[9fans] DNS/DHCP/AUTH with Raspberry Pi?

[9fans] DNS/DHCP/AUTH with Raspberry Pi?

[brankush]

Hello,

I'm new to Plan9, using acme/p9p for a couple of months, and I want to add plan9 machines to my network. I'm thinking that a DNS/DHCP/AUTH server will be an easy step. If this machine could have the role of an Internet firewall/nat-router it will be even better.

Do you think plan9+raspi can handle this?
What is the recommended size for the SD card for this role?
Do you recommend other hardware? I don't know what tasks need console access during maintenance.

I'll be grateful for any pointers, links and advises.
Thank you.

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Brian L. Stuart]

> I'm new to Plan9, using acme/p9p for a couple of months, and
> I want to add plan9 machines to my network. I'm thinking
> that a DNS/DHCP/AUTH server will be an easy step. If this
> machine could have the role of an Internet
> firewall/nat-router it will be even better.
>
> Do you think plan9+raspi can handle this?

While I haven't set one up like this myself, I'm tempted to do so.
I expect the Pi would make a very nice little auth/dhcp/etc
server.  However, to my knowledge, there aren't any NAT
implementations available on Plan 9.  I know it's been worked
on by several people at different times, but I don't think anyone
has a currently packaged implementation.

> What is the recommended size for the SD card for this role?

The databases used for these functions are pretty small, so
I'd be surprised if you filled a 1G card.

BLS

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Jeremy Jackins]

[-- Attachment #1: Type: text/plain, Size: 1106 bytes --]

I think the raspberry pi disk image that is available is 2GB, so it's
probably easiest if you have at least that.

On 10 October 2014 09:41, Brian L. Stuart <blstuart@bellsouth.net> wrote:

> > I'm new to Plan9, using acme/p9p for a couple of months, and
> > I want to add plan9 machines to my network. I'm thinking
> > that a DNS/DHCP/AUTH server will be an easy step. If this
> > machine could have the role of an Internet
> > firewall/nat-router it will be even better.
> >
> > Do you think plan9+raspi can handle this?
>
> While I haven't set one up like this myself, I'm tempted to do so.
> I expect the Pi would make a very nice little auth/dhcp/etc
> server.  However, to my knowledge, there aren't any NAT
> implementations available on Plan 9.  I know it's been worked
> on by several people at different times, but I don't think anyone
> has a currently packaged implementation.
>
> > What is the recommended size for the SD card for this role?
>
> The databases used for these functions are pretty small, so
> I'd be surprised if you filled a 1G card.
>
> BLS
>
>
>

[-- Attachment #2: Type: text/html, Size: 1614 bytes --]

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Quintile]

sounds like an excellent idea, only one pain, the auth server uses the console for its config

you could use erik's con Ethernet console driver so you can configure it from another plan system, or even dial into the pi and connect back in via con.

this is not referred though, ideally you should not bye able to cup into the auth server, for security reasons.

it's hard to hack a machine that doesn't allow logins.

-Steve




> On 10 Oct 2014, at 13:56, brankush@hushmail.com wrote:
> 
> Hello,
> 
> I'm new to Plan9, using acme/p9p for a couple of months, and I want to add plan9 machines to my network. I'm thinking that a DNS/DHCP/AUTH server will be an easy step. If this machine could have the role of an Internet firewall/nat-router it will be even better.
> 
> Do you think plan9+raspi can handle this?
> What is the recommended size for the SD card for this role?
> Do you recommend other hardware? I don't know what tasks need console access during maintenance.
> 
> I'll be grateful for any pointers, links and advises.
> Thank you.
> 

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[erik quanstrom]

> you could use erik's con Ethernet console driver so you can configure it from another plan system, or even dial into the pi and connect back in via con.

cec(1), which is implemented in 9atom.

- erik

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Quintile]

> 
cec(1)

oops, yep, that's the one.




On 10 Oct 2014, at 22:08, erik quanstrom <quanstro@quanstro.net> wrote:

>> you could use erik's con Ethernet console driver so you can configure it from another plan system, or even dial into the pi and connect back in via con.
> 
> cec(1), which is implemented in 9atom.
> 
> - erik

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[brankush]

On 10/10/2014 at 6:45 PM, "Brian L. Stuart" <blstuart@bellsouth.net> wrote:
> However, to my knowledge, there aren't any NAT
>implementations available on Plan 9.  I know it's been worked
>on by several people at different times, but I don't think anyone
>has a currently packaged implementation.

It might be silly, but how about this:

ISP router ----- Plan9 ----- Linux+P9P

Mount the /net from Plan9 machine on the Linux machine, and add some iptables rules.
Do you think it will work?

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Anthony Sorace]

[-- Attachment #1: Type: text/plain, Size: 599 bytes --]


On Oct 11, 2014, at 15:35 , brankush@hushmail.com wrote:

> It might be silly, but how about this:
> 
> ISP router ----- Plan9 ----- Linux+P9P
> 
> Mount the /net from Plan9 machine on the Linux machine, and add some iptables rules.
> Do you think it will work?

Not without substantial development work (I'd bet more than simply putting NAT on Plan 9). Once you get Plan 9's /net on the linux box, nothing's going to know what to do with it. The existing p9p code won't use it directly, nor will iptables know how to send packets there.

If you want Plan 9 to do NAT, just do that.


[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 169 bytes --]

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Quintile]

if you really want to use plan9 as your internet gateway you could set up PPP between plan9 and Linux, though I have never tried this.




