Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 .
I've never had more than one machine or more than one monitor before.
I'd like to be able to use both monitors at once on my main machine. I'd like to be able to switch one monitor between machines without too much trouble. I'd rather not where the pins out. KVM will do this, right? KVM is transparent to the computer, right? My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
On Tue, May 27, 2014 at 07:38:34PM -0500, Michael Hennebry wrote:
I'd like to be able to use both monitors at once on my main machine. I'd like to be able to switch one monitor between machines without too much trouble. I'd rather not where the pins out.
Do either of your new monitors have multiple inputs? If you're not needing the console of the second machine often, that might be the easiest approach.
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 .
I've never had more than one machine or more than one monitor before.
I'd like to be able to use both monitors at once on my main machine. I'd like to be able to switch one monitor between machines without too much trouble. I'd rather not where the pins out. KVM will do this, right? KVM is transparent to the computer, right? My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
my 2 monitors each have several video inputs. both monitors are DVI to my main computer, and I recently plugged the 2nd monitor into another computer via VGA, so I could switch it using the front panel pushbutton on hte monitor. I used a seperate keyboard/mouse for that seperate computer.
IF your monitor and computers use the same video connection as your KVM supports, then sure, you could put the KVM on one monitor, and switch it and the keyboard between the two computers, the other monitor would stay plugged into the one computer that has dual ouputs.
now, about that networking thing. thats a whole different issue. plugging the 2nd computer into the 2nd port on the first computer will require the first computer to implement some form of network sharing and to configure a 2nd subnet address range on that 2nd port, something like 192.168.x.y.
On Tue, 27 May 2014, John R Pierce wrote:
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 .
I've never had more than one machine or more than one monitor before.
I'd like to be able to use both monitors at once on my main machine. I'd like to be able to switch one monitor between machines without too much trouble. I'd rather not where the pins out. KVM will do this, right? KVM is transparent to the computer, right? My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
my 2 monitors each have several video inputs. both monitors are DVI
My monitors have only a single input each.
IF your monitor and computers use the same video connection as your KVM supports, then sure, you could put the KVM on one monitor, and switch it and the keyboard between the two computers, the other monitor would stay plugged into the one computer that has dual ouputs.
In other words, if it works, the KVM switch is transparent to the computers: Neither computer will need additional programming. Good.
If I plug both monitors or one monitor and the KVM switch into the dual-output computer, it should boot up and use both. Correct?
now, about that networking thing. thats a whole different issue. plugging the 2nd computer into the 2nd port on the first computer will require the first computer to implement some form of network sharing and to configure a 2nd subnet address range on that 2nd port, something like 192.168.x.y.
I thought the networking thing might be more interesting. I was petty sure that each should have a local IP address for the other and if the 2nd machine wants to contact the outside world, numero uno will need to know how to mediate the connection.
On 5/28/2014 1:29 AM, Michael Hennebry wrote:
On Tue, 27 May 2014, John R Pierce wrote:
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 .
I've never had more than one machine or more than one monitor before.
I'd like to be able to use both monitors at once on my main machine. I'd like to be able to switch one monitor between machines without too much trouble. I'd rather not where the pins out. KVM will do this, right? KVM is transparent to the computer, right? My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
now, about that networking thing. thats a whole different issue. plugging the 2nd computer into the 2nd port on the first computer will require the first computer to implement some form of network sharing and to configure a 2nd subnet address range on that 2nd port, something like 192.168.x.y.
I thought the networking thing might be more interesting. I was petty sure that each should have a local IP address for the other and if the 2nd machine wants to contact the outside world, numero uno will need to know how to mediate the connection.
It can get fairly "interesting" depending on what you are trying to do. You may need a special crossover cable to connect the two computers directly. The newer network cards may be able to handle doing this with a standard cable, but I haven't tried it.
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
On Wed, 28 May 2014, Bowie Bailey wrote:
On 5/28/2014 1:29 AM, Michael Hennebry wrote:
On Tue, 27 May 2014, John R Pierce wrote:
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 .
