[Cialug] Network Layout
Mark Hesseltine
cialug@cialug.org
Tue, 4 Jan 2005 00:39:53 -0600
Claus:
I just setup m0n0wall http://www.m0n0.ch, which is a BSD based
firewall, VPN, DHCP server that can run from a CDROM and a floppy (to
store the config). It was very easy to setup and you can assign hosts
behind the firewall. By default, port scanning it showed nothing
available, as if the host wasn't even up. However, my open SSH NAT
worked just fine.
On Mon, 03 Jan 2005 11:52:37 -0600, Claus <cniesen@gmx.net> wrote:
> I'm trying to restructure my home network and have a few criteria, an
> idea how it should look and a bunch of questions.
>
> Criteria:
> ==========
> - Foreign access to the inside LAN has to be blocked since the computers
> there are less secure and files are shared openly. No
> internal-to-internal traffic should leave the inside LAN (aka outsiders
> can't sniff it). Anybody plugging in a computer at the inside LAN is
> trusted.
> - WAN is untrusted and will need VPN to access inside LAN. Visitors
> should be able to use the internet without VPN to inside LAN once I
> authorize them. A web portal where username and passwords are entered
> would be cool.
> - Outside LAN has the same criteria as WAN (yes, the ethernet jacks are
> outside of the building)
> - Server for web, e-mail and DNS should be accessible from the internet,
> inside LAN, outside LAN, and WAN using the same domain name.
> - Only one public IP should be used. Inside LAN, outside, LAN and WAN
> should use DHCP, NAT and private IPs. The server should use a static
> private IP via NAT.
> - OpenBSD is the operating system for the firewall and server.
>
> Network Layout (proposal):
> ==========================
> Best is to look at a picture of it at:
> http://www.public.iastate.edu/~cniesen/future-network.jpg
>
> The Network is connected to the internet via DSL using a bridged DSL
> modem. The first thing after the modem is a firewall with 4 ports
> (internet, server [web, email, dns], inside LAN, and WAN/outside LAN).
> The WAN and outside LAN are supported via the Linksys WRT56GS wireless
> router that has 4 ethernet ports.
>
> Questions:
> ==========
> - For the VPN to the inside network does the VPN server have to be a
> server inside of the "inside network" or can the firewall do it?
> - Should the DHCP be done by the server [web, email, dns] or the
> firewall? Should the WAN access point run its own DHCP server for the
> WAN clients?
> - Can the server [web, email, dns] provide DNS service to all network
> sections? It will run OpenBSD 3.6 with its version of bind 9.
>
> Thanks
> Claus
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
--
Mark Hesseltine
mailto:markhesseltine@gmail.com