Several people have asked me to describe how I would go about building a sensible home network that would be highly functional, inexpensive, and teach them a bunch about networking technologies while they did it. Since this is a very do-able project and has several real benefits, I’ve decided to take it on. So I’ll be writing a few posts to walk you through the process; it’s easier than you might think but of course it can always be made easier, and I’ll try to do that.
What I’ll describe is modular — you can do all of it, or a part of it, depending on your interests. This isn’t the easiest way to bring the Internet into your home, because I’m assuming that you’ld like to learn how things really work. But follow this through, and you’ll end up with an industrial-strength bastioned netowrk that looks like it belongs in a company. And, it’ll be (relatively) cheap. And I promise, (relatively) easy.
We’ll be using almost exclusively open-source software, relatively generic PCs of whatever vintage you can afford, and some cheap networking components like switches from Best Buy or whoever. You’ll be running things like Ubuntu Linux, an Astaro firewall, the famous Apache web server (which powers over half the websites on the Internet), the Postfix mail server, and the Bind DNS server. Cool stuff!
Why do this? Here’s what the typical “home network” looks like, out of the box:
Not very exciting, nor capable, and actually not very secure as the “firewall” generally blocks incoming traffic but allows rather promiscuous outgoing connections, thus restricting almost nothing, and has no attack detection and prevention beyond blocking “ping of death” and the like attacks. Plus, of course, the router / AP / firewall is also handling DHCP, DNS caching, and all manner of other things, so if it gets penetrated, everything’s there, you’re toast.
What things will look like when we’re through with our efforts will be like this:
The key here is that the Serious Firewall Gateway will really let you get granuar about which machines in your network get to do what, and to mount some industrial-strength penetration-protection, and by having a DMZ port on that machine you can separate the Internet-facing machine, your web server and mail server, from your internal network.
And on the logical inside, you can have a small server supporting shared files, a caching DNS server, DHCP, shared printing, and whatever else suits your fancy.
Hardware
You will have to buy a few things. There are three PCs, plus one or two little Linksys or whatever 4-port switches, and some wire. The switch might also be your access point (AP) for the wireless access. The modem will be furnished by your ISP.
The PCs need not be particularly powerful or have double-oodles of disk space, necessarily. Relatively generic grey boxes will do, I’ve used Compaq Penium 3s and Dell Pentium 4s with clock speeds ranging from 700 MHz to 2.8 GHz. The biggest disks should go on the shared-file server, the fastest machine should be the firewall machine, and hte web / mail server can be surprisingly light. All this stuff is available on eBay or from the Dell factory store. Newer desktop PCs in the $500 price range work just fine. If you can spring for a real server with RAID-5 and so on, how much the better. But they’re not all that necessary.
A Domain Name
Before you do anything else, get yourself a domain name, like joedoaks.com or the like. Register it through GoDaddy, very straightforward and $10 / year. For a setup like this, you deserve your own domain!
What you should already know and have
I’m kind of assuming you already know a little about TCP/IP, DNS, and the rudiments of Internet technology. But part of this exercise is to help you learn more, so just brief yourself on the basics and you’ll be ready to go. So, you probably have your personal PC and some way to connect to the Internet. The first thing we’ll do is build a better firewall, so go shopping for that machine first. This machine needs to be fairly fast, have as much memory as you can afford, but probably doesn’t need more than 30 GB of disk space. AND, importantly, it needs to have expansion slots where you can put in two more LAN cards, this is a must.
More in the next installment, where we’ll build the firewall on this machine.