NAT-tacular (or secure home networking on a budget)
I finally got ADSL a few weeks a ago and have been having fun with sorting out my home network. If anyone is interested in this kind of thing, feel free to read on...
ADSL Provider - Plus - I thoroughly recommend them if you are in the UK. Cheap, very efficient and loads of 'added-value' stuff built-in. And they give static IPs without even being asked! And if you do go with them tell them your referrer was 'tmorph' and I get a bonus! ;)
ADSL interface - Alcatel Speedtouch Pro from DSL Source. Since these are pretty old now, this was dirt cheap. I wanted a router rather than a modem since I didn't want to have to worry about driver problems. The 'Pro does NATting and port forwarding, which was all I really needed above basic connection.
Firewall - My Speedtouch Pro plugs directly into an old Pentium-200 / 64MB machine I had kicking around. I use Smoothwall to turn this machine into a robust firewall. Smoothwall is great - it includes a DHCP server, easy web configuration, web proxy, etc.
Hub - I had an old 5 port 10Mb hub already - the internal network card on my firewall plugs into that. I might buy a Wireless hub another day. :)
IP Networking - So now the interesting bit. I want my 'real' machines to have full access to the Internet, and I want to selectively port forward external requests into my 'real' network. The tricky bit is that I effectively have 2 routers (the speedtouch and the firewall). So, I have NAT setup on the speedtouch for a 172.16.0.0 network. The firewall is a client on this network. But it is also a NAT server for the separately NATted internal network (on 10.0.0.0). Internal access to the 'Net worked straightaway (much to my surprise). I then still have 192.168.0.0 available for even more NATting on client machines (e.g. for hooking up my Zaurus to the net via USB on my desktop)
I then setup the Speedtouch to forward all requests to the firewall by using the Speedtouch's CLI and the 'nat defserver' command (see here for a rough guide to the speedtouch's CLI.) This means that my Smoothwall firewall gets all inbound traffic, and then I can decide what to with it with further port forwarding using its Web GUI - easy!
Conclusion - I now have a secure, extendable and cheap home network. The only money spent on software or hardware was ~ 80 UKP on the ADSL router - all the rest of the hardware I already had spare, and the firewall software was free.
6:58:34 PM
|