Re: Home Network Setup
I recommend that you use the RFC1918 class B block. 172.16-32.x.x I've seen networks that use 10/8 or 192.168/16 internally, and if you have something like a laptop that needs to travel between your network and others, things can get hairy when IP addresses conflict. I've had to renumber my entire network on at least one occasion due to conflicts with my ISP, and it's a pain. -- Curiousity killed the cat, but for a while I was a suspect -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Home Network Setup
I have a cable connection at home and was wondering if the following would work. If I put a Cisco 851 series router in front of a pair of Soekris firewalls running OpenBSD using CARP and pfsync. So the Cisco router would get a dynamic WAN IP and have a static LAN IP. The two Soekris firewalls would sit behind it. Behind the redundant firewalls would be the network. How could I get the computers behind the firewall Internet access? Also would port forwarding work? The thing is that I don't have a static IP address. Let me know. Phusion
Re: [Soekris] Home Network Setup
On Sunday 16 April 2006 09:25 pm, Phusion wrote: I have a cable connection at home and was wondering if the following would work. If I put a Cisco 851 series router in front of a pair of Soekris firewalls running OpenBSD using CARP and pfsync. So the Cisco router would get a dynamic WAN IP and have a static LAN IP. The two Soekris firewalls would sit behind it. Behind the redundant firewalls would be the network. How could I get the computers behind the firewall Internet access? Also would port forwarding work? The thing is that I don't have a static IP address. Let me know. You can do NAT on the 851 to say 10.1.0.0/24. Then put 10.2.0.0/24 as the subnet used on the LAN. Then just put a static route and any of your server redirects on the 851 to the 10.2.0.0/24 addresses. Internet - Public IP - 851 - 10.1.0.0/24 - Soekris/CARP - 10.2.0.0/24 - LAN 851 internet facing nic: public IP a.b.c.d 851 lan facing nic: 10.1.0.1 soekris/carp 851 facing: 10.1.0.2 soekris/carp lan facing: 10.2.0.1 851 route config: ip route 10.2.0.0 255.255.255.0 10.1.0.2 Now, the better approach would be to just get rid of the 851 and do the NAT on the Soekris/CARP boxes. What is the purpose of the 851 in the first place? VoIP? ---
Re: [Soekris] Home Network Setup
Phusion wrote: I have a cable connection at home and was wondering if the following would work. If I put a Cisco 851 series router in front of a pair of Soekris firewalls running OpenBSD using CARP and pfsync. So the Cisco router would get a dynamic WAN IP and have a static LAN IP. The two Soekris firewalls would sit behind it. Behind the redundant firewalls would be the network. How could I get the computers behind the firewall Internet access? Also would port forwarding work? The thing is that I don't have a static IP address. Let me know. Why do you want the router on the cable side? Also, I don't really understand the need for redundant firewalls (especially for a home network). I would expect the soekris box to be one of the least likely points of failure. CARP and pfsync sounds like overkill. I have a soekris 4801 with a 20Gig HD and a CM9 wireless card. It runs FreeBSD 6.1 RC1 and acts as a NATting firewall, mail server with SPAM detection, IMAP server, asterisk PBX, DNS server, and DynDNS client. My cable connection comes into one of the soekris ethernet ports. This has a dynamic IP address allocated by my cable provider. The soekris box uses dyndns.org to give itself a name. Another soekris ethernet port is connected to a simple 8 port hub which connects to all my wired devices (a Windows desktop, a headless FreeBSD server, a Windows digital video recorder, an IP phone, and an analogue telephone adapter). My wife's laptop connects wirelessly. The wired and wireless networks have static IP addresses and are bridged by the soekris box. The devices on the wired and wireless networks have their default gateway set to the static IP address of the soekris box. It routes and NATs for all of them out and in the cable connection. Does that sound like what you're after. I can give you more details if you want. Graham
