Networking – killswtch.net

Thank you, Valve

EDIT: The configuration below has now been superceded by LANCache.

About twice a year I help set up and run a local LAN Party at a Rugby club on the outskirts of town. Compared to more widely known events, ours is tiny in comparison – typically 20-30 people – all squeezed into the club house.

One thing that a LAN party needs to be a success, particularly in the last few years, is a solid connection to the internet so that multi-player server lists can be retrieved, DRM systems can unlock, updates can download, and people can sign into Steam. Guests might also wish to have more general net access for the web, email, IM etc. One of the issues with smaller venues, however, is that they generally have no need for a fast, reliable internet service – the cheapest consumer-grade connection will normally suffice. In some cases, the geography of the less expensive locations – required for small parties – tends to impose technical limits on what services are available anyway. In our case, the clubhouse has an ADSL connection which syncs at about 2Mbit on a good (dry) day.

Continue reading “Thank you, Valve”

The reality of 3G broadband

Back when 3G was being deployed, the massive investment some communications companies made in constructing their next generation networks seemed ludicrous. Now, with the advent of useful smartphones becoming integrated into mainstream society, this provision for a higher speed packet-switched network has become the backbone of non-voice mobile communications.

I’m always a skeptic when new technologies and products are floated – they have to prove themseleves before I will accept them. Thus I am mostly immune to hype, and can normally see through the misleading marketing. So, I have held off buying the latest mobile phones and switching completely to 3G broadband.

3G is seen by many as a replacement for fixed line broadband. At the moment I’m between fixed-line broadband providers (for the past 2 weeks) and have had the choice of no internet, digging out my 56k modem and paying per minute, or giving 3G a try. While no ‘net access would possibly have been good for me, the addict inside me and the coinciding offer of voucher double-up at Tesco led me to purchasing a T-Mobile 3G Broadband giftpack.

T-Mobile seem to be the only provider offering time-based services at a reasonable cost, instead of traffic-based services (pay per GB). 3 months comes bundled with the ~£35 cost of the package, which is pretty attractive for the freedom and backup service it should offer.

However, it seems there is a reason that such offers don’t run the risk of you abusing the essentially unlimited traffic allowance – it’s near impossible to maintain a connection unless you take abnormal measures to keep it alive. Due to the way 3G and most packet-switched/virtual connection networks operate, and to avoid cells becoming unnecessarily busy, connections are only kept alive so long as they are active. If network access is required after an idle period where the connection is ‘dropped’, it transparently reconnects itself. At least this is the theory.

In practice, possibly due to the proliferation of 3G-enabeld devices it’s very hit or miss as to whether I get a live connection in the first place or manage to keep alive one long enough for it to be useful.

To get around this problem as best as possible (it’s still not 100%) I’m using my fileserver as a temporary router, with the dongle plugged into that. A basic firewall interface got the thing working without too much work. With my fileserver being Linux-based, there is one extra step needed – installing usb_modeswitch. This package is available in Ubuntu and once installed ensures that the dongle is placed in modem mode instead of storage mode. To keep the connection alive, I set ping running in continuous mode against a server I run.

After using this for 2 weeks, I can report back a few observations:

Multi-tasking is near impossible, so make sure you’re only loading one site at once
Images are automatically reprocessed to far lower quality where possible, which is actually a good thing as it makes sites just as quick as normal
It is just about possible to play games, in my case L4D2; however don’t expect low pings (200-300 seemed common)
Don’t ever consider it as a full-time replacement for a proper fixed line, however as a backup it beats 56k when you’re used to higher speeds
By default, certain content is blocked; I’ve not been able to get Windows Live Messenger working despite removing the filtering

I hope this is helpful for anyone who is contemplating doing something along the same lines.

Switches on eBay

I’ve listed 2 of the 3 replaced switches on eBay. If anyone wants a bargain, get bidding on them!

Switch consolidation

We recently had our latest electricity bill in, and it was pretty huge. To try to reduce the next bill, reduce the heat output of the cabinet and speed up the network I decided to combine 5 switches into one.

Before now all devices in the house have been connected to one of 3 switches: a 5 port gigabit switch (4 usable ports, 1 for uplink), a 24 port managed 10/100 switch, and a 4 port managed gigabit switch (3 usable ports, 1 for uplink. These switches used a combined 51 watts, and are on continuously, although lately I’ve switched the 4 port gigabit switch off to reduce the noise levels in the cabinet.

