[Sussex] Router Question

Steve Dobson steve at dobson.org
Fri Dec 16 19:22:50 UTC 2005


Hi Gareth

On Fri, Dec 16, 2005 at 03:43:27PM +0000, Gareth Ablett wrote:
> Just a quick question i'm sure there are a lot of opionated people here that
> may answer with proven experiance.
> 
> I am looking at a new router (well not right now but i want to be looking at
> a new router) my main requirment is something thats easy to setup so that it
> will give each connected machine an outside IP. i have other hubs/switches
> in the house so not all computers will be directly connected to it although
> that isnt a problem.

From this I assume that you have more than one IP address assigned to 
you (or you can have) from your ISP.  This is the set up I have here
at Castle Dobbo.

You are right to ask.  Not all modems have a pass thru mode that allows
your ISP to send packets for the other IP addresses in your block.  This
is a must have if you want to run your own public addressed DMZ (which I
assume you do).  What you need to check is that both the internal and
external address of the router can be configured to the same value.

> I'm currently running cat5/cat6 though the house but like the idea of
> wireless as an additional thing, but its not needed.
> 
> Will need router/modem in one or indervidual parts not bothered either way
> but considering price differances.

Check very, very carefully before buying and all-in-one solution.  All
the WiFi Routers I was saw when I've looked have the WiFi port the same
as the internal address of the router - which will mean that they will
have to be assigned an IP address in your public IP block - I doubt that
this is what you want.  There maybe new kit that does want you want, but
the setup you're after is not common so I doubt it.

I use the ALCATEL SpeedTOUCH 510.  It's old but I've had no problems 
with in something like three years now.  The only thing about this
router is that it has no firewall.  But I run my own firewall anyway.

What I found nice about the system is that when you export it's config
via it's web interface the fire is ASCII format (with CR-LF) but then
can be stripped and the config still works.  You can also edit this
file and upload it and that works just fine.  This allows you to keep
your router's config under CVS.

This is my network setup:

             +--------+
   ISP  <----+ Router +
             +---+----+
                 |
                 |
            eth1 |
           +-----+----+ eth2
       <---+ Firewall +-----> DMZ
     wlan0 +-----+----+
                 | eth0
                 |
                 V
                LAN

The firewall is a Soekris 4801.  The system is a small single board computer
233Mhz spec with three NICs on board - ideal as a firewall.  I have a Prism
II WiFi interface card plugged into its single PCI slot.  I'm am currently
running it with a laptop disk but the system has a flash card slot and will
boot from that too.  

The system is running Linux and uses HostAP to drive the WiFi card as the 
WiFi access point.  HostAP requires Prism II or later and source those can
be fun.

I've configure eth1 and eth2 to be bridged.  This allows the four machines
in my DMZ to have public IP address and still be firewalled by the Soekris
firewall.

Hope this helps
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20051216/3971094a/attachment.pgp 


More information about the Sussex mailing list