how-to block ads
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| reply to dibbb
Re: Duh!
said by dibbb  :Edit: and reading your reply to radarman, I can tell you know a lot about networking, but I think you're just way over-thinking this one...  It's probably born of the fact that I probably over engineered my home network. MODEM -> Router/firewall -> Switches -> Hosts (workstations/servers). I generally forget that, with SOHO routers versus a "real" router, multiple Ethernet ports are on the same LAN segment (as a switch device) and not ports bound to different LAN segments.
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
radarman
join:2005-06-01
Odenton, MD
| Ironically, I did the same thing - I was aiming my post at the average user who just has a Linksys or Netgear router that "does it all". I suppose that's what I get for "dumbing it down"
My own home network looks very similar to yours. I have two switches instead of one, because most of my network equipment is in a closet, while the file server and my workstation are in a bedroom with only 1 ethernet jack available.
I have a Motorola SB5100 CM attached to a FreeBSD machine which handles most network services, as well as serving as an Internet Gateway / NAT proxy. That machine is (obviously) multi-homed, with the second connection going to a Dlink DES3624i 24-port 10/100 switch (managed) and a third PLIP connection available for an administrative uplink. (I have an old 386 laptop for emergencies, since the router has no keyboard or CRT)
All of this is powered by a APC SmartUPS - which also supports the Vonage ATA, and segments of the home automation system. The SmartUPS has a network management card (9617) for remote monitoring.
The DES3624i is linked to my office, where a second switch, a DES3624 slave, handles my private workstation (well, private in the sense my wife doesn't mess with it), the file server, and another SmartUPS. This is also my "lab", so machines I happen to be working on are plugged into this switch.
The file server is capable of coming online as a backup for DNS/DHCP during a failure, but isn't normally available. There is little need for NTP, or other services, if the network connection is down - so these are not replicated. Besides, the UPS for the file server doesn't last as long as the UPS for the network gear. The only time it comes into play is when the main "router" is down for service.
The file server provides the rest of my network services - such as SMB/NFS mounts, FTP services, and incoming secure shell connections. (ipnat handles the forwarding)
My LAN uses internal DNS & DHCP, so guests simply have to plug in - and immediately receive an IP address in a special range and a DNS entry. I can also refer to my machines by "short" name, so starting a secure shell session to the router involves "ssh router". As an added bonus, my gateway serves as a Stratum 2 NTP server for any machine on the local network which knows about it. (My windows/*nix boxes all point to it).
I do not run wireless, as I was fortunate enough to have a say in the wiring during construction. I have 10/100 ethernet in every major room (bedrooms, living room, kitchen, etc.) I don't even own any 802.11 equipment - so I don't know if my neighbors do.
I also run a HTTP proxy via SSH. I can tunnel through to the file server, which forwards back to the router, which runs the proxy. This protects the router, as it doesn't allow external access to itself directly. It works great for everything except FTP - but that isn't a problem.
This allows me to bypass proxies on networks that allow unrestricted access on at least one port. Yes, I do have to know a bit about the network in advance - but this isn't typically a problem, as I only explicitly allow access to networks I might conceivably attempt to connect from. | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Heh... sounds like my network until the first summer where the combined equipment and A/C current draw drove my electricity bill into the mid-$300's. Turned off one of my E250s (and 14 hard drives) and several Ultra IIs. Electric bills teach the value of consolidation. Even considered replacing my SPARCstation 10 router with a SOHO device that would draw less current.
At this point, what I really need, is to replace some of the older, lower-capacity hard drives with fewer, higher-capacity drives (not like I'm doing OLTP).
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
|
