Your Personal Intranet (Part 1).
by Computothought in Circuits > Computers
65758 Views, 83 Favorites, 0 Comments
Your Personal Intranet (Part 1).
Note: DO NOT CONNECT THIS SET UP TO THE REAL INTERNET, Be careful too, because wifi will not distinguish between the two.
When people go to the trouble to set up their own network, they usually may gain respect for all the hard work that goes into network management. One of the reasons we wanted to do this instructable is to encourage those who like to be hackers to try working on their own equipment rather than be mischievous to someone else's systems. Most everything in this project was developed using legacy equipment, with up to date software. Cost was minimal. Ethical pen (penetration) or security testing training is usually done with this kind of setup at first
Update: With an internet "kill switch" law looming to be passed, I might not be a bad idea to make your network intenetless proof.
See also: https://www.instructables.com/id/Your-personal-intranet-Part-2/
https://www.instructables.com/id/Statusnet-the-Twitter-clone-setup/
What's Needed.
AT least three routers and manuals (better if they support dd-wrt or the like).
Cat 5 or better networking cable(s). In some cases you can make your own cheaper if you are going to use a lot of cable) otherwise just get store bought cable.
Cable ends. Cable ends and cable are available from better electronic and computer stores.
Your various extra computers, printers and etc.
optional:
crossover cable adapters.
Cable ties to make things neater.
Standalone switches.
Tools:
Cable end crimper (if you are going to make your own cables).
Cable tester. (even store bought cable can have problems).pen or other writing device and pad to write down information.
Router maunals so tht you can find out how to set up reserve addresses and port forwarding for your router.
Domain Name Addressing (internet Telephone Book).
The Google internet protocol address is: 173.194.64.106 in this case.
Computer directory assistance:
$ nslookup www.google.com
Server: x.x.x.1
Address: x.x.x.1#xx
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 173.194.64.147
Name: www.l.google.com
Address: 173.194.64.105
Name: www.l.google.com
Address: 173.194.64.103
Name: www.l.google.com
Address: 173.194.64.104
Name: www.l.google.com
Address: 173.194.64.99
Name: www.l.google.com
Address: 173.194.64.106
$ dig www.google.com
; <<>> DiG 9.7.0-P1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24576
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 538147 IN CNAME www.l.google.com.
www.l.google.com. 248 IN A 173.194.64.106
www.l.google.com. 248 IN A 173.194.64.103
www.l.google.com. 248 IN A 173.194.64.147
www.l.google.com. 248 IN A 173.194.64.104
www.l.google.com. 248 IN A 173.194.64.99
www.l.google.com. 248 IN A 173.194.64.105
;; Query time: 12 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Nov 24 19:28:07 2011
;; MSG SIZE rcvd: 148
Noticed I typed in the Googles intenet address and was able to get to site. To remember all the internet addresses you might want go to is an extraordinary task. So the internet has directory assitance built in. In the second frame, I just used Googles web site name to get to their site. That is it goes to a DNS (Domain name server is an internet equivalent of directory assistance) to translate the website name to an internet address and then your browser goes to that numerical address. It usually happens so fast that you may not realize what is going on. Since we will not access the real intenet, so for our internet we will be setting up a crude form of directory assistance of your own. That is unless you want to remember all the numbers.
One last detail:
Like the phone book, the names are listed in a certain way. Usually the last name and the first name. for the internet, this is an over simplification, but the websites can have two or more parts.
www.google.com breaks up into:
www - world wide web
google - the name of the domian
com- the type of domain it is. .com is a commercial site usually.
Other extensions:
org - non-profit
gov - governmental unit, and etc.
More info at http://en.wikipedia.org/wiki/Domain_Name_System
Ethernet Cabling Basic.
white-orange striped
orange
white-green striped
blue
white-blue striped
green
white-brown striped
brown.
No affiliation with this company, but the video is decent about making cable.
http://www.wipeout44.com/video/misc/make_ethernet_cable.asp
There are also two basic tyoe of cabling: (newer routers can automatically detect standard cable wiring).
Patch (traditional cable). T-468b/t-468b
Crossover cablle (rarely used, but great for hooking up two computers directly together without a switch)
t-568a/t-568b
Parts:
Rj-45 cable ends (covers are optional)
Ethernet cat cable or better.
Tools:
RJ-45 cable crimpers.
Cable testers:
>patch cable tester (better ones test each wire separately).