My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
It can get fairly "interesting" depending on what you are trying to do. You may need a special crossover cable to connect the two computers directly. The newer network cards may be able to handle doing this with a standard cable, but I haven't tried it.
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
I don't know that I do. I've not done anything with a router since connecting my old computer to CenturyLink's router/modem.
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
On Wed, May 28, 2014 at 2:00 PM, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
I don't know that I do. I've not done anything with a router since connecting my old computer to CenturyLink's router/modem.
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
Routers and modems from ISPs are sometimes different things and sometimes integrated. If you are getting a public IP on your first computer you either just have a modem, or if it is is also a router it is running in bridged mode. You can add a separate router ahead of both computers. To make things more complicated there are also some combo devices where the router side can split bridged/NAT mode to supply both some number of static public IPs and a private subnet (but if you had one of those you would probably know it).
Les Mikesell wrote:
On Wed, May 28, 2014 at 2:00 PM, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
I don't know that I do. I've not done anything with a router since connecting my old computer to CenturyLink's router/modem.
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
Routers and modems from ISPs are sometimes different things and sometimes integrated. If you are getting a public IP on your first computer you either just have a modem, or if it is is also a router it is running in bridged mode. You can add a separate router ahead of both computers. To make things more complicated there are also some combo devices where the router side can split bridged/NAT mode to supply both some number of static public IPs and a private subnet (but if you had one of those you would probably know it).
I don't trust the router from the phone co; I have my own router on this side of it, and then I have *real* control. If I want to make something internal only, I can.
mark
On 5/28/2014 3:00 PM, Michael Hennebry wrote:
On Wed, 28 May 2014, Bowie Bailey wrote:
On 5/28/2014 1:29 AM, Michael Hennebry wrote:
On Tue, 27 May 2014, John R Pierce wrote:
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 . My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
It can get fairly "interesting" depending on what you are trying to do. You may need a special crossover cable to connect the two computers directly. The newer network cards may be able to handle doing this with a standard cable, but I haven't tried it.
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
I don't know that I do. I've not done anything with a router since connecting my old computer to CenturyLink's router/modem.
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
The router should have a built-in switch with multiple network jacks. Just plug the new computer into the router along with the old one and you should be fine.
Consumer grade Internet connections only give you a single global IP address, so anything connected to your router will use that same IP address globally. The router will do NAT and DHCP for the internal machines to give them a local address.
(I am assuming that you have a standard modem/router combination that does NAT/DHCP. As Les mentioned, if you have a simple modem that connects to your computer without the built-in router, things will be more complicated.)
Windows will fetch a local IP address (as will Linux) unless you specify one yourself and disable DHCP. The Windows and Linux OS's on the same box may or may not automatically get the same local IP address depending on how the router handles it. What is your concern about the IP address?
On 05/28/2014 02:26 PM, Bowie Bailey wrote:
On 5/28/2014 3:00 PM, Michael Hennebry wrote:
On Wed, 28 May 2014, Bowie Bailey wrote:
On 5/28/2014 1:29 AM, Michael Hennebry wrote:
On Tue, 27 May 2014, John R Pierce wrote:
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 . My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
It can get fairly "interesting" depending on what you are trying to do. You may need a special crossover cable to connect the two computers directly. The newer network cards may be able to handle doing this with a standard cable, but I haven't tried it.
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
I don't know that I do. I've not done anything with a router since connecting my old computer to CenturyLink's router/modem.
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
The router should have a built-in switch with multiple network jacks. Just plug the new computer into the router along with the old one and you should be fine.
Consumer grade Internet connections only give you a single global IP address, so anything connected to your router will use that same IP address globally. The router will do NAT and DHCP for the internal machines to give them a local address.
(I am assuming that you have a standard modem/router combination that does NAT/DHCP. As Les mentioned, if you have a simple modem that connects to your computer without the built-in router, things will be more complicated.)
