Cover V05, I10
Article
Figure 1

oct96.tar

Ethernet To Your Home

Lisa Lees

System administrators often creatively adapt lessons learned in one area and apply them to other areas, and this trick can be done with the creation and management of Web servers as easily as elsewhere. In this article, I will use the configuration of my home systems as an example of how to create an economical Web server infrastructure.

I have an Ethernet connection in the bedroom of my house in East Lansing, Michigan, which is for my Linux computer. Another connection in the basement goes to my spouse's Windows PC. These two systems are connected to a five-port 10BaseT hub (with room to add the children's systems at some point). The hub connects to the cable modem . . . and so to the world. The cost is quite reasonable, and installation was a snap.

TCI Telephony Services, Inc., of Michigan provides an Ethernet connection to homes in my area in one of two forms, a 10 Mb/s LANcity LCP Personal Cable TV Modem (http://wkgroup.com/lancity) or a 4 Mb/s Zenith HomeWorks cable modem (http://www.ftcnet.com/~dmh/lanmaso.htm). The cable modem attaches to the TCI cable just as does a television set or VCR.

The LANcity LCP implements one static IP address. This modem has a DB15 AUI connector, so you need to supply the appropriate transceiver hardware to connect to your in-home network. The Zenith modem implements up to four static IP addresses. It has an RJ-45 twisted-pair connector that can be directly connected to one computer if you are using only one IP address. For more than one IP address, you need a hub of some kind.

The monthly charge for these services at the time of writing (summer 1996) was $45/month for the 4 Mb/s "residential" service with one IP address ($10/month for additional IP addresses up to a total of four) and $70/month for the 10 Mb/s "commuter" service. Commercial service is $500/month for 8 IP addresses. There are installation charges for all classes of service. Commuter and commercial subscribers must sign a contract for at least 12 months of service. Please check http://www.tci.east-lansing.mi.us for TCI's current prices.

TCI requires its customers to pay for the basic cable television service if it is not already installed. Our monthly bill for basic cable and two 4 Mb/s connections is about $65, twice what our basic monthly bill is for two telephone lines. That's not bad!

I have tried both 10 Mb/s and 4 Mb/s services. I initially had the 10 Mb/s service installed, but converted to the 4 Mb/s service when it was offered. I noticed little, if any, difference in effective throughput, and I have heard this comment from other customers. Both services are clearly superior in convenience and throughput to any form of telephone modem-switched connection. (Note that my comparisons were done when TCI had few total subscribers for Ethernet service. As neighborhood segments become more heavily loaded, the throughput comparison could change.)

TCI provides each customer with accounts and email addresses on their server, tcimet.net (which runs FreeBSD). I do not need this service and simply set the mail to forward to my home machine. TCI runs a POP-3 server, which is useful to people who are connected with a non-Unix system. They have also created a Usenet newsgroup, tci.misc, for use in discussing TCI issues, but it has received little use so far.

Configuring a Unix system for Ethernet to the home is quite easy. You are given the IP addresses for your computer, the TCI gateway, and the TCI DNS host. TCI creates a DNS address record for your system, lees.tcimet.net in my case.

Configuring Linux for use on the Ethernet is also quite easy. First, make certain you have a kernel that supports networking and the particular network card you have chosen. Check the hardware FAQs before buying your network card, then either install or build the correct kernel. If you add a network card to an already configured system, pay attention to the IRQs used by your various cards! Some network cards default to using IRQ 3, which will almost certainly already be in use for a serial port.

If you are installing Linux from scratch, you will be asked for all the necessary configuration information. Otherwise you must edit a few files yourself. You need to know: the IP address assigned to your computer, the IP address of your service provider's gateway, and the IP address of your service provider's DNS system. Add an entry in the etc/hosts file for your assigned domain IP address and that of your ISP's gateway. You will also need to edit /etc/rc.d/rc.init1 and /etc/resolv.conf, accordingly. Figure 1 shows an example of these files.

Because you have a static IP address, unlike with most PPP setups, you can permit logins, telnet, anonymous ftp, and run your own web server. Just be certain you know the security implications of making your home system visible to users around the world.

