transMorphic
Mike Roberts' blog on tech and life
My Tech Blog
My Life Blog
Home
Chris Stevenson
Dan North
Darren Hobbs
Joe Walnes
Mike Royle
Paul Hammant
Aslak Hellesøy
James Strachan
Mike Cannon-Brookes

Subscribe to "transMorphic" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog. 		 

 

27 December 2002
 

NAT-tacular (or secure home networking on a budget)

I finally got ADSL a few weeks a ago and have been having fun with sorting out my home network. If anyone is interested in this kind of thing, feel free to read on...

ADSL Provider - Plus - I thoroughly recommend them if you are in the UK. Cheap, very efficient and loads of 'added-value' stuff built-in. And they give static IPs without even being asked! And if you do go with them tell them your referrer was 'tmorph' and I get a bonus! ;)

ADSL interface - Alcatel Speedtouch Pro from DSL Source. Since these are pretty old now, this was dirt cheap. I wanted a router rather than a modem since I didn't want to have to worry about driver problems. The 'Pro does NATting and port forwarding, which was all I really needed above basic connection.

Firewall - My Speedtouch Pro plugs directly into an old Pentium-200 / 64MB machine I had kicking around. I use Smoothwall to turn this machine into a robust firewall. Smoothwall is great - it includes a DHCP server, easy web configuration, web proxy, etc.

Hub - I had an old 5 port 10Mb hub already - the internal network card on my firewall plugs into that. I might buy a Wireless hub another day. :)

IP Networking - So now the interesting bit. I want my 'real' machines to have full access to the Internet, and I want to selectively port forward external requests into my 'real' network. The tricky bit is that I effectively have 2 routers (the speedtouch and the firewall). So, I have NAT setup on the speedtouch for a 172.16.0.0 network. The firewall is a client on this network. But it is also a NAT server for the separately NATted internal network (on 10.0.0.0). Internal access to the 'Net worked straightaway (much to my surprise). I then still have 192.168.0.0 available for even more NATting on client machines (e.g. for hooking up my Zaurus to the net via USB on my desktop)

I then setup the Speedtouch to forward all requests to the firewall by using the Speedtouch's CLI and the 'nat defserver' command (see here for a rough guide to the speedtouch's CLI.) This means that my Smoothwall firewall gets all inbound traffic, and then I can decide what to with it with further port forwarding using its Web GUI - easy!

Conclusion - I now have a secure, extendable and cheap home network. The only money spent on software or hardware was ~ 80 UKP on the ADSL router - all the rest of the hardware I already had spare, and the firewall software was free.


6:58:34 PM    

Click here to visit the Radio UserLand website. © Copyright 2003 Mike Roberts.
email : blog @ tmorph . com
Last update: 11/02/2003; 00:06:29.
This theme is based on the SoundWaves (blue) Manila theme.
December 2002
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Nov   Jan