Specific equipment I deal with AND already had the time so far to cover it on this website can be found on my dedicated hardware page. I have some really wicked information there

As I already mentioned with the Abstract above, this page provides practical knowledge with regards to computer networks. This page is then also part of my Network Context.

Daily/Common Practice

Utilities, Files etc. of Interest

Files respectively Directories

/etc/hosts
/etc/nsswitch.conf
/etc/networks
/etc/resolv.conf
/etc/hostname
/etc/services

man 5 interfaces
/etc/network/interfaces
/etc/networks

Linux CLI (Command Line Interface) Utils

Utils/Commands to show/set Network Configuration/Status/Parameters

• net-tools
• iproute
• netstat
• hostname
• route
• ifupdown
• dig

Network Exploration/Reconnaissance and Security Auditing

I felt this subsection belongs into a more specific context (Security --> Networking) rather than just this one (Network) — I put this subsection onto another, dedicated security page, and interlinked them.

OpenWRT Networking

This subsection is about practice in networking with a certain kind of devices which run a certain kind of Linux. It is about a wireless access point, switch and embedded Linux computer which runs a Linux known as OpenWRT. The particular device in question is the Linksys WRT54GL.

This subsection started as an offspring of some documentation I wrote while configuring the WRT54GL. Since it is about networking with the WRT54GL, I simply felt it belongs here (Network context) more than it belongs into the Hardware context.

OpenWRT Networking - Introduction - VLAN and Bridge Concepts

Before getting too far into the details, it is important to know what VLANs are and how they work. A VLAN (Virtual LAN) is, in basic terms, a group of physical interfaces also known as ports on a switch that behave as if they are a separate standalone switch. This allows us to use one physical switch, but partition it into multiple LANs (Local Area Networks), each one completely isolated from the others. The switch must support VLAN configurations — most cheap switches do not allow this, but high end manageable switches do, as does the internal switch on the OpenWRT.

VLANs are used when we need to separate traffic between groups of devices, but one only wants to use one physical switch. For example we might want one VLAN outside our firewall, for public web/mail servers, and another VLAN for our internal machines such as desktops and boxes with private data. They cannot be placed on the same LAN for security reasons, so we use VLANs to isolate the groups of ports.

Let us say we have a 10 port switch, and we configure ports 1-5 as VLAN1 and 6-10 as VLAN2. All devices which are plugged into ports 1 thru 5 behave as if they are on their own switch, and devices in ports 6-10 act as if they belong to another switch. The main rule is that communication between ports on separate VLANs is blocked — even if we configure devices with the same subnetworks, they will not be reachable to devices in other VLANs.

And of course, it is also possible to configure it differently — if we later decide we need to put another device in VLAN1 and we have only used 4 ports in VLAN2, we can move any of the VLAN2 ports into VLAN1. So then we might end up with VLAN1 as ports 1-5 and 8, and VLAN2 as ports 6,7,9,10.

The number of VLANs we can configure on any OpenWRT device is only limited by the number of ports e.g. for n physical ports we might configure n or less than n VLANs.

VLAN Trunking

If you have a switch with multiple VLANs, you may want to attach a device (such as another switch) that needs to talk to more than one VLAN. This could be a firewall, which will take packets from one VLAN, filter them, then pass them to another VLAN. Alternatively, you might have a second switch that has the same two VLANs on them, and you want the two switches to exchange packets between each other for both VLANs, whilst maintaining the separation.

Rather than wasting ports by using separate ports per VLAN, we use a process known as trunking. One port on the switch must be configured as a trunk port, and this port will have connectivity to all VLANS for which it is set to be a trunk port. If you have a switch with 3 VLANs, you can configure one (or more) trunk port(s) to have connectivity to all VLANs, or just a subset of the VLANs.

How does the switch maintain isolation with this port? This is done with "tagging". Every packet sent or received from the trunk port has a little tag attached to it, indicating what VLAN it is for or from. So a device receiving packets looks at the tag to see what VLAN that packet is from. When the device sends traffic to the switch, it will add a tag itself, and the switch will look at the tag and send the packet to the VLAN indicated.

In the example of an attached firewall, a packet coming in from the internal LAN will be sent out the trunk port to the firewall, tagged with the internal VLAN number. The firewall will process the packet, then send it back to the switch with a tag for the external VLAN, and the switch will look at this tag and send it to the outside device.

You can see that a device such as a firewall will see each separate VLAN as if it is a different network interface. The internal VLAN is like a NIC on the inside of the network, and the external interface behaves just like a NIC on the outside. Because of this, most hosts and firewalls that support VLAN tags are setup such that each VLAN tag is as if it was another separate network interface, even though it's the same physical wire.

Bridging

In networking, a bridge is a link between two ethernet interfaces in such a way as to link them together to the same LAN. If you have a box with two bridged ethernet interfaces, then connect each interface to separate switches, the two switches are effectively linked together as if they're connected with a cable. You can also link together a wired ethernet interface with a wireless interface - the two are then linked together, much like a wireless AP or bridge.

One useful feature of bridging is that the Linux box which is doing the bridging can listen to and send its own traffic. It does this by creating another interface. If you link eth0 and eth1, they will be bound to an interface br0 (or br1, etc). You can then assign an IP address to br0 and it will behave like a normal network interface attached to this bridged network. You cannot configure an IP address on the bridge members (eth0 or eth1), it needs to be done on the bridge interface.

http://wiki.openwrt.org/OpenWrtDocs/NetworkInterfaces

Firewalling with OpenWRT

WiFi (Wireless Fidelity)

Yes, there is already the OpenWRT Networking section on this page ... we know that. The reason why the OpenWRT section is not a subsection of the WiFi section is simply because networking with OpenWRT is more than just WiFi. So, this section is really just about WiFi.

For the most part, I am going to focus on the practical part e.g. how to set up, configure and run a WiFi network with its necessary devices. Those who want to dive into theory about WiFi might be better off visiting one of the numerous pages on the net which cover WiFi theory in detail.

WiFi on Suno's Subnotebook

Of course I use WiFi with my subnotebook. How I installed and configured this is is covered onto another page.

Suno's LAN@home