Introduction: Your Personal Intranet (Part 1).

About: computoman.blogspot.com Bytesize articles instead of a trilogy in one post.
You can set up your own intranet without being connected to the internet.  That way you can set up things just the way you want without having to follow any external rules. You can have your own servers, clients, and other ip based hardware for your own needs. One of the reasons I wanted to do this is to introduce you to guerrilla networking (not marketing). What if you wanted to have a network without using an ISP (internet service provider).

Note: DO NOT CONNECT THIS SET UP TO THE REAL INTERNET, Be careful too, because wifi will not distinguish between the two.

When people go to the trouble to set up their own network, they usually may gain respect for all the hard work that goes into network management.  One of the reasons we wanted to do this instructable is to encourage those who like to be hackers to try working on their own equipment rather than be mischievous to someone else's systems. Most everything in this project was developed using legacy equipment, with up to date software. Cost was minimal.  Ethical pen (penetration) or security testing training is usually done with this kind of setup at first

Update: With an internet "kill switch" law looming to be passed, I might not be a bad idea to make your network intenetless proof.
See also: https://www.instructables.com/id/Your-personal-intranet-Part-2/
               https://www.instructables.com/id/Statusnet-the-Twitter-clone-setup/

Step 1: What's Needed.

Equipment:
AT least three routers and manuals (better if they support dd-wrt or the like).
Cat 5 or better networking cable(s). In some cases you can make your own cheaper if you are going to use a lot of cable) otherwise just get store bought cable.
Cable ends. Cable ends and cable are available from better electronic and computer stores.
Your various extra computers, printers and etc.
optional:
crossover cable adapters.
Cable ties to make things neater.
Standalone switches.

Tools:
Cable end crimper (if you are going to make your own cables).
Cable tester. (even store bought cable can have problems).pen or other writing device and pad to write down information.
Router maunals so tht you can find out how to set up reserve addresses and port forwarding for your router.

Step 2: Domain Name Addressing (internet Telephone Book).

We need a way to know what device is what and or who. That is why we need an internet telephone book. The internet is in some ways still is like a telephone network. You can key in the phone number of someone to call or you can use the phone book to look up their phone number. The internet is sort of the same, but now the directory assistance is built in so to speak. The internet uses an internet protocol address instead of a phone number, to identify which computer is which,

The Google internet protocol address is: 173.194.64.106 in this case.

Computer directory assistance:

$ nslookup www.google.com
Server:        x.x.x.1
Address:    x.x.x.1#xx

Non-authoritative answer:
www.google.com    canonical name = www.l.google.com.
Name:    www.l.google.com
Address: 173.194.64.147
Name:    www.l.google.com
Address: 173.194.64.105
Name:    www.l.google.com
Address: 173.194.64.103
Name:    www.l.google.com
Address: 173.194.64.104
Name:    www.l.google.com
Address: 173.194.64.99
Name:    www.l.google.com
Address: 173.194.64.106


$ dig www.google.com

; <<>> DiG 9.7.0-P1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24576
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.            IN    A

;; ANSWER SECTION:
www.google.com.        538147    IN    CNAME    www.l.google.com.
www.l.google.com.    248    IN    A    173.194.64.106
www.l.google.com.    248    IN    A    173.194.64.103
www.l.google.com.    248    IN    A    173.194.64.147
www.l.google.com.    248    IN    A    173.194.64.104
www.l.google.com.    248    IN    A    173.194.64.99
www.l.google.com.    248    IN    A    173.194.64.105

;; Query time: 12 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Nov 24 19:28:07 2011
;; MSG SIZE  rcvd: 148

Noticed I typed in  the Googles intenet address and was able to get to site. To remember all the internet addresses you might want go to is an extraordinary task. So the internet has directory assitance built in. In the second frame, I just used Googles web site name to get to their site. That is it goes to a DNS (Domain name server is an internet equivalent of directory assistance) to translate the website name to an internet address and then your browser goes to that numerical address. It usually happens so fast that you may not realize what is going on. Since we will not access the real intenet, so for our internet we will be setting up a crude form of directory assistance of your own. That is unless you want to remember all the numbers.

One last detail:
Like the phone book, the names are listed in a certain way. Usually the last name and the first name. for the internet, this is an over simplification, but the websites can have two or more parts.
www.google.com breaks up into:

www -  world wide web
google - the name of the domian
com- the type of domain it is. .com is a commercial site usually.

Other extensions:
org - non-profit
gov - governmental unit, and etc.

More info at http://en.wikipedia.org/wiki/Domain_Name_System

Step 3: Ethernet Cabling Basic.

You can usually get the cables you need from a local computer or electronics store. If you plan to do any amount of cabling, it is usually but not always cheaper to get the cable and cable ends in bulk. Wig so many places going ro wireless, you cam almost get cable for free where it is being striped out of buildings. Most of all, but not all cables have eight conductors or wires. They are usually color colded. Makes it easier to make cable ends. The colors are usually:
white-orange striped
orange
white-green striped
blue
white-blue striped
green
white-brown striped
brown.

No affiliation with this company, but the video is decent about making cable.
http://www.wipeout44.com/video/misc/make_ethernet_cable.asp

There are also two basic tyoe of cabling: (newer routers can automatically detect standard cable wiring).
Patch (traditional cable). T-468b/t-468b
Crossover cablle (rarely used, but great for hooking up two computers directly together without a switch)
t-568a/t-568b

Parts:
Rj-45 cable ends (covers are optional)
Ethernet cat cable or better.

