Kam Salisbury on Mon, 10 Mar 2003 13:28:05 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Home Networking Question


I currently run a wireless setup in my 3 level brick twin here in
Philadelphia. Mounting the wireless access point on the middle level is
essential for acceptable signal levels on the other floors. You also may
want to consider an extra NIC in your firewall box to route your wireless in
a DMZ of sorts. If you are not trying to serve anything at more than
10Kb/sec you should be OK with Comcast. For example, I can SSH into my box
which is on Comcast and not disrupt my wife's eBay habit.

I do not share Michael's naysaying about Comcast since I have been using
them since they were available in this area. For the $40 american a month I
cannot beat it for reliable web surfing and email. I know other people's
experiences have not been so great... I do not know why but would be
interested to know if they care to post specifics and problem resolution
criteria to the list. I recently stopped using my Linux box as the
firewall/gateway for my comcast account because I got a great deal on a
firewall+vpn+gateway appliance. I still maintain my Linux box as a
development environment but that is all.I use registar.com (though
godaddy.com is cheaper right now) for my domain's DNS and DynDNS for the
comcast connection itself. This way I can use the 15MB of web space for
family photos and such without having to use the comcast URL. I can SSH to
my Comcast box anytime using the DynDNS. It works. It may not be corporate
worthy but it works and has been very reliable.

My network is setup like this... (excuse the lame-O ASCII art :)

Floor2

- Wireless access point (wireless access point)   Floor 1
|
|
|
- Firewall (Basement, SOHO )-- Comcast
                                               |
                                               - Linux box

The whole point is to be able to control use of the wireless node via IP
tables. This way I can segregate it from my home development network and
traffic shape it or bandwidth throttle it. Remember that you can use WEP and
MAC access to control use of your wireless but not 100% so be sure to ensure
the confidentiality of the boxes on your network. That means using IPSEC for
anything Win2K or XP and VPNs for Win9x and Linux to your internal boxes
across the wireless. It is safest to treat your wireless like the open
interenet even if you deploy WEP and MAC control. The Linksys products are
great. The goal here is that a war driver may be able to crack your WEP and
spoof a MAC but the Linux firewall will still not let them into your boxes.
You have options to do key authentication and all sorts of other things like
logwatches for martian sources and duplicate MACs. Remember that security is
a balance with flexibility so my situation may not come close to what you
want or need. (I am actually making major changes to my network right now as
well since I have finally gotten rid of the Win9x boxes.)

I am actually looking for an embedded solution for this task in the near
future so if anyone has any recommendations on and SBC suitable as a router
I would appreciate it. My goal is no moving parts. I need at least two
Ethernet interfaces and enough flash RAM to hold FreeSCO or something
similar.


Kam Salisbury
MCSE, Linux+, CNA
http://kamsalisbury.com
http://pwig.org

----- Original Message -----
From: "Michael Bevilacqua" <michael@bevilacqua.us>
To: <plug@lists.phillylinux.org>
Sent: Monday, March 10, 2003 12:45 PM
Subject: Re: [PLUG] Home Networking Question


> On Mon, Mar 10, 2003 at 12:38:19PM -0500, Steven Tomcavage wrote:
> > Any ideas or suggestions are appreciated.
>
> Couldn't you run the wireless router behind a masq'd gateway? This will
> give you the need for only one static IP, then the rest can be internal
> on your LAN.
>
> DSL is always the way to go as compared to cable access through Comcast.
> For the extra money you will be paying for it, Speakeasy or DCA will
> give you high quality service.
>
> My suggestion, avoid Comcast at all costs.
>
> --
> Regards,
>
> Michael Bevilacqua
>
>    ~
>   . .
>   /V\   Michael@Bevilacqua.us
>  // \\
> /(   )\
>  ^`~'^
>
> _________________________________________________________________________
> Philadelphia Linux Users Group        --       http://www.phillylinux.org
> Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug