network layout and new router sugestions?

B

bobstone

Limp Gawd
Joined
Aug 3, 2005
Messages
361
hey all, I am in the middle of putting a WHS together. on top of that, I have 3 primary zones in the house.

Zone 1 would be my main desktop and the WHS and FIOS modem. it is located in the basement, and currently uses the FIOS modem for DHCP for the entire house. then I have a linksys wrt-610n as the first device after the modem ( the wrt 610n acts only as a switch / wifi router.)

Zone 2 would be my entertainment center, it has a HTPC, PS3, and XBOX360. it is located in the family room. it connects via wifi only right now.

Zone 3 is the shared computer, it is upstairs on 2nd floor. it is a used for basic internet only. it is connected using a powerline network on a dd-wrt router ( cant remember name but it works ok, not great, but fine for now.)

Right now I have Zone 1 connected to Zone 3 via powerline network, and Zone 2 is connected to Zone 1 via wireless. and Zone 1 and 3 provide wifi coverage for the entire house.


my first plan is to move the wrt-610n from Zone 1 to Zone 2, then connect Zone 2 to the other 2 Zones with one more powerline adaptor.

then I need to get a new router ( does not have to be wifi ) to Zone 1, at this point I will run the FIOS modem as a bridge and use the Router to control entire network, it will need to be decent speed and support vpn and Dynamic DNS, but I don't want to spend more then 100$ for this router.

lastly in a month or so I will put a firewall in place.

end result should be, Zone 2 and 3 provide wifi for the house, and both connect to Zone 1 by the powerline network.
then in zone one it will be -> internet -> modem -> (firewall later down the road ) -> "new router" -> WHS, Main computer, and powerline.

(router will connect to internet, modem will be set to do nothing but be a modem, all wifi and router options will be disabled.)

so. will this setup work ? what would be a good router to put in zone one, it will need a large nat table, and a good back-plane w/ gigabit support, VPN, and Dynamic DNS, but not be over 100$ ( fyi if I used incorrect terminology please forgive me, I am no good with that stuff, but I am decent at working on all of it.)
 
also instead of getting a new router, if I build a basic atom based firewall with a linux firewall solution, can it also handle dhcp/router duty for the entire network and still be a good firewall ? the just get a decent switch?

also it does not need to be Atom based, as long as I wont get cpu/network slowdown due to hardware. so a via or whatever based will be fine.

it only needs to handle dhcp, firewall, vpn, and good NAT addressing ( or what ever you call NAT stuff )

Thanks
Bob

p.s. I have an old dell mini 9 I could maby rigg that up to use with a usb nic for second nic, how does that sound ? or will it cause problems cause of the built in nic and availability of decent usb nics ?
 
Last edited:
I am a little confused. Is each "Zone" a VLAN or just a group of network attached devices? If I were you I would set myself up like this (assuming each zone is just a group of attached devices and not an actual VLAN).

Verizon Actiontech Ethernet passthrough to NAT firewall. Firewall to switch (HP Procurve 1800-24G, Dell Powerconnect 2724, Netgear, basically any 24 port managed gigabit switch for under $100), switch to zone 1 devices, switch WRT610n in Zone 2 (everything connects via ethernet, WRT610n provides Wireless), WRT610n connects to 2nd WRT610n or WRT310n in Zone 3 using WDS.

Should look something like this

distribution.jpg


That way you run a single Ethernet, you get better throughput over WDS then powerline, and with the exception of zone 3 everyone in the house gets gigabit ethernet.

Now as far as getting an atom based firewall for under $100, that's not going to happen. Under $300 that is doable. That Dell Mini 9 is out for two reasons. 1, single NIC, 2 Realtek NIC which doesn't preform as well as the intel NICs. For $100 you could get a Firebox X700 or a checkpoint device, or a nokia device from ebay and that would do everything you want it to do just fine.

Also for the FiOS if you don't have FiOS TV I might recommend having them switch you to the ethernet drop on the ONT so you can plug directly into your firewall.
 
Last edited:
ok. first off. WOW did you make that chart just for my question. dang thanks!!

when I said zones I was just talking about physical locations, every computer in the house will be on same subnet/? is that right term, been a while, e.x. 192.168.1.x.

my problem with the chart is that while I have wifi through out the home, it is only good for internet, I can not accomplish stable high speed connections with it, however the powerline adaptors I already own have been wonderful. not blazing fast but they never disconnect or have any issues with sporadic throughput like my wireless always has.
( however the WDS vs powerline is just a matter of what works best for my situation, if I thought I could get a reliable connection with WDS I would do that)

also connecting any of the zones by a physical cat5 cable wont happen. I am not saying it cant be done, but it is not an option. let me tell you I wish it was, I would drop the cash right now and have the entire house wired this week if it was.

in to the heart of the matter then.

the firebox x700, when you recommend that did you mean with the firebox software, or install PFSense on it? when I searched it out I notice a lot of people have switched it to PFSense after there licenses expired.

on FIOS, I do have TV, and the actiontech box needs to be "in the network" for VOD and Guide info. however, from the ONT I have cat5 and coax, the coax is for tv, the cat5 provides internet, vod, and guide info. so I can definitely connect the ONT cat5 drop to the router / firewall to provide internet, but at some stage in zone 1 it will still have to be connected so that it can pull the VOD and guide info.
e.x. if I directly connect my ONT cat5 drop to the firewall and only leave the coax in the actiontech I will get tv, but no VOD or guide, the ONT cat5 does not need to directly connect to the Actiontech, the actiontech just needs to have access to the network.
( it is not easy to set it up this way, but definitely doable.)

my only issue would be with using WDS, I have never had good long-term reliability with wifi, it will connect, it will work, but it constantly has bandwidth and stability issues for me.