Windows will fetch a local IP address (as will Linux) unless you specify one yourself and disable DHCP. The Windows and Linux OS's on the same box may or may not automatically get the same local IP address depending on how the router handles it. What is your concern about the IP address?
This is NORMALLY true ... although some ISPs provide multiple real IP addresses too.
It is easy enough to test though ... plug in the computer that works, look at its IP address, if it is in the private range (192.168.x.x, 10.x.x.x, 172.16..x.x to 172.31.x.x) then the provided router is isolating the real IP on the outside port.
It is also then also normally true that internal ports are NAT'ed and isolated from the outside world.
However, routers can be set up differently ... so the router's manager (be that you or your ISP) should be consulted WRT the router setup :D
Johnny Hughes wrote:
On 05/28/2014 02:26 PM, Bowie Bailey wrote:
On 5/28/2014 3:00 PM, Michael Hennebry wrote:
On Wed, 28 May 2014, Bowie Bailey wrote:
On 5/28/2014 1:29 AM, Michael Hennebry wrote:
On Tue, 27 May 2014, John R Pierce wrote:
On 5/27/2014 5:38 PM, Michael Hennebry wrote:
<snip>
> The later editions of fedora didn't like it, so I switched to > CentOS. Now I have two 64-bit machines and two monitors and a
CenturyLink
> router. Also a KVM switch that I have not taken out of the package. > My main machine has two video connections and two ethernet
connections,
> eth0 and eth1 .My secondary machine sometimes runs Windows, > so I'd like it not to have its own global IP address. > My first thought would be to connect it directly > to one of the ethernet ports on my main machine. > > How do I go about this?
<snip>
Why do you want to connect the two computers like this? It is usually more trouble than it's worth unless you want to use the first computer as a firewall or something. Just connect both of them to your router and everything should work fine.
<snip>
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
The router should have a built-in switch with multiple network jacks. Just plug the new computer into the router along with the old one and you should be fine.
<snip>
This is NORMALLY true ... although some ISPs provide multiple real IP addresses too.
AFAIK, not unless you pay extra.
It is easy enough to test though ... plug in the computer that works, look at its IP address, if it is in the private range (192.168.x.x, 10.x.x.x, 172.16..x.x to 172.31.x.x) then the provided router is isolating the real IP on the outside port.
It is also then also normally true that internal ports are NAT'ed and isolated from the outside world.
<snip> I was under the impression that the OP actually doesn't want it visible to the world, isn't intending to browse or email via it, but that it was for *only* inside. IF that is the case, he'd have to go into the router and tell it to assign it an internal IP, and to *not* NAT it.
mark
On 05/29/2014 08:34 AM, m.roth@5-cent.us wrote:
Johnny Hughes wrote:
On 05/28/2014 02:26 PM, Bowie Bailey wrote:
On 5/28/2014 3:00 PM, Michael Hennebry wrote:
On Wed, 28 May 2014, Bowie Bailey wrote:
On 5/28/2014 1:29 AM, Michael Hennebry wrote:
On Tue, 27 May 2014, John R Pierce wrote:
> On 5/27/2014 5:38 PM, Michael Hennebry wrote:
<snip> >>>>>>> The later editions of fedora didn't like it, so I switched to >>>>>>> CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink >>>>>>> router. Also a KVM switch that I have not taken out of the package. >>>>>>> My main machine has two video connections and two ethernet connections, >>>>>>> eth0 and eth1 .My secondary machine sometimes runs Windows, >>>>>>> so I'd like it not to have its own global IP address. >>>>>>> My first thought would be to connect it directly >>>>>>> to one of the ethernet ports on my main machine. >>>>>>> >>>>>>> How do I go about this? <snip> >>>> Why do you want to connect the two computers like this? It is usually >>>> more trouble than it's worth unless you want to use the first computer >>>> as a firewall or something. Just connect both of them to your router >>>> and everything should work fine. <snip> >>> I want the second computer to not have its own global IP address. >>> It will at least occasionally run Windows. >>> I'd prefer not to assume that Windows will >>> not try to fetch an IP address behind my back. >> The router should have a built-in switch with multiple network jacks. >> Just plug the new computer into the router along with the old one and >> you should be fine. <snip> > This is NORMALLY true ... although some ISPs provide multiple real IP > addresses too. AFAIK, not unless you pay extra.
