home network where being behind the NAT provides somewhat of a 'protection' from the Internet, and not the other way round.

Building two totally separate and secured network is not that hard but not as simply as relying on NAT. But based on this article, the right way is to actually reverse the function of the two routers. In other words, the first router is the wireless router that you want to use to offer access to the public and the second router is used for your home to create a private network. The NAT on the second router will provide the private network protection from the hot spot network.

The only problem then is the double NAT which makes hosting services in the private network a real pain in the ass.

Tuesday, April 7, 2009

Configuring Cisco for SingNet Bizlink

Situation

You switched to SingNet Bizlink static IP plan and were given a Cisco 877. You have your own router and/or firewall in your current setup and all you need is an ADSL modem to replace your current CPE. This way, you can keep everything else in place and simply do an IP change.

Problem

You have searched for configuration samples for the Cisco and tried in vain to get it to work as a transparent bridge but failed. You need to use the Cisco because that is the only device you have that can connect you to the ADSL service.

Resolution

Go the routing way by creating another routing subnet between the Cisco and your existing router.

So the topology will look like this



Configurations

1. Set Cisco ATM interface as required with your public WAN IP eg 1.1.1.0/30

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 1.1.1.2 255.255.255.252
ip nat outside
pvc 8/35
encapsulation aal5snap
!

2. Set the VLAN interface with a small subnet private ip that is not part of your own private IP eg 10.255.255.252/30

interface VLAN1
ip address 10.255.255.253 255.255.255.252
ip nat inside

3. Set your own router WAN interface within the same range as the Cisco VLAN interface, in this case 10.255.255.254 255.255.255.252

4. Set your own router LAN interface with the public LAN IP assigned by SingTel eg 2.2.2.0/28

5. Add a route on the Cisco for all traffic to point to SingTel side and another route to your public LAN network behind your own router/firewall.

ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 2.2.2.0 255.255.255.240 10.255.255.254

6. Do a static NAT for your own router/firewall using the public WAN IP. This way traffic from the Internet will see the public WAN IP as your current router/firewall, as if the Cisco does no exist.

ip nat inside source static 10.255.255.254 1.1.1.2

Conclusions

Advantages
- You keep everything as it is and only need to change IP address.
- As good as configuring the Cisco as a bridge.

Disadvantages
- You MAY run into IP routing problem if you have private networks using the same range as the private IP assigned to the VLAN1 interface. However, by using the smallest network you can, this is quite unlikely.
- You have additional route when you do a traceroute from the inside.