Thanks
Bob
 
bobstone said:
ok. first off. WOW did you make that chart just for my question. dang thanks!!
Click to expand...

I didn't even break out any of my custom shapes, so that took about 5 minutes.

when I said zones I was just talking about physical locations, every computer in the house will be on same subnet/? is that right term, been a while, e.x. 192.168.1.x.
Click to expand...

They would be on the same subnet and VLAN. You can have multiple subnets per VLAN.

my problem with the chart is that while I have wifi through out the home, it is only good for internet, I can not accomplish stable high speed connections with it, however the powerline adaptors I already own have been wonderful. not blazing fast but they never disconnect or have any issues with sporadic throughput like my wireless always has.
( however the WDS vs powerline is just a matter of what works best for my situation, if I thought I could get a reliable connection with WDS I would do that)
Click to expand...

I tried powerline and found that with 2x WRT310ns doing WDS (DD-WRT build 14311) I got better results. I also found that 1 acting as an access point and the other acting as a client with the switch bridged that worked out well too. Your mileage may vary.

also connecting any of the zones by a physical cat5 cable wont happen. I am not saying it cant be done, but it is not an option. let me tell you I wish it was, I would drop the cash right now and have the entire house wired this week if it was.
Click to expand...

I had a similar problem, landlord wouldn't let me put cable in the wall. My fix for this was to get white cable and push it under the baseboard between the board and the carpet. This has worked well for connecting my basement to the first floor.

the firebox x700, when you recommend that did you mean with the firebox software, or install PFSense on it? when I searched it out I notice a lot of people have switched it to PFSense after there licenses expired.
Click to expand...

Use pfSense. I have used the actual watchguard software and its crap. I am currently running pfSense 2.0 Beta4 on mine and it is awesome.

on FIOS, I do have TV, and the actiontech box needs to be "in the network" for VOD and Guide info. however, from the ONT I have cat5 and coax, the coax is for tv, the cat5 provides internet, vod, and guide info. so I can definitely connect the ONT cat5 drop to the router / firewall to provide internet, but at some stage in zone 1 it will still have to be connected so that it can pull the VOD and guide info.
e.x. if I directly connect my ONT cat5 drop to the firewall and only leave the coax in the actiontech I will get tv, but no VOD or guide, the ONT cat5 does not need to directly connect to the Actiontech, the actiontech just needs to have access to the network.
( it is not easy to set it up this way, but definitely doable.)
Click to expand...

Basically the way they connect the DVRs to verizon's network is using the actiontech and MoCA. Unfortunately it is Verizon policy to not disable to coax on the ONT if you have TV service. Also you can't have both (or so I was told). Your best option is to have all the services disabled on the verizon router and pass through to your firewall device.

my only issue would be with using WDS, I have never had good long-term reliability with wifi, it will connect, it will work, but it constantly has bandwidth and stability issues for me.
Click to expand...

WiFi is not the only option. In fact you could even buy extra Actiontech routers off ebay and get MoCa going (also a better option then powerline IMO) but whatever works best in your situation is what you should use.
 
C7J0yc3 said:
WiFi is not the only option. In fact you could even buy extra Actiontech routers off ebay and get MoCa going (also a better option then powerline IMO) but whatever works best in your situation is what you should use.
Click to expand...


ok new to MoCa, I mean I have heard about it in my research in to the actiontech router but never looked in to it.

but what are they like, I do have coax drops in every room and I never had any problems with the cable, also like I said before it is a newish house so I hope they were installed well with out a dozen splitters every where

with that in mind, could I use a MoCa device just like the powerline device? in the sense that all I do is plug one in to each of the rooms that will need cat5 access?
 
Yes the MoCa work exactly like the powerline devices do, except you don't have to have the two devices on the same circuit. They essentially provide Ethernet over Coax (Similar to the old style BNC connectors).
 
se pfSense. I have used the actual watchguard software and its crap. I am currently running pfSense 2.0 Beta4 on mine and it is awesome."


^This^ I've used Pfsense for years and have been very happy with it. I also give it a good workout 24/7, without fail.
 
for PFSense. would this work?

alix 6e1

it is only 85$ and the case is another 9$ with power plug being 9 ish dollars also.

what ya all think of this item?
 
Unfortunately that alix box would be a bit underpowered in the CPU department. Would run DD-WRT just fine though.
 
Ok. For testing reasons. To see if I want to buy a firewall, I have sevral old laptops. Could I use 2 PCMCIA nics on an old p3 laptop to at least try it out then drop 100 ish on a better solution?

Ps excuse grammar and what not. Posted from iPhone.

Thx bob
 
ehh nvm. that would be to annoying to setup, hurmm lemme ponder this a bit.

( I got so many spare parts so looking through them to see if I can put tougher a test setup to get a feel for PFSense.)
 
Basically all you need is a 1Ghz P3 with at least 256MB of RAM to run the kind of environment you have. The trick is getting good NICs. Preferably Broadcom or Intel. I am using the firebox because I got a great deal on it, but I am planning to replace it with a Atom D510 setup with 4 intel Gig nics. More power for more VPNs, gateway AV, and RAID 1 hard drives.
 
You could also go on fleabay, and look for a firebox, witch is rack mounted and then install pfsense on it :)
 
You must log in or register to reply here.
Back
Top