Home System Security

When your home system is attached to the Internet, it is potentially visible to hundreds of thousands of other systems, So, you need to be certain that your home system is set up as securely as possible.

There are a number of books available on computer security - look for one that specifically addresses the operating system you are running. (See the January 1996 issue of Sys Admin on the topic of Linux, particularly the article "Linux as an Internet Server" by Arthur Donkers.)

Examine every way another system can connect to your system and be certain it is as secure as possible. Follow all configuration instructions, apply any available patches, and watch for any CERT announcements that apply to your OS and software (http://www.cert.org). Disable all entry points that you do not need: unnecessary accounts, services, and daemons. On my home system I allow only incoming login, ftp, and telnet connections. Everything else is commented out in the etc/inetd.conf file.

Another area of concern is the physical network. Access to the physical network via personal computer is what Ethernet to the home is all about, and service providers are often not knowledgeable about network security. I have noticed here that with the Zenith HomeWorks modems all network traffic on the segment is visible and snoopable. This means that if I log in to a remote system (and as a system administrator I sometimes log in as root) my password is briefly visible on the network.

One solution is to use a commercial secure password system with a constantly changing password, but this is expensive and inconvenient. Another solution is to use kerberos (from the MIT Athena project) or secure shell (http://www.cs.hut.fi/ssh) to establish an encrypted login session over the network. I have used both the latter methods with success. The software for both compiles and works under Linux and most common versions of Unix. In my opinion ssh is simpler and easier to use.

One of the best security precautions you can take is to make decent backups of your home system, and keep notes on any configuration changes you make. Then, if someone does hack your system, you can at least rebuild it easily. If you deal with any kind of sensitive information, such as medical or financial records, be extra careful. Such a system should perhaps not be connected to the Internet. For small amounts of data it may work to keep them on removable media and mount them only when they are actually being used, but this complicates backup.

Local Significance

The ready availability of Internet access in the East Lansing community is slowly changing the way people interact and look for information. City government is online, as are an increasing number of businesses. The community contains many students, staff, and faculty of Michigan State University who make use of the service.

Although there have been many false starts in the past with home computing and interactive services, I think the future is finally here, courtesy of the Web. The web is the raison d'etre that has been missing in all previous attempts to get people to use computers from home. No longer does anyone wonder why they need a home computer and network access. Surf's up!

The Trailing Edge

My home system is built from mail order bits and pieces, much of it four or five years old. A flip-top case with 200-watt power supply and 40-MHz 386/387DX motherboard ($300 current price), 20 Mb of 60 ns SIMMs, a 240-Mb IDE drive ($160), serial/parallel IDE combo board ($30), Trident 1-Mb graphics card ($69), serial trackball ($18), and Mitsumi 4X CD-ROM ($140). For the network hookup, I use a Bocalancard 2000+ combo ($63) and about $20 worth of twisted pair cable. My eyesight is poor, so I did spring for an NEC XV15 monitor ($475). I reused floppy drives from previous systems (I've had a home computer since 1980; that was a Heathkit H-11), but with a new floppy drive and current memory prices, that adds up to at most $1750 in hardware and software for a very respectable multiuser Unix system.

Using XFree86 under Linux (Slackware 2.3, kernel 1.2.13, $40 with book), I am able to run Netscape 2.02 with what I consider to be good response (I wait on the network, not on my system). Netscape is no slower at home than on a Sun Microsystems SPARCstation 2 workstation (32 Mb) at work, though it is slower than my SGI Indigo 2 at work (on a good network day). Given the difference of a factor of more than ten in cost, that's pretty decent. In some cases, the trailing edge is the place to be.

About the Author

Lisa Lees has an M.S. in computer science and has worked during the past 20 years as a teacher, technical writer, programmer, and system administrator. Her love/hate relationship with Unix dates to 1985. Ms. Lees is senior system administrator with the Department of Computer Science at Michigan State University. She is a member of the USENIX System Administrators Guild (SAGE) and can be reached at: lees@cps.msu.edu or http://www.cps.msu.edu/~lees.


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com