Well sure. But an ISP can provide you with a router that puts all the machines directly on the Internet with a global address. Since the OP did not seem to know how the router is set up, all I said was to verify how it is set up. It would not be a "Good Thing" to plug a default install of a Windows box into a router that is not also providing firewall features of some kind. While this is not the "normal" (or if you prefer, most common) ISP setup ... it is certainly a plausible setup, so one needs to understand what their ISP is providing and do a proper setup. We should not just assume (hahaha) that the ISP router is sent with the most common setup, we should check :)
It is easy enough to test though ... plug in the computer that works, look at its IP address, if it is in the private range (192.168.x.x, 10.x.x.x, 172.16..x.x to 172.31.x.x) then the provided router is isolating the real IP on the outside port.
It is also then also normally true that internal ports are NAT'ed and isolated from the outside world.
<snip> I was under the impression that the OP actually doesn't want it visible to the world, isn't intending to browse or email via it, but that it was for *only* inside. IF that is the case, he'd have to go into the router and tell it to assign it an internal IP, and to *not* NAT it.
WIthout some type of NATing (if you have an internal IP) it can not touch the Internet .. makes reading email kind of hard :D (I did not say direct NATing .. some type of NAT is how things have an internal address and talk to things that have a real address somewhere else)
On 05/29/2014 10:39 AM, Johnny Hughes wrote:
On 05/29/2014 08:34 AM, m.roth@5-cent.us wrote:
<snip> I was under the impression that the OP actually doesn't want it visible to the world, isn't intending to browse or email via it, but that it was for *only* inside. IF that is the case, he'd have to go into the router and tell it to assign it an internal IP, and to *not* NAT it.
WIthout some type of NATing (if you have an internal IP) it can not touch the Internet .. makes reading email kind of hard :D (I did not say direct NATing .. some type of NAT is how things have an internal address and talk to things that have a real address somewhere else)
As driver and co-author of RFC1918, our intention was addresses for systems that had no intention of needing the Internet, just the Intranet. Jon was extremely generous to give us a whole Class A (Net10) besides the 16 Bs we asked for. This was before CIDR and some companies just did not know how to do routing effectively and blew addresses in the process. It were others that came later that said, 'Oh lookie here what we can do!'
I DO run some systems here with internal only. No direct access. I also have a /28 IPv4 allocation and a /48 IPv6 prefix so I can do the direct access as well as NATing.
And I run my own mail server here and the family Win systems do not have direct access (web proxying only) so they have email and controlled web access.
Robert Moskowitz wrote:
On 05/29/2014 10:39 AM, Johnny Hughes wrote:
On 05/29/2014 08:34 AM, m.roth@5-cent.us wrote:
<snip> I was under the impression that the OP actually doesn't want it visible to the world, isn't intending to browse or email via it, but that it was for *only* inside. IF that is the case, he'd have to go into the
router and
tell it to assign it an internal IP, and to *not* NAT it.
WIthout some type of NATing (if you have an internal IP) it can not touch the Internet .. makes reading email kind of hard :D (I did not say direct NATing .. some type of NAT is how things have an internal address and talk to things that have a real address somewhere else)
As driver and co-author of RFC1918, our intention was addresses for
<snip> Yeah, well, my favorite RFC is 1149.... <g>
mark
On 05/29/2014 11:21 AM, m.roth@5-cent.us wrote:
Robert Moskowitz wrote:
On 05/29/2014 10:39 AM, Johnny Hughes wrote:
On 05/29/2014 08:34 AM, m.roth@5-cent.us wrote:
<snip> I was under the impression that the OP actually doesn't want it visible to the world, isn't intending to browse or email via it, but that it was for *only* inside. IF that is the case, he'd have to go into the
router and
tell it to assign it an internal IP, and to *not* NAT it.