I have now replaced these 3 switches with a single 24 port unmanaged gigabit switch. It was a 2nd hand purchase from eBay, and had 2 faulty fans. I’ve replaced one of the fans and left the other disconnected with no problems so far. This switch uses about 17 watts of power.

In addition to consuming 34 watts less, I’ve also freed up 1u of space. With all the amplifiers, computers, networking equipment etc. space is starting to become a premium and the weight of the rack is becoming a concern.

Completing the data wiring

Today I added the final 4 network points – there are now a total of 24 around the house.

The wiring project started about 14 months ago, with the plan to have at least 2 network points in all rooms except the bathroom. The final distribution has ended up as:

Living room: 6
Dining room: 4
Kitchen: 2
Pantry: 4
Landing: 2
Bedroom 1: 4
Bedroom 3: 2

Despite considering that 24 ports might be a little excessive, I’ve come to realise that 24 ports isn’t quite enough especially when it comes to distributing analogue audio & video over CAT5 (i.e. not as IP data) since at least one port is required for each A/V combination depending on the quality of the signal desired. The living room should probably have 4 more ports, the kitchen could do with at least 2 more and a couple by the front door would come in useful for security purposes.

I’ve learnt a lot from the experience of doing this wiring, such as how to lift floorboards, that lathe & plaster ceilings are extremely fragile and plastering is nowhere near as easy as it looks.

Running the cables before moving in was certainly a good idea. It would have taken me probably another 12 months otherwise to get to this stage. It’s taken a lot more work than I expected, although the overall time is down to being in a lazy, bored and/or apathetic mood most weekends. I’m glad I did it though – the ports have come in useful for the MythTV system, for the family computer and soon enough the whole-house audio system. I’m also using them to trial some IP video cameras.

Trunking and tray

I’ve finally managed to find somewhere to buy stuff to tidy up some of the cabling around the house. A couple of weeks ago I ordered some trunking and a cable tray (which will replace the improvised MDF/timber one I constructed from offcuts) from Minitran.

Continue reading “Trunking and tray”

Re-running cables

There are two main wiring routes that are part of my ongoing project to wire up our house for A/V and data distribution – one goes from the bottom of my wardrobe directly down to the room below, and the other goes across a short stretch of the landing and down into the pantry.

Until yesterday, the 4 x speaker and 6 x CAT5 cables going to the pantry were laid under the carpet, then pushed down through a hole in a floodboard and the corresponding hole in the pantry ceiling. The reason for this was simply that it was too much work at the time to run the cables properly, i.e. beneath the floorboards. At the time when I was running the cables, we weren’t living in the house so I only had relatively short visits in which to do the work.

I spent most of yesterday improving the situation by pulling up flooadboards, drilling holes in joists and reaching around in the dirt. All but 2 of the cables that were fed under the carpet are now out of sight under the floorboards of the landing. The remaining 2 cables are CAT5 feeds to bedroom 3, which take a slightly different route to the main runs and are already connected at both ends.

Continue reading “Re-running cables”

A video summary of some of the projects

Here’s a video I’ve put together about some of my projects. Sorry about the wobblyness and wonkyness – I’m not sure where I’ve put my tripod.

[youtube:http://www.youtube.com/watch?v=qrr2XKAB0L0]

Wiring the house

Before we moved into our new house, I lifted some of the carpets and floorboards and installed some runs of cat5 and speaker cable. In total there are 24 cat5 cables and 4 pairs of speaker cable. I’m not sure the length of network cable that was used, but a rough estimate is 400m – not quite as impressive as some other installations I’ve seen details of, but it’s a fair amount to pull on your own! I know exactly how much speaker cable was used though, because I used the whole reel – 100m.

Continue reading “Wiring the house”

SSH brute force attack prevention

The standard SSH server does not come with any usable form of SSH brute force attack prevention, but with a few firewall rules it’s possible to implement something that works quite well. I have set up the rules on 2 machines with great success. To make sure that I dont get locked out accidentally though I added an extra rule before these to allow access from my trusted network. If you only have remote access to the machine, it may be a good idea to do the same.