Hello
I take it that a linux pc could eventually replace the firewall
router which would allow for flexibility of updating firewall
software. Is this correct? I spent some time at Frys looking at the
boxes to see how things are done.
Thanks,
Andrew
At 14:24 2007-09-08, you wrote:
Carl Lowenstein wrote:
On 9/8/07, Neil Schneider <[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:
Hello
I would like to build a small home network. I have 2 computers to
start. One
of them will be a linux box eventually to server as the firewall.
There will
be several computers include one running windows (kids) and mine
which will be
converted to a multiple os system including linux. I have a cable
modem. What
is the best way (router or hub) to connect the computers? What would I put
between the cable box and firewall workstation and between the firewall and
the other computers?
A typical setup used a dual homed host (two ethernet cards) connected to the
cable modem. This would be the firewall. The other interface is
connected to a
hub/switch and then all the other computers are connected to the same
hub/swith. The firewall might also run dhcp to hand out IP addresses to the
other computers as they are connected to the network.
Depending on whether you want this network to use immediately, or want
to become more educated about how firewalls and routers work, you
might consider buying a pre-made router/firewall box. Small,
low-power, and works right away.
carl
Your question suggests you're new to LAN's, have only a couple of
computers, and right now just want to get them networked. So based
on that I agree with Carl as far as going with appliance network gear.
As Neil said, the simplest typical home LAN consists of
[Internet]<-->[Cable/DSL Modem]
^
| +-->[Computer 1]
+-->[Firewall-Router]<--| ...
+-->[Computer n]
In this case you probably want at least a 5-port router, or an
8-port if you plan on adding other things in the near future, such
as a Wifi Access Point, printer, switches, DVR, or course other computers.
You get a bit more flexibility and future expandability with
[Internet]<-->[Cable/DSL Modem]
^
|
+-->[Firewall-Router]<-->[Wifi AP]
^
| +-->[Computer 1]
+-->[Switch]<--| ...
+-->[Computer n]
Don't underestimate the number of Ethernet ports you'll need. Keep
in mind that for an N-port device, you can only use N-1 ports for
node devices because you'll always have at least one port used on
your LAN's "Backbone". If you anticipate using Wifi, you might want
to use an appliance Firewall-Router-Access Point instead of the
Ethernet-only router.
The second layout above is similar to what I use at home:
I have an 8-port 10/100 router (Tweety) to which is connected the
Cable Modem, a Wifi Access Point (William), and an 8-port Gigabit switch.
To the 8-port switch are connected a dedicated File Server (Seven),
two 5-port Gigabit switches, and a CAT-6 cable for my wife's DynaVox Vmax.
The two 5-port Gib switches are each in other rooms of the house.
One switch serves my workstation (Proteus) and game/test box
(Josef), plus our here-again-gone-again laptop (Lydia). If I'm
working on a client's computer it goes onto that switch.
The other switch serves my wife's desktop box (Ma-ah), her DynaVox
Vmax, the Infrant X6 backup server (Eight), and a Printer Server (PS1).
All computers in the house are now using Gigabit connections. The
router is 10/100 because it's only talking to the outside world
through the cable modem (or the AP on which a Gib connection is also
a waste). Naturally, all Gib stuff is connected by CAT-6 cables. The
rest CAT-5.
*****
There are several Good Enough firewall/router appliances available
at various prices, depending on features and number of ports. They
are all easy to set up with onboard Weblets. Make sure whatever you
get uses SPI (Stateful Packet Inspection) which I think they all do now.
I'm using a Netgear FVS318v3 because it has VPN (Virtual Private
Network) capability. My sister, a brother, and father-in-law all use
the same routers at their homes, and so I can do maintenance on
their networks and boxes via SSH over the encrypted VPN's from my house.
I tend to use either Netgear or Linksys for no particular reason. I
used to have a P90 running LRP (Linux Router Project) for my
firewall and may someday go back to something similar (albeit
quieter and lower power).
Switches are cheap. Even Gigabit switches are not too expensive now.
But good Gib Ethernet cards are. I found a deal on some new Intel
cards recently so I lucked out. Not all the Gib switches support
Jumbo Frames, if you care (the new Netgear ProSafe 5- and 8-port switches do).
Like Neil said, if you really want to get your hands dirty, learn
something, and loose hair in the process, you can build your own
firewall using existing Linux- or BSD-based software distributions
such as Shorewall or Monowall. I think most of these are basically
LiveCD systems requiring only a low-end CPU, a CD/DVD reader and a
couple of NIC's. No hard drives required.
Unless you spend a fair piece of change for a good enclosure, these
tend to be noisier and more power hungry than the consumer appliance
boxes. However, you'll have much more flexibility and control than
with the appliances. My experience is that I don't really need that
much capability right now, and don't see that most home users do either.
Hopefully this isn't too much info. I think you'll have a lot of fun
setting up your new LAN. I did.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
--
No virus found in this incoming message.
Checked by AVG Free Edition. Version: 7.5.485 / Virus Database:
269.13.10/995 - Release Date: 9/8/2007 1:24 PM
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