WIthout some type of NATing (if you have an internal IP) it can not touch the Internet .. makes reading email kind of hard :D (I did not say direct NATing .. some type of NAT is how things have an internal address and talk to things that have a real address somewhere else)
As driver and co-author of RFC1918, our intention was addresses for
<snip> Yeah, well, my favorite RFC is 1149.... <g>
Then check out 2549. Dave also published an interoperablity test result of 1149! It was a riot!
But my favorite is 1925. Particularly rule 6.
Robert Moskowitz wrote:
On 05/29/2014 11:21 AM, m.roth@5-cent.us wrote:
Robert Moskowitz wrote:
On 05/29/2014 10:39 AM, Johnny Hughes wrote:
On 05/29/2014 08:34 AM, m.roth@5-cent.us wrote:
<snip> I was under the impression that the OP actually doesn't want it visible to the world, isn't intending to browse or email via it, but
that it
was for *only* inside. IF that is the case, he'd have to go into the
router and
tell it to assign it an internal IP, and to *not* NAT it.
WIthout some type of NATing (if you have an internal IP) it can not touch the Internet .. makes reading email kind of hard :D (I did not say direct NATing .. some type of NAT is how things have an internal address and talk to things that have a real address somewhere else)
As driver and co-author of RFC1918, our intention was addresses for
<snip> Yeah, well, my favorite RFC is 1149.... <g>
Then check out 2549. Dave also published an interoperablity test result of 1149! It was a riot!
What, with QoS?
But my favorite is 1925. Particularly rule 6.
I like 11 (quick, what's the difference between a tuple and a row and a record? What's the difference in syntax between C and, um, Java, php, etc, etc? Why is (fill in the latest "hot" web language) better than, say, perl for dynamic content?).
Oh, and on 3: I've always said that it's a good thing we don't have flying livestock - horses, pigs, etc, or we'd all have to carry metal umbrellas to protect ourselves from the results of their last meal....
Um, just had another picture there - flying upper management, and maybe we do need bumbershoots....
mark
My modem/router is a PK5001Z from CenturyLink. IIRC a tech support person told me that it uses ppp internally.
With regard to security, I would prefer to trust Windows or the modem/router as little as possible, hence the desire to connect the Windows box to the main box.
I would like to be able to manipulate the main box so that the Windows box is invisible to bad guys, i.e. has no global IP address. I would like to be able to manipulae the main box so that the Windows box cannot connect to the outside world, even through the main box. On exceptional occasions, e.g. updates, I would like to be able to manipulate the main box so that the Windows box can connect to the outside world.
I'm going to do some experiments before replying again.
BTW CableOne would give me more than one global IP address without paying extra. I discovered this playing around with virtual box, though I do not even have it installed at the moment.
Michael Hennebry wrote:
My modem/router is a PK5001Z from CenturyLink. IIRC a tech support person told me that it uses ppp internally.
With regard to security, I would prefer to trust Windows or the modem/router as little as possible, hence the desire to connect the Windows box to the main box.
<snip> AH! The light dawns!
Similar situation at home. What I did was to buy my *own* router, plug it into Verizon's, change the subnet, and everything goes through *that*. You could, as well, set the routing to go through your main box as a gateway, and NAT there.
mark
On Thu, May 29, 2014 at 11:48 AM, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
My modem/router is a PK5001Z from CenturyLink. IIRC a tech support person told me that it uses ppp internally.
The thing looks like a typical NAT router to me. Are you sure you are getting public IP numbers on the LAN side?
With regard to security, I would prefer to trust Windows or the modem/router as little as possible, hence the desire to connect the Windows box to the main box.
