[nos-bbs] Missing something - 44 net

Barry Siegfried k2mf at nnj.k2mf.ampr.org
Tue Jul 25 16:52:53 EDT 2006 

["George (Skip) VerDuin" <k8rra at ameritech.net> wrote]:

> OK Barry, I now believe I see the distinction... Check me out?
>
> On Mon, 2006-07-24 at 15:06 -0400, Barry Siegfried wrote:
>
> > ["George (Skip) VerDuin" <k8rra at ameritech.net> wrote]:
> >
> > > I have not thought this through fully yet (I admit)...
> >
> > There was a time when using a NOS or Unix/Linux machine to implement
> > a "software solution" to implement NAT was the only way you could get
> > a single IP address user account to service more than a single client
> > machine behind it but today, the consumer IP/NAT routing appliance is
> > so commonly available that it is somewhat of a no-brainer whether or
> > not to use one.
>
> Now this is how I see your LinkSys solution as applied to an existing
> Linux jnos install:
>
> A) remove the tun device

Not if you want to run in amprnet.  You need to provide some method
of accessing IPIP and the 'tun' device is just about the closest
thing you have to doing that.

> b) attach a spare eth(1?) to the jnos stack
> c) attach the LinkSys INTERNET to the eth(1?) interface (external
> modem presumed)
> d) configure NAT & Firewall to interface to 44... static IP of jnos
> e) attach the LinkSys LAN to the host eth(0?) interface
> f) attach the remaining LAN ports to other hosts and also to the other
> internet bridge containing DSL or CABLE etc interface.
> g) route as appropriate...
>
> Interesting concept - I doubt I would have tumbled to this on my own...

Ummm... I don't completely understand the architecture of what you
are describing above but if it works for you, hey then, why not?

> > The other thing that using an IP/NAT router in this configuration
> > does for you (particularly for those who are using cable internet
> > access) is that it eliminates the requirement that your NOS or
> > Unix/Linux machine, 1) have two interfaces in it in order to
> > accommodate a LAN "behind" your internet connection, and, 2) hear
> > all of those incessant ARP broadcasts on your "local" cable segment.
> > The amount of this traffic IS signficant (depending on the size of
> > your segment, of course) and using an IP/NAT router will completely
> > free your NOS or Unix/Linux machine from the resources it would have
> > to devote to hear all of these ARP broadcasts.
>
> I never considered the Linux/jnos box as the internet gateway - although
> there is a great deal of press on the subject.

You are operating a gateway now.  It is my perception that it is a
Linux gateway with JNOS running underneath it to provide a mailbox
application.  Is that perception wrong?  A gateway is any machine
that is multihomed in two networks.  I suspect your Linux machine
has an interface on a LAN which talks to the router that talks to
the internet and the internal "tun" device of the Linux machine
lives in 44/8.  By definition, this is a "gateway".

> It seems like OLD 386/486 throw-aways make a "good" bridge/firewall
> as an alternative to a LinkSys appliance.

Presuming that you have a single IP address at your "point-of-presence"
then you will need this equipment to do NAT for you.  Yes?

> I do now wonder if adding jnos to this incoming bridge thus expanding
> it to Internet + RF paths makes sense?
>
> The device needs no operator interface since everything may be
> doable remotely via telnet - ssh - etc... This one for another day?

For those who remember the show, there are 8 million stories in the
naked city, and there are 8 million ways you can configure a computer
network.  It all depends on what you are trying to accomplish.

> Thanks for the concept Barry, I may already have all the hardware to
> try this out for kicks.

I'm not sure what it is you are going to try but whatever it is, if it
works for you then you will have found what you need.

> As an aside:  you notice that Maiko has begun the process of detaching
> jnos/host support routines/libraries?  It may be a future strategy of
> his that NAT can be "plugged in" when needed and not included into the
> application?  Our conversation here may become the "old way" of doing
> things...

I am not familiar with the JNOS library layout.  It was always part
of every NOS platform to have the ability to enable and disable items
as needed.  This permitted you to compile versions of the program
which were extremely fine tuned and tailored to function in a
particular environment or for a particular purpose.  If that is
what you are calling the "old way" of doing things, we are still
doing them today and it works pretty darn well.  :)

73, de Barry, K2MF >>
           o
          <|>      Barry Siegfried
+---------/-\---------------------------+
| Internet | bgs at mfnos.net              |
| HomePage | http://www.mfnos.net/~bgs  |
+----------+----------------------------+
| Amprnet  | k2mf at nnj.k2mf.ampr.org     |
| PBBS     | k2mf at k2ge.#cnj.nj.usa.noam |
+----------+----------------------------+

More information about the nos-bbs mailing list