I have a shop to put an embedded system into that uses it's own RFC1918
private network called SteadyShot. All I know for sure is that
there is another network, RFC1918, on the other side of SteadyShot's
Netgear based wireless router. This other network is presumably
Windows based and probably runs Windows 10 or better. In other words, I
know absolutely nothing about this Windows network. The
embedded system needs a special text file that is ordinarily stored on a
share in this Windows network. I envision a samba share in a
workgroup that is for the embedded system will need to be accessible to
people on the Windows network so that they can copy truss files
to it. By making a Windows style share available on the embedded system
running Raspbian, I get around having to run software on the
client's Windows machines or ask for a login and password and do a CIFS
mount.
What needs to be done if the mysterious Windows network is set up in
varying ways? It could be an Active Directory
network, a workgroup, a homegroup, or a domain. Whatever it is, this
mysterious Windows network needs to see the samba share in the embedded
workgroup and be able to access it. I could ask for a low privilege
account in the mysterious network, but I prefer to provide a share
instead and have people in this other network copy what is needed to
that share. I'm not the administrator of the customer's Windows
network,
so I am in no position to request any configuration changes to that
network to accommodate accessing the SteadyShot system. I should
probably
let the customer choose the name of the SteadyShot workgroup and other
credentials through a web interface. Preferable if uploading truss
files
from say drive N in the Windows network to /home/pi/trusses on the
Raspbian Stretch controller can be automated as well.
I'm concerned that ports 137, 138, 139, and 445 need to cross the
Netgear router for people in the mysterious Windows network to access
the
SteadyShot Samba share. This isn't ideal. Suggestions on a better
approach than letting all those ports through is most welcome. Realize
that there has to be Internet access for SteadyShot router which is
hooked to the mysterious Windows network. Opening ports can be a major
security headache where there is a high likelihood that the customer
will say no.
I want to replace the Netgear with a Pi 3 running hostap, high gain
antennas, and an iptables firewall. Building a router for less than
$30...
I don't see that happening. A custom more expensive router is going to
be a very hard sell, but done right I could solve solve some security
problems and performance problems. I don't think something better than
the Netgear R6020 is going to cost less than $150 in parts alone. Note
that I can add a real time clock and run openvpn. I am concerned about
what antenna to get to plug into the Pi 3 usb on both Pi's. Planning
on building both the controller and router into one enclosure. The only
proprietary piece will be the controller program which needs to be
protected. Controller belongs to the company I work for. The R6020
doesn't have enough gain or maybe it's an antenna problem... The box 48
feet away and 15 feet or so up has problems getting on the wifi. The
obvious answer is a better router that is more capable, but that
potentially
hurts the profitability of the whole system.
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