I would like to be able to manipulate the main box so that the Windows box is invisible to bad guys, i.e. has no global IP address. I would like to be able to manipulae the main box so that the Windows box cannot connect to the outside world, even through the main box. On exceptional occasions, e.g. updates, I would like to be able to manipulate the main box so that the Windows box can connect to the outside world.
If that is all you want, you should be able to use a private-range subnet to connect the boxes, and run squid as an http proxy when you want the pass-through.
On Thu, 29 May 2014, Michael Hennebry wrote:
My modem/router is a PK5001Z from CenturyLink. IIRC a tech support person told me that it uses ppp internally.
I'm going to do some experiments before replying again.
BTW CableOne would give me more than one global IP address without paying extra. I discovered this playing around with virtual box, though I do not even have it installed at the moment.
I've done my experiments. The primary one was connecting both computers to the router. My Windows box is booted to CentOS at the moment.
Apparently CenturyLink is not giving me any globally visible (inside global?) IP address. ifconfig gives me a different 192.168.*.* (inside local?) address on each computer. When I ssh to a globally visible machine, the return addresses (63.155.*.*) are the same and the port numbers are different.
Apparently both machines are invisible to the outside world so long as they do not make outbound connections.
On Fri, May 30, 2014 at 1:58 PM, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
I've done my experiments. The primary one was connecting both computers to the router. My Windows box is booted to CentOS at the moment.
Apparently CenturyLink is not giving me any globally visible (inside global?) IP address. ifconfig gives me a different 192.168.*.* (inside local?) address on each computer. When I ssh to a globally visible machine, the return addresses (63.155.*.*) are the same and the port numbers are different.
Apparently both machines are invisible to the outside world so long as they do not make outbound connections.
Yes, that is the normal 'home router' mode where the internet-facing connection gets the public IP addres and the LAN side uses a private range that will be source-NAT'ed to the single public address on outbound connections. The router should also have options to port-forward inbound connections to an inside address, either for a specific port or all of them (DMZ mode) if you do want to accept them - assuming you have the admin password.
On 5/28/2014 12:00 PM, Michael Hennebry wrote:
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
what do you mean by 'global IP address' ? are you on a LAN behind some sort of firewall/gateway, or are these systems directly connected to the public internet ?
To do what you describe, you'll need to configure the 2nd port on the primary system to be a private IP like 192.168.0.1, and implement IP Masquerade via iptables. You'll also want to configure a DHCP server on this second port so any clients connected to it will be offered IP's in that subnet. This will make that primary system act like a SOHO 'router' (I use quotes, because that sort of router is really a internet gateway appliance)
note, btw, 'occasionally running windows' will be a huge pain. If occasional means a few times a month, nearly every time you boot up Windows, you'll be installing windows updates and rebooting. and flash and java and acrobat and all the rest of it.....
On 05/28/2014 03:27 PM, John R Pierce wrote:
On 5/28/2014 12:00 PM, Michael Hennebry wrote:
I want the second computer to not have its own global IP address. It will at least occasionally run Windows. I'd prefer not to assume that Windows will not try to fetch an IP address behind my back.
what do you mean by 'global IP address' ?
Choice of terminology is pretty important; Cisco's consistent (if a bit awkward) four-way terminology for NAT (inside local, inside global, outside local, outside global; see http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat...) is pretty much the standard from a netadmin point of view. I'm thinking he means that he wants the Windows box to have an inside local address but no inside global address (meaning that in order to access the Internet the host to be accessed would have to either be proxied or have an outside local address (most consumer routers don't implement the outside half of the cisco quartet, but some do)).
I have several machines here that have no inside global address and thus don't have routability to the internet (they're in a deny line of the NAT pool ACL).
On 05/29/2014 01:09 PM, Lamar Owen wrote:
Choice of terminology is pretty important; Cisco's consistent (if a bit awkward) four-way terminology for NAT (inside local, inside global, outside local, outside global;...
See the Cisco whitepaper entitled "Enabling Enterprise Multihoming with Cisco IOS NAT" for a thorough treatment of all four varieties, as well as applications for the outside local addressing coupled with the Cisco DNS ALG.
