[NTLUG:Discuss] home networking question

[Richard Cobbe]

Lo, on Sunday, 19 March, 2000, Robert Barker did write:

> I'm getting DSL any day now and not knowing too much about how to go
> about it, I want to build a home network behind a firewall.  Currently,
> the plan is to create the firewall from an old P90 I have (no Xwindows -
> just the basics), the firewall connects to a switch and the 3-4 pcs all
> connect to the switch in turn.  I guess it would look something like
> this:
> 
>   internet ----  dsl modem ----  firewall  -----  switch ----- pcs 
> 
> My questions are these:
> 
> Is this a good layout?  

Sure; just have all of your PCs use the firewall as the router.  Turn on IP
masquerading (and probably filtering as well) on the firewall and you're
fine.

> The internal network is primarily for me, so I can diddle with a
> php/mysql/webserver development box.  Also, I'm showing a switch over a
> hub for performance.

Really?  Hadn't heard about this.  I was planning on moving to a situation
not unlike this in the near future.  Do you have pricing info on switches?
And how big is the performance difference?

> How hard is it to set up the firewall?   I have a copy of 'Linux
> Firewalls' but my questions are much more basic.  I'm talking baby steps
> here - anyone up to answering some real basic questions off-line?

In general, not very.  Once you've written down your security policy (what
ports you want to leave open, what you want to block, etc.) translating
that into the firewall script is pretty easy.  There are also some good
sample scripts available on the net.  Check out
http://www.nerdherd.org/ipchains/ for a start; I'll be happy to send you my
firewall setup if you'd like.  (I don't currently do masquerading, but I
gather that that's pretty straightforward.)

I'm still in the process of working through some of these issues myself,
but I'd be more than happy to answer any off-line questions you have.

Richard