Complete home network reconfiguration…

Last night I finally got around to decommissioning the last of my obsolete power-hungry hardware. For the past three years, a clunky AMD K6 system running OpenBSD and, later in life, SmoothWall Firewall has been chattering along accomplishing the monotonous task of dutifully inspecting, filtering, and redirecting billions of packets across my LAN, VPN, and DSL interfaces. Not that I’m not grateful for its three years of dedicated firewall service, but no tears will be shed as I toss its rotting carcass out into the street in hopes that it will find a new home with a deserving owner before being smashed with cinder blocks by the neighbor kids.

EtherFast Cable/DSL Firewall RouterAs a replacement, I’ve officially become a consumer and picked up a Linksys BEFSX41 EtherFast Cable/DSL Firewall/VPN Router. It’s small, it’s quiet, it supports SPI, VPN, and DMZ, and it neatly stacks with my existing access point. Sure, it doesn’t have all the functionality of a BSD- or Linux-based firewall, but it’s perfectly adequate for our needs. My only complaint is the fact that it tops out around 2 MBps (16 Mbps) when passing packets across the firewall. Although those speeds are faster than any consumer-priced Internet connection, transferring large files to and from the Web server outside the firewall is much slower than the grumpy old AMD K6. If I end up moving the Web server into the DMZ, I’ll get true 100 Mbps, but I’ll need to research exactly how the DMZ operates and make sure traffic can’t leak from the DMZ back into the LAN.

Netgear MR814 Wireless Cable/DSL RouterIn addition, I’ve also picked up a Netgear MR814 Wireless Cable/DSL Firewall Router ($20 – $30 rebate available) to setup a secondary public/guest wireless network that sits outside the primary Linksys firewall. Not only will this move all non-trusted traffic to its own isolated honeypot, but the physical location of the antenna will dramatically improve outdoor reception in the backyard, garage, and on the back deck. Right now, the Netgear is setup in the Hedgie Room, but I’ll be looking to extend the range even further with external antennas for both the public and private access points. This should extend the range enough to allow the cool neighbors down the block to jump online.

0 thoughts on “Complete home network reconfiguration…”

  1. after seeing your server room, I can see why knocking off a computer or 2 would be a good thing. you still have enough computing power in there to run the space shuttle. ironically, I read your post just as I was waiting for my openbsd install to finish :P.

  2. Ha. 🙂 Well, there are three types of home firewall end users out there.

    1) People who have no technical knowledge and need a turnkey firewall appliance solution.
    2) Geeks who are learning UNIX or want 100% control over their network and need a homebrew Linux or BSD firewall.
    3) Geeks who are sick of dealing with firewalls all day at work and need a turnkey firewall appliance solution.

    I used to be in category 2, but I’ve been slowly purging all of my testbed hardware since moving back to Boston. When I had a half dozen Linux and BSD boxen floating around, yeah, I wanted 100% full firewall control. Now that my network consists of a single Linux Web server sitting outside the firewall and a few Mac OS X workstations and Powerbooks, not so much.

    I just want something that I can plug in, forget, and get the occasional e-mail to inform me that it’s time to upgrade the firmware.

  3. The Linksys WRT54G recently replaced my piece-of-crap Siemens wireless router. The Linksys setup in less than ten minutes even with configuring the port forwarding I need, MAC filtering and wireless encryption. It was a cinch. I used to use a Linux machine to handle everything but these little plastic boxes do it all with so much less hassle these-days. I’m not sure about the other Linksys offerings, but I know that the WRTG54G runs Linux and there are custom hacked-up kernels available freely. Linksys deserves props for opening up their code.

Leave a Reply