Pardon the cable mess, but here is a picture of my server closet. I have two domain controlers (PCs on the left) and one Exchange server (HP desktop on the right laying flat). My FIOS router is on the top left on top of the black HP desktop/server. Right next to that is my Road Runner cable modem (Motorola SBG900). On the bottom shelf, I have a Dell Power Connect 16 port 10/100 switch. My vonage router is at the other end of the lower shelf and just above that is a phone (now the only phone connected to Vonage – until I cancel the service). I will be dropping road runner and Vonage this coming week, so the collection of devices will be reduced by 2 and a few cables will be removed.
1. First, lets talk basics. Connection type for example. I’m using a cable modem connection to the internet at home from Bright House Networks (RoadRunner). I only have a 5MB down and typically 45kbs up. I’m planning on upgrading this soon to 10MB down and 1MB up. Speed here is important, because getting into your home network is fast, incoming speed (download speed) is the fastest. So if your sending your home server a file or receiving a large e-mail attachment, your going to need that faster bandwidth. Upload speed is equally important, because any mail you send out of your home network or file your uploading are going to be slower due to upload speed restrictions from your ISP. I highly recommend getting the faster upload speeds if your going to attempt anything remotely similar to what I’m about to explain to you.
Cable Modem – Motorola SBG900 (previously used SBG1000)
Firewall/router – Netgear Prosafe firewall/router (not wireless)
Wireless AP – Intel 802.11G Access Point
Dell 16 port switch
The cable modem is your gateway to the internet. If your like me, your cable modem uses NAT (Network Address Translation), and has a built in switch. This is useful because you can directly connect your various devices to your cable modem if you wish and not need to purchase a standalone router to share your internet connection. Note: your standard ISP cable modem probably won’t have this feature. Also, if you use the USB cable to connect to the internet, none of what I’m about to write about will work for you. You must go ethernet if this is to work. Plus, USP doesn’t use NAT (typically), you will end up getting the public IP of your cable modem if you go that route. This will open up your PC to attack from the outside and is not secure.
What I do:
I have a variation of a DMZ setup on my home network. My cable modem has a switch so I can use it to connect any devices I don’t care about and easily want to make accessible to the internet. One of those ports (I have 4), goes into the internet interface of my netgear firewall/router. So to the firewall, my cable modem is the gateway to the internet. I let DHCP give the firewall/router’s public (internet) interface its IP address. You can set this to static if you want, but if you get a firmware upgrade or your cable modem gets an update, your likely going to loose any port forwarding entries or custom setup, so using DHCP will save you time later, and keep your home internet connection from breaking. (I’ll tell you a story about this later). Now the firewall/router also has a LAN ethernet interface, so I have a cable (cat5 ethernet), going to a 16 port switch for other devices to connect to. In my cable modem, I setup all the outside services I want to have available to forward those ports to my firewall/routers internet interface. This is still a private address (non-routable), but will still work as intended. So the cable modem is listening on various ports for various services I have running on my home network accessible via my cable modem’s public IP address. When the cable modem received traffic on a particular port, it has a port forwarding entry that says, “ok, you ware coming in on this port, you go to the firewall”. The firewall is sitting there listening for those same ports, and has various rules setup to deal with traffic on different ports. So when traffic comes from the cable modem on a particular port, the firewall says “Ok, your coming from someone I trust (the cable modem), on a port I know about, and this port is supposed to go to this IP address on the LAN. The firewall then forwards that traffic to the server/device or PC on my LAN that I want it to go to. Port forwarding is key here, so first you setup port forwarders in your cable modem to forward to your firewall. The firewall then needs to have rules setup for the ports you want to use, specifying which internal (LAN) host you want the ports forwarded to. Examples of ports to forward are POP3 for e-mail, SMTP (although usually must be on a non-standard port), etc.
Now for wireless connectivity, my cable modem does support 802.11G wireless access, but it would be access to my DMZ, which is not helpful to me because the things I want to access when using my wireless are on my LAN. Now I could setup more security and custom routes, to make this work, but its much easier to just throw an 802.11G access point into the mix and set it up on your LAN. This way you get access to only the network you want access to. I also don’t typically encrypt my traffic using wireless only because I’m not doing anything secure or sending authentication or password traffic in the mix. Typically its good to add encryption to your wireless traffic. I use MAC address filtering to allow only wireless devices I know about access to my LAN. This in itself can be forged and hacked, so be careful when setting up security on your wireless network. Don’t just go buy a wireless Access Point and throw it in your LAN without configuring it. It will grant access to anyone with a wireless device to your network resources.
Ok, so thats the nuts and bolts of what I’m using for hardware and a touch of networking on my home network. Next we’ll talk about server, software and services.]]>