On Wed, May 28, 2014 at 12:29 AM, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
I thought the networking thing might be more interesting. I was petty sure that each should have a local IP address for the other and if the 2nd machine wants to contact the outside world, numero uno will need to know how to mediate the connection.
Physically, you can just plug them together. If they are gigabit interfaces they will automatically handle the crossover part. And you can use iptables on the internet-connected box to NAT the outbound connections. However, the common and simple approach is to use a home router that will typically provide 4 ethernet connections on the LAN side plus wifi for your phone/tablet/laptop.
On Wed, May 28, 2014 at 11:24 AM, Les Mikesell lesmikesell@gmail.comwrote:
On Wed, May 28, 2014 at 12:29 AM, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
I thought the networking thing might be more interesting. I was petty sure that each should have a local IP address for the other and if the 2nd machine wants to contact the outside world, numero uno will need to know how to mediate the connection.
Physically, you can just plug them together. If they are gigabit interfaces they will automatically handle the crossover part. And you
+1
Most GigE interfaces (as part of 802.3ab) [0] will support MDI-X auto-crossover (pre-standard GigE interfaces might not auto-cross as expected)
[0] http://en.wikipedia.org/wiki/802.3ab#1000BASE-T
can use iptables on the internet-connected box to NAT the outbound connections. However, the common and simple approach is to use a home router that will typically provide 4 ethernet connections on the LAN side plus wifi for your phone/tablet/laptop.
Or you could bridge the two interfaces (eth0 and eth1 for example) together. Keep in mind you won't be able to bridge a wired and wireless interface together (at least with much usability/success), so you'd have to NAT/PAT Masquerade if a wireless interface is in the mix.
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 05/27/2014 07:38 PM, Michael Hennebry wrote:
Until recently, I had a 32-bit machine with one monitor running fedora. The later editions of fedora didn't like it, so I switched to CentOS. Now I have two 64-bit machines and two monitors and a CenturyLink router. Also a KVM switch that I have not taken out of the package. My main machine has two video connections and two ethernet connections, eth0 and eth1 .
I've never had more than one machine or more than one monitor before.
I'd like to be able to use both monitors at once on my main machine. I'd like to be able to switch one monitor between machines without too much trouble. I'd rather not where the pins out. KVM will do this, right? KVM is transparent to the computer, right? My secondary machine sometimes runs Windows, so I'd like it not to have its own global IP address. My first thought would be to connect it directly to one of the ethernet ports on my main machine.
How do I go about this? The answer I am expecting is one or more links to tutorials or the like.
I am not sure if it meets your requirements, but Synergy[1] is worth looking into. Synergy allows you to share a keyboard and mouse over the network. I am a Synergy junkie. I have three computers running 6 total monitors at work. Two computers running 4 monitors at home. One keyboard/mouse for each desk.
Also, some KVMs are transparent to the machine. Others (typically cheaper ones) function much like manually plugging in and pulling out the cables. In such cases terminals may give you weird output as it discovers hardware and you might get the Windows ding when it looses connection/establishes a connection with the new hardware. Another potential problem I encountered last night is that Windows lost my second monitor when I resumed from sleep because I was using the second computer on the KVM when I resumed. It also might take a few seconds for the computer to detect the new hardware.
And yes, KVM will do what you want it to (to some extent). I actually did this last night at work. However it wasn't as seamless as I wanted. When I had two computers up, I could only use the single monitor computer as that is where the keyboard and mouse were connected to.
Using one computer with two monitors plus VirtualBox or the like is another option.
Finally, I'd recomend purchasing a switch. It'll make your life easier and they are not expensive.
Best Regards, -Stefan
-
Bowie Bailey -
John R Pierce -
Johnny Hughes -
Lamar Owen -
Les Mikesell -
m.roth@5-cent.us -
Matthew Miller -
Michael Hennebry -
Robert Moskowitz -
SilverTip257 -
Stefan Maerz