Re: [PLUG] Home Networking Question

Kam Salisbury on Mon, 10 Mar 2003 13:28:05 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Home Networking Question

From: Kam Salisbury <kam@kamsalisbury.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Home Networking Question

Date: Mon, 10 Mar 2003 13:27:04 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

I currently run a wireless setup in my 3 level brick twin here in Philadelphia. Mounting the wireless access point on the middle level is essential for acceptable signal levels on the other floors. You also may want to consider an extra NIC in your firewall box to route your wireless in a DMZ of sorts. If you are not trying to serve anything at more than 10Kb/sec you should be OK with Comcast. For example, I can SSH into my box which is on Comcast and not disrupt my wife's eBay habit. I do not share Michael's naysaying about Comcast since I have been using them since they were available in this area. For the $40 american a month I cannot beat it for reliable web surfing and email. I know other people's experiences have not been so great... I do not know why but would be interested to know if they care to post specifics and problem resolution criteria to the list. I recently stopped using my Linux box as the firewall/gateway for my comcast account because I got a great deal on a firewall+vpn+gateway appliance. I still maintain my Linux box as a development environment but that is all.I use registar.com (though godaddy.com is cheaper right now) for my domain's DNS and DynDNS for the comcast connection itself. This way I can use the 15MB of web space for family photos and such without having to use the comcast URL. I can SSH to my Comcast box anytime using the DynDNS. It works. It may not be corporate worthy but it works and has been very reliable. My network is setup like this... (excuse the lame-O ASCII art :) Floor2 - Wireless access point (wireless access point) Floor 1 | | | - Firewall (Basement, SOHO )-- Comcast | - Linux box The whole point is to be able to control use of the wireless node via IP tables. This way I can segregate it from my home development network and traffic shape it or bandwidth throttle it. Remember that you can use WEP and MAC access to control use of your wireless but not 100% so be sure to ensure the confidentiality of the boxes on your network. That means using IPSEC for anything Win2K or XP and VPNs for Win9x and Linux to your internal boxes across the wireless. It is safest to treat your wireless like the open interenet even if you deploy WEP and MAC control. The Linksys products are great. The goal here is that a war driver may be able to crack your WEP and spoof a MAC but the Linux firewall will still not let them into your boxes. You have options to do key authentication and all sorts of other things like logwatches for martian sources and duplicate MACs. Remember that security is a balance with flexibility so my situation may not come close to what you want or need. (I am actually making major changes to my network right now as well since I have finally gotten rid of the Win9x boxes.) I am actually looking for an embedded solution for this task in the near future so if anyone has any recommendations on and SBC suitable as a router I would appreciate it. My goal is no moving parts. I need at least two Ethernet interfaces and enough flash RAM to hold FreeSCO or something similar. Kam Salisbury MCSE, Linux+, CNA http://kamsalisbury.com http://pwig.org ----- Original Message ----- From: "Michael Bevilacqua" <michael@bevilacqua.us> To: <plug@lists.phillylinux.org> Sent: Monday, March 10, 2003 12:45 PM Subject: Re: [PLUG] Home Networking Question > On Mon, Mar 10, 2003 at 12:38:19PM -0500, Steven Tomcavage wrote: > > Any ideas or suggestions are appreciated. > > Couldn't you run the wireless router behind a masq'd gateway? This will > give you the need for only one static IP, then the rest can be internal > on your LAN. > > DSL is always the way to go as compared to cable access through Comcast. > For the extra money you will be paying for it, Speakeasy or DCA will > give you high quality service. > > My suggestion, avoid Comcast at all costs. > > -- > Regards, > > Michael Bevilacqua > > ~ > . . > /V\ Michael@Bevilacqua.us > // \\ > /( )\ > ^`~'^ > > _________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce > General Discussion -- http://lists.netisland.net/mailman/listinfo/plug _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

References:

[PLUG] Home Networking Question
From: "Steven Tomcavage" <steven@tomcavage.com>

Re: [PLUG] Home Networking Question
From: Michael Bevilacqua <michael@bevilacqua.us>

Prev by Date: RE: [PLUG] Home Networking Question

Next by Date: Re: [PLUG] Home Networking Question

Previous by thread: Re: [PLUG] Home Networking Question

Next by thread: Re: [PLUG] Home Networking Question

Index(es):

Date

Thread