Carl Lowenstein wrote:
On 9/8/07, Neil Schneider <[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:
Hello
I would like to build a small home network. I have 2 computers to start. One
of them will be a linux box eventually to server as the firewall. There will
be several computers include one running windows (kids) and mine which will be
converted to a multiple os system including linux. I have a cable modem. What
is the best way (router or hub) to connect the computers? What would I put
between the cable box and firewall workstation and between the firewall and
the other computers?
A typical setup used a dual homed host (two ethernet cards) connected to the
cable modem. This would be the firewall. The other interface is connected to a
hub/switch and then all the other computers are connected to the same
hub/swith. The firewall might also run dhcp to hand out IP addresses to the
other computers as they are connected to the network.
Depending on whether you want this network to use immediately, or want
to become more educated about how firewalls and routers work, you
might consider buying a pre-made router/firewall box. Small,
low-power, and works right away.
carl
Your question suggests you're new to LAN's, have only a couple of
computers, and right now just want to get them networked. So based on
that I agree with Carl as far as going with appliance network gear.
As Neil said, the simplest typical home LAN consists of
[Internet]<-->[Cable/DSL Modem]
^
| +-->[Computer 1]
+-->[Firewall-Router]<--| ...
+-->[Computer n]
In this case you probably want at least a 5-port router, or an 8-port if
you plan on adding other things in the near future, such as a Wifi
Access Point, printer, switches, DVR, or course other computers.
You get a bit more flexibility and future expandability with
[Internet]<-->[Cable/DSL Modem]
^
|
+-->[Firewall-Router]<-->[Wifi AP]
^
| +-->[Computer 1]
+-->[Switch]<--| ...
+-->[Computer n]
Don't underestimate the number of Ethernet ports you'll need. Keep in
mind that for an N-port device, you can only use N-1 ports for node
devices because you'll always have at least one port used on your LAN's
"Backbone". If you anticipate using Wifi, you might want to use an
appliance Firewall-Router-Access Point instead of the Ethernet-only router.
The second layout above is similar to what I use at home:
I have an 8-port 10/100 router (Tweety) to which is connected the Cable
Modem, a Wifi Access Point (William), and an 8-port Gigabit switch.
To the 8-port switch are connected a dedicated File Server (Seven), two
5-port Gigabit switches, and a CAT-6 cable for my wife's DynaVox Vmax.
The two 5-port Gib switches are each in other rooms of the house. One
switch serves my workstation (Proteus) and game/test box (Josef), plus
our here-again-gone-again laptop (Lydia). If I'm working on a client's
computer it goes onto that switch.
The other switch serves my wife's desktop box (Ma-ah), her DynaVox Vmax,
the Infrant X6 backup server (Eight), and a Printer Server (PS1).
All computers in the house are now using Gigabit connections. The router
is 10/100 because it's only talking to the outside world through the
cable modem (or the AP on which a Gib connection is also a waste).
Naturally, all Gib stuff is connected by CAT-6 cables. The rest CAT-5.
*****
There are several Good Enough firewall/router appliances available at
various prices, depending on features and number of ports. They are all
easy to set up with onboard Weblets. Make sure whatever you get uses SPI
(Stateful Packet Inspection) which I think they all do now.
I'm using a Netgear FVS318v3 because it has VPN (Virtual Private
Network) capability. My sister, a brother, and father-in-law all use the
same routers at their homes, and so I can do maintenance on their
networks and boxes via SSH over the encrypted VPN's from my house.
I tend to use either Netgear or Linksys for no particular reason. I used
to have a P90 running LRP (Linux Router Project) for my firewall and may
someday go back to something similar (albeit quieter and lower power).
Switches are cheap. Even Gigabit switches are not too expensive now. But
good Gib Ethernet cards are. I found a deal on some new Intel cards
recently so I lucked out. Not all the Gib switches support Jumbo Frames,
if you care (the new Netgear ProSafe 5- and 8-port switches do).
Like Neil said, if you really want to get your hands dirty, learn
something, and loose hair in the process, you can build your own
firewall using existing Linux- or BSD-based software distributions such
as Shorewall or Monowall. I think most of these are basically LiveCD
systems requiring only a low-end CPU, a CD/DVD reader and a couple of
NIC's. No hard drives required.
Unless you spend a fair piece of change for a good enclosure, these tend
to be noisier and more power hungry than the consumer appliance boxes.
However, you'll have much more flexibility and control than with the
appliances. My experience is that I don't really need that much
capability right now, and don't see that most home users do either.
Hopefully this isn't too much info. I think you'll have a lot of fun
setting up your new LAN. I did.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