Tools:
RJ-45 cable crimpers.
Cable testers:
>patch cable tester (better ones test each wire separately).
> live network tester (lets you know if the wire is good when plugged into a network port. DO NOT USE THE PATCH CABLE TESTER TO DO THIS!!!!) (NOT SHOWN)

Step 4: So How Do We Connect It? (Router 1 Backbone).

The top level of the network is what we have in router one. This is sometimes called the backbone. Normally I would just want networks to connect to router one, but there is no reason from stopping you from adding a printer, server, or other devices. Generally, you would like o use either static (unchanging) or reserved address on those pieces of equipment.  Computers are not physic yet to know what a changing ipadress might be.

We need to have a root device that serves as DNS (Domain name server) for the highest level (.i.e. the three routers  and any server that is transparent through the two lower routers. The wan (wide area network) of the top network will not be connected. Most people use a 10 or 172 network in large firms for the highest level of the network phone number so to speak. . We will use instead a 192 based network. 192.168.x.x known as a class c network and defined not to be net-workable with the internet per se. We are going to use ipv4 for now. ipv6 changes all the ground rules. Did you notice the ipaddress of Google?

We are going to divide the network into two major subnets. The first advantage here is we can isolate network issues easier. In case of a spreading virus you can remove the connection on the subnet where there is an issue so everyone does not get affected/infected. Then you go to that area and take care of the issue. Once resolved that subnet can bet added back to the network The second advantage here is that you can limit the network traffic to defined areas or the subnet, It also can help in security if certain devices on one subnet do not need to be accessed from the other subnet as required. For example, you will want to have the accounting information separated from other departments that are not involved in the day to day finances. Mostly common sense.

Generally our class c network will or can have up to about 250 devices connected. (192.168.x.x). As for individual hardware assignment, the last part of the address is usually segregated for example .100 to .150 us assigned to clients and .10 to .99 is assigned to server and certain network non-workstation equipment that need an unchanging ipaddress, Makes it easuer to trubleshott issues when you know what equipment is having issues.  Since this is your network not connect to the real internet, you can set it up whatever way you want.

Router 1 is private network 0 or the backbone.

Router 1
Wan ip should not be used.
Dns 192.168.1.1
netmask 255.255.255.0
Broadcast 192.168.1.255
lan address should be 192.168.1.1

Step 5: Router 2.

Router 2 is private network 1.

For reference:

Router 2
Wan ip should be 192.168.1.10
Dns 192.168.1.1
netmask 255.255.255.0
Broadcast 192.168.1.255

Switch lan network should be 192.168.2.x
Router lan address s/b 192.168.2.1

The router wan can us dhcp, but you will have to reserve the address in the router
Let's add the music server and then do some port forwarding.

1. You will want to install the web server on a machine (some interesting links)

https://www.instructables.com/id/Introduction-to-installing-web-apps/

https://www.instructables.com/id/Quicky-web-server-for-linux/

https://www.instructables.com/id/Quicky-web-server-for-MSWindows-XP/

You want to reserve the address for the web server in the router 2 setup per your router firmware documentation..

(The ipaddress of the web server will be 192.168.2.110, but to this outside of router 3, the web server address is 192.168.2.10).

Now to forward the port.

Web servers are usually port 80 (unless you set it up differently, so that is the port you want to forward.

Step 6: Router 3.

Router 3 is private network 2.

For reference:

Router 3
Wan ip should be 192.168.1.20
Dns 192.168.1.1
netmask 255.255.255.0
Broadcast 192.168.1.255

Switch lan network should be 192.168.3.x
Router lan address s/b 192.168.3.1

The router wan can us dhcp, but you will have to reserve the address in the router.

Let's add the music server and then do some port forwarding.

1. You will want to install the firefly music server on a machine (also know as mt-daapd.)

(for the latest Debian "squeeze")
$ sudo apt-get update
$ sudo apt-get install libgcrypt11 forked-daapd

If all went well then it should be up and running. You'll need to adjust the config file for forked-daapd, which is located at /etc/forked-daapd.conf, by changing the music directory to match the directory you store your music in like so:

Then you can simply restart forked-daapd like so:

/etc/init.d/forked-daapd stop
/etc/init.d/forked-daapd start


See https://en.wikipedia.org/wiki/Firefly_Media_Server for more information.

You want to reserve the address for the music server in the router 3 setup per your router firmware documentation..

(The ipaddress of the music server (for us) will be 192.168.3.110, but to this outside of router 3, the music server address is 192.168.3.10).

Now to forward the port.

Itunes is usually port 3689 so that is the port you want to forward.
 

Step 7: Try It Out.

Power up sequence:

Router 1
Any equipment connected to router 1 not including routers 2 and 3.
Routers 2 and 3.
Everything else.

Can you see the web server (with a web browser) from outside router 2?
Can you access the music server (with an itunes compatible client) from outside router 3?

If not go back and check your settings.

In part two we will get into virtual private networks, dnsmasq,  and other media servers. Stay tuned...

Step 8: The Intranet.

An idea coming soon based on the ITCrowd idea.