PDA

View Full Version : Network Switches and SEQ


QuerySEQ
12-19-2004, 06:45 AM
I read a post a while back, ( like nearly a year ago ), when I was having problems with a Network Switch.

This is just an "Informative" Post. For those that wish to use or have a Network Switch and CANNOT run SEQ.

I started with a 'cheap' smc DSL/CABLE router, that has a built in 10/100 switch. 4 ports.

Unlike HUBS, each port on a Switch, is it's own 'collision domain', a connection on a Hub is just a big broadcast across all the ports.

The only way to allow the SEQ box to 'view' the Client, is to "Port Mirror" the ports between the SEQ box and the Client.

THat way, when in Promiscuous Mode, the SEQ box can see all the packets on the port that the client is attached to.

If you do not have a configurable switch like that, then forget it. Even with LACP alone, you only get a "one way" packet. ( either from the client, or from the Seq Box ).

Many newer Cable/DSL routers have Port Mapping capablities and you can do some Redirecting of traffic. Only Configurable Switches will allow you to have the capabilities of good network stability and speed.

Remember, a 10/100 hub is still only 10/100 on it's back plane, a Switch, can be anywhere from 1 GBps to up to 4 GBps on it's back plane.

I have to use Switch in my network, due to the number of computers utilizing the network(s). THerefore I illiminate much of my broadcast/multi-cast traffic.

Just remember on switches to Port Mirror the ports on your switch containing the CLient and the SEq. In BOTH directions,.... ( i.e. SEQ in Port 4 and Clien in Port 5. 4 mirrors 5 and 5 mirrors 4 ).

If you have a ROUTER, depends on which one and type, model, brand. If the manufacturer has made their device configurable, and whether or not they have the function to do Port Mirroring.
purple
12-19-2004, 07:09 AM
Why would you need to mirror ports on the linux box to the EQ box?
Cryonic
12-19-2004, 07:28 AM
Port Mirroring is a function of the higher end switches (e.g. Cisco) and will not be found in most of the brands that you would buy in your local BestBuy.

A user would be better off placing Two NICs in their SEQ box and place it between their router and all their other computers as then the traffic is forced to route to the SEQ box to get out onto the Net...
ThePowerTool
12-20-2004, 10:51 AM
FYI - I use an old 10Mb hub (I have a few laying around) which is plugged into my slightly newer 10/100 switch. The only two boxes on the 10Mb hub are EQ and SEQ. At this time, the bandwidth bottleneck is still my ISP.

This can be an excellent alternative if you don't happen to have a spare NIC sitting around. Ask a friend. You never know who might have an old 10Mb hub just laying around gathering dust that would be willing to part with it for free, or almost-free.
BlueAdept
12-20-2004, 03:51 PM
You can always pick up a Network card from ebay for like 6-7 bucks including shipping (just look out for people charging a fortune for shipping). If you cant afford that, you shouldnt be playing EQ or messing with SEQ.
Cryonic
12-20-2004, 11:06 PM
on Ebay... Hell you can buy them new at BestBuy or CompUSA for less than $10.
splooge
12-23-2004, 11:48 PM
A user would be better off placing Two NICs in their SEQ box and place it between their router and all their other computers as then the traffic is forced to route to the SEQ box to get out onto the Net...

You could be really cool and replace the cable/dsl router with your SEQ box.
Cryonic
12-24-2004, 12:11 AM
I would only recommend that for users that are going to keep the box secure and up2date.
Raventhalos
12-24-2004, 06:01 AM
Another option if you don't want to use a second NIC or have your Linux box serve as your Cable/DSL router for all your traffic, is to Dual-Home your Linux box and have it serve as the gateway for the computer running EQ.

I do it this way so I don't have to configure my IPtables/IPchains on my Linux box, but still have the proctection of the hardware router/firewall.
HCLogo
12-25-2004, 04:22 PM
FYI - I use an old 10Mb hub (I have a few laying around) which is plugged into my slightly newer 10/100 switch. The only two boxes on the 10Mb hub are EQ and SEQ. At this time, the bandwidth bottleneck is still my ISP.

This can be an excellent alternative if you don't happen to have a spare NIC sitting around. Ask a friend. You never know who might have an old 10Mb hub just laying around gathering dust that would be willing to part with it for free, or almost-free.
For those not so "technically inclined" ;) Make sure that your switch is plugged into the "uplink" port of your hub, and you should be all set.
madmatt
12-27-2004, 07:42 AM
Or, for the more technically inclined, just use a plain switch (no virtual ports, no nothing) and use ettercap and its "Arp poisoning" feature:

IP addresses:
172.30.1.1 - Seq machine
172.30.1.2 - Eq machine
172.30.1.201 - Internet Gateway

I have a D-link 10/100 8 port switch, but this approach works with avery switch I tested so far

On the Seq machine I run:
ettercap -T -i eth0 -M arp /172.30.1.2/ /172.30.1.201/

And from that moment on, all the traffic from my eq machine to the gateway is routed through the Seq machine (translated: Seq works ;-)
splooge
12-28-2004, 09:59 AM
I would only recommend that for users that are going to keep the box secure and up2date.

It's easier than what you're suggesting. To do it your way you'll either have to make the seq box an ethernet bridge or you'll have to create another subnet and add manual route statements to your hardware firewall.
Cryonic
12-28-2004, 01:04 PM
You don't have to do anything to the router if you have the SEQ box doing NAT...

E.g.
Internet -> Modem -> Router -> SEQ (IPTABLES NAT) -> All other systems

Either way... Most of the other suggestions are far cheaper than what it would take to do what the original poster put up as that requires a switch in the > $1000 range (last I checked).