Complete home network reconfiguration…
Last night I finally got around to decommissioning the last of my obsolete power-hungry hardware. For the past three years, a clunky AMD K6 system running OpenBSD and, later in life, SmoothWall Firewall has been chattering along accomplishing the monotonous task of dutifully inspecting, filtering, and redirecting billions of packets across my LAN, VPN, and DSL interfaces. Not that I’m not grateful for its three years of dedicated firewall service, but no tears will be shed as I toss its rotting carcass out into the street in hopes that it will find a new home with a deserving owner before being smashed with cinder blocks by the neighbor kids.
As a replacement, I’ve officially become a consumer and picked up a Linksys BEFSX41 EtherFast Cable/DSL Firewall/VPN Router. It’s small, it’s quiet, it supports SPI, VPN, and DMZ, and it neatly stacks with my existing access point. Sure, it doesn’t have all the functionality of a BSD- or Linux-based firewall, but it’s perfectly adequate for our needs. My only complaint is the fact that it tops out around 2 MBps (16 Mbps) when passing packets across the firewall. Although those speeds are faster than any consumer-priced Internet connection, transferring large files to and from the Web server outside the firewall is much slower than the grumpy old AMD K6. If I end up moving the Web server into the DMZ, I’ll get true 100 Mbps, but I’ll need to research exactly how the DMZ operates and make sure traffic can’t leak from the DMZ back into the LAN.
In addition, I’ve also picked up a Netgear MR814 Wireless Cable/DSL Firewall Router ($20 - $30 rebate available) to setup a secondary public/guest wireless network that sits outside the primary Linksys firewall. Not only will this move all non-trusted traffic to its own isolated honeypot, but the physical location of the antenna will dramatically improve outdoor reception in the backyard, garage, and on the back deck. Right now, the Netgear is setup in the Hedgie Room, but I’ll be looking to extend the range even further with external antennas for both the public and private access points. This should extend the range enough to allow the cool neighbors down the block to jump online.
3 Comments »
Leave a comment
About Inert Ramblings
I’m too lame to update this page but just cool enough to remove the default text.
-
Recent
- Totally unsupported Ubuntu 8.04 (Hardy Heron) installer for ServerBeach RapidRescue
- Creating DOS floppies and USB thumbdrives for BIOS flashing
- Test post, ignore. Blargh.
- links for 2007-03-07
- links for 2007-02-28
- Elementary school seeks Digg’s help to collect postcards from around the US
- links for 2007-02-20
- links for 2007-01-30
- links for 2007-01-28
- links for 2007-01-27
- links for 2007-01-26
- links for 2007-01-25
-
Links
-
Archives
- July 2008 (2)
- May 2008 (1)
- March 2007 (1)
- February 2007 (3)
- January 2007 (17)
- December 2006 (9)
- November 2006 (3)
- October 2006 (5)
- September 2006 (2)
- August 2006 (1)
- July 2006 (2)
- June 2006 (1)
-
Categories
-
RSS
Entries RSS
Comments RSS
after seeing your server room, I can see why knocking off a computer or 2 would be a good thing. you still have enough computing power in there to run the space shuttle. ironically, I read your post just as I was waiting for my openbsd install to finish :P.
Comment by IggDawg | May 7, 2004
Ha. :) Well, there are three types of home firewall end users out there.
1) People who have no technical knowledge and need a turnkey firewall appliance solution.
2) Geeks who are learning UNIX or want 100% control over their network and need a homebrew Linux or BSD firewall.
3) Geeks who are sick of dealing with firewalls all day at work and need a turnkey firewall appliance solution.
I used to be in category 2, but I’ve been slowly purging all of my testbed hardware since moving back to Boston. When I had a half dozen Linux and BSD boxen floating around, yeah, I wanted 100% full firewall control. Now that my network consists of a single Linux Web server sitting outside the firewall and a few Mac OS X workstations and Powerbooks, not so much.
I just want something that I can plug in, forget, and get the occasional e-mail to inform me that it’s time to upgrade the firmware.
Comment by Sean | May 7, 2004
The Linksys WRT54G recently replaced my piece-of-crap Siemens wireless router. The Linksys setup in less than ten minutes even with configuring the port forwarding I need, MAC filtering and wireless encryption. It was a cinch. I used to use a Linux machine to handle everything but these little plastic boxes do it all with so much less hassle these-days. I’m not sure about the other Linksys offerings, but I know that the WRTG54G runs Linux and there are custom hacked-up kernels available freely. Linksys deserves props for opening up their code.
Comment by ethan | May 11, 2004