> On 11 Oct 2014, at 20:54, Anthony Sorace <a@9srv.net> wrote:
> 
> 
>> On Oct 11, 2014, at 15:35 , brankush@hushmail.com wrote:
>> 
>> It might be silly, but how about this:
>> 
>> ISP router ----- Plan9 ----- Linux+P9P
>> 
>> Mount the /net from Plan9 machine on the Linux machine, and add some iptables rules.
>> Do you think it will work?
> 
> Not without substantial development work (I'd bet more than simply putting NAT on Plan 9). Once you get Plan 9's /net on the linux box, nothing's going to know what to do with it. The existing p9p code won't use it directly, nor will iptables know how to send packets there.
> 
> If you want Plan 9 to do NAT, just do that.
> 

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[brankush]

On 10/11/2014 at 11:34 PM, "Quintile" <steve@quintile.net> wrote:
>
>if you really want to use plan9 as your internet gateway you could
>set up PPP between plan9 and Linux, though I have never tried this.

I want a safe door to the outside world, and as plan9 is simpler ...
But as I think about, I better take care more about WiFi key or clients being tricked to execute unwanted code, than for exploits in the current router.

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[brankush]

On 10/10/2014 at 11:56 PM, "Quintile" <steve@quintile.net> wrote:
>
>sounds like an excellent idea, only one pain, the auth server uses
>the console for its config

Then, I'll have to choose between a pi+keyboard+display, and a secondhand atom netbook (7-10").
Btw, the usb keyboard and hdmi display are ok on plan9? I'm talking about drivers and plug and play stuff.

>it's hard to hack a machine that doesn't allow logins.

it's hard to fix things remotely too :)

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[David du Colombier]

One can still take a look to the simple stateless
NAPT implementation I did few years ago.

http://9legacy.org/9legacy/patch/nat.diff

It works, but it's incomplete. However, I think
it's simple enough to be used as an example to
work on a more complete implementation.

Another approach would be to implement translation
in user space instead of kernel space.

--
David du Colombier

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[erik quanstrom]

> Not without substantial development work (I'd bet more than simply putting NAT on Plan 9). Once you get Plan 9's /net on the linux box, nothing's going to know what to do with it. The existing p9p code won't use it directly, nor will iptables know how to send packets there.
>
> If you want Plan 9 to do NAT, just do that.

i'm not proud of this solution, but i'm using a ubiquity wifi router as my nat.  it routes all
external traffic to /net.alt on the main cpu server, and routes outbound traffic through a
nat.

i would much prefer a p9 based solution, but i'm also busy and lazy.

- erik

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[cinap_lenrek]

doing plan9 gateway here.

i use a socks and http proxies running on the plan9 gateway machine
to get windows internet connectivity. the plan9 machines just
import the /net.alt ipstack from it.

the advantage is that i can run servers behind my gateway that
listen on the public ip stack (thru socks or 9p import).

the disadvantage is that you need to configure the clients to
use the proxies. but i just have *one* windows box, so not
a problem for me.

--
cinap

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[brankush]

On 10/13/2014 at 9:25 PM, cinap_lenrek@felloff.net wrote:
>i use a socks and http proxies running on the plan9 gateway machine
>to get windows internet connectivity. the plan9 machines just
>import the /net.alt ipstack from it.

Uau! So simple!
I'm still thinking if will work for my machines...

>the disadvantage is that you need to configure the clients to
>use the proxies.

Doesn't dhcp server supply proxy information too?
Otherwise, I don't know what to do with the Androids.

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[lucio]

> i use a socks and http proxies running on the plan9 gateway machine
> to get windows internet connectivity. the plan9 machines just
> import the /net.alt ipstack from it.

I'm not aware that such tools are in the standard distribution (I have
plans to install both 9atom and 9front, but not immediately), could
you give us a pointer or two here?

Also, slightly off topic, I have discovered that NetBSD has a
"mount_9p", but it is not obvious how it is meant to be used (I get a
"Rattach not received, got 107) response, but the documentation is
quite economical regarding authentication).  Does anyone have some
more details on the implementation and deployment?

Lucio.


-------------------------------------------------------------------------------------
This email has been scanned by the MxScan Email Security System.
-------------------------------------------------------------------------------------

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[cinap_lenrek]

there you go:

http://plan9front.googlecode.com/hg/sys/src/cmd/ip/hproxy.c
http://plan9front.googlecode.com/hg/sys/src/cmd/ip/socksd.c

--
cinap

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[lucio]

> http://plan9front.googlecode.com/hg/sys/src/cmd/ip/hproxy.c
> http://plan9front.googlecode.com/hg/sys/src/cmd/ip/socksd.c

Thank you.

Lucio.


-------------------------------------------------------------------------------------
This email has been scanned by the MxScan Email Security System.
-------------------------------------------------------------------------------------

Re: [9fans] DNS/DHCP/AUTH with Raspberry Pi?

[Iruatã Souza]

[-- Attachment #1: Type: text/plain, Size: 1120 bytes --]

The 9P implementation is based on puffs. Its docs/code may be of help.

On Tuesday, October 14, 2014, <lucio@proxima.alt.za> wrote:

> > i use a socks and http proxies running on the plan9 gateway machine
> > to get windows internet connectivity. the plan9 machines just
> > import the /net.alt ipstack from it.
>
> I'm not aware that such tools are in the standard distribution (I have
> plans to install both 9atom and 9front, but not immediately), could
> you give us a pointer or two here?
>
> Also, slightly off topic, I have discovered that NetBSD has a
> "mount_9p", but it is not obvious how it is meant to be used (I get a
> "Rattach not received, got 107) response, but the documentation is
> quite economical regarding authentication).  Does anyone have some
> more details on the implementation and deployment?
>
> Lucio.
>
>
>
> -------------------------------------------------------------------------------------
> This email has been scanned by the MxScan Email Security System.
>
> -------------------------------------------------------------------------------------
>
>
>

[-- Attachment #2: Type: text/html, Size: 1361 bytes --]