> live network tester (lets you know if the wire is good when plugged into a network port. DO NOT USE THE PATCH CABLE TESTER TO DO THIS!!!!) (NOT SHOWN)
So How Do We Connect It? (Router 1 Backbone).
We need to have a root device that serves as DNS (Domain name server) for the highest level (.i.e. the three routers and any server that is transparent through the two lower routers. The wan (wide area network) of the top network will not be connected. Most people use a 10 or 172 network in large firms for the highest level of the network phone number so to speak. . We will use instead a 192 based network. 192.168.x.x known as a class c network and defined not to be net-workable with the internet per se. We are going to use ipv4 for now. ipv6 changes all the ground rules. Did you notice the ipaddress of Google?
We are going to divide the network into two major subnets. The first advantage here is we can isolate network issues easier. In case of a spreading virus you can remove the connection on the subnet where there is an issue so everyone does not get affected/infected. Then you go to that area and take care of the issue. Once resolved that subnet can bet added back to the network The second advantage here is that you can limit the network traffic to defined areas or the subnet, It also can help in security if certain devices on one subnet do not need to be accessed from the other subnet as required. For example, you will want to have the accounting information separated from other departments that are not involved in the day to day finances. Mostly common sense.
Generally our class c network will or can have up to about 250 devices connected. (192.168.x.x). As for individual hardware assignment, the last part of the address is usually segregated for example .100 to .150 us assigned to clients and .10 to .99 is assigned to server and certain network non-workstation equipment that need an unchanging ipaddress, Makes it easuer to trubleshott issues when you know what equipment is having issues. Since this is your network not connect to the real internet, you can set it up whatever way you want.
Router 1 is private network 0 or the backbone.
Router 1
Wan ip should not be used.
Dns 192.168.1.1
netmask 255.255.255.0
Broadcast 192.168.1.255
lan address should be 192.168.1.1
Router 2.
For reference:
Router 2
Wan ip should be 192.168.1.10
Dns 192.168.1.1
netmask 255.255.255.0
Broadcast 192.168.1.255
Switch lan network should be 192.168.2.x
Router lan address s/b 192.168.2.1
The router wan can us dhcp, but you will have to reserve the address in the router
Let's add the music server and then do some port forwarding.
1. You will want to install the web server on a machine (some interesting links)
https://www.instructables.com/id/Introduction-to-installing-web-apps/
https://www.instructables.com/id/Quicky-web-server-for-linux/
https://www.instructables.com/id/Quicky-web-server-for-MSWindows-XP/
You want to reserve the address for the web server in the router 2 setup per your router firmware documentation..
(The ipaddress of the web server will be 192.168.2.110, but to this outside of router 3, the web server address is 192.168.2.10).
Now to forward the port.
Web servers are usually port 80 (unless you set it up differently, so that is the port you want to forward.
Router 3.
For reference:
Router 3
Wan ip should be 192.168.1.20
Dns 192.168.1.1
netmask 255.255.255.0
Broadcast 192.168.1.255
Switch lan network should be 192.168.3.x
Router lan address s/b 192.168.3.1
The router wan can us dhcp, but you will have to reserve the address in the router.
Let's add the music server and then do some port forwarding.
1. You will want to install the firefly music server on a machine (also know as mt-daapd.)
(for the latest Debian "squeeze")
$ sudo apt-get update
$ sudo apt-get install libgcrypt11 forked-daapd
If all went well then it should be up and running. You'll need to adjust the config file for forked-daapd, which is located at /etc/forked-daapd.conf, by changing the music directory to match the directory you store your music in like so:
Then you can simply restart forked-daapd like so: /etc/init.d/forked-daapd stop
/etc/init.d/forked-daapd start
See https://en.wikipedia.org/wiki/Firefly_Media_Server for more information.
You want to reserve the address for the music server in the router 3 setup per your router firmware documentation..
(The ipaddress of the music server (for us) will be 192.168.3.110, but to this outside of router 3, the music server address is 192.168.3.10).
Now to forward the port.
Itunes is usually port 3689 so that is the port you want to forward.
Try It Out.
Router 1
Any equipment connected to router 1 not including routers 2 and 3.
Routers 2 and 3.
Everything else.
Can you see the web server (with a web browser) from outside router 2?
Can you access the music server (with an itunes compatible client) from outside router 3?
If not go back and check your settings.
In part two we will get into virtual private networks, dnsmasq, and other media servers. Stay tuned...
The Intranet.
An idea coming soon based on the ITCrowd idea.