[project] What would a kicka** home network look like?

Still trying to understand the NAT thing. Read a little bit and here is my best guess: NAT translates WAN traffic into local IP addresses so the right network PC gets the right data... having two NATs back to back like a router and then another router would confuse the second NAT. Bridge mode on one router makes the two play together nicely so traffic can flow. Close enough to correct?

Home automation will be an upcoming project in the next few years. I'm mildly familiar with the RPi, though I hate it, and can Arduino my way out of a paper bag pretty well (it doesn't even have to be wet paper!!!) All I really lack, in my opinion, is a lot of experience with the parts like servos and motor control boards etc, so with time that'll all fall into place. That's for another day though.
 
Avoid double NAT if you can, it's a pain to administrate and configure. Your description of NAT is good; traditional NAT that is used in 99% of homes takes a private IP, gives it a random source port, translates it to a public IP (the one the ISP gives you static or dynamic) and creates an entry in its translation table so when return traffic comes in, it can 'untranslate' the traffic so it returns back to the IP/computer that requested the data.
 
You need bridge mode on your U-verse box, not just "one router" otherwise its pointless.
Think of bridge mode as a plain media converter that doesn't touch the data.

//Danne
 
It looks like your first hurdle is how you want to integrate the Uverse gateway/modem into your existing network? I used Uverse years ago when it was first rolled out and the equipment I was provided, the "gateway" was a combination modem, router, wifi, and switch; this was not your DICOS cable modem. If nothing has changed, you've got a few options:
A. Use the gateway for your routing needs (DHCP, port forwarding, etc...) and/or set the wifi to b/g mode for compatibility for legacy devices.
B. Disable everything on the gateway (modem only mode), and buy/build a separate router; e.g., Linksys E series (buy) or pfsense box (build).
Option A is a lot cheaper but you could run into problems if you are trying to port forwarding as I remember the software was quite terrible. Option B is obviously an additional cost and requires some tech knowledge *much more so if you build a box) but it allows you much, much more flexibility such as reserving IP address via MAC address, single or range port forwarding, etc... Your network connects to everything after this point.
 
Writing this down for my own benefit: NVG589 is the device I've got and bridge mode should be a 30-second adjustment. I need to poke around in the settings (still doing paperwork every **** night from relocation, not sure if I mentioned that at all) and see what all is there.

Being a complete noob to network security I kind of have to ask... is putting a second router with OpenWRT going to make it markedly harder for some malicious person to hack into my stuff or will the difference be negligible?
 
Second router? You only need one router unless you're doing something overly complicated in your network.

Nodes -> Switch -> Router -> Modem -> {Internet}

If you're hosting stuff that people access from the internet into your network, I suggest a proper firewall.
 
I mean disable the routing capability of the box I have now so it becomes a modem and add a "second" router to be the only router on the network...

Define "proper firewall" please?

Sorry for using so many quotes. If there's any grammar Nazis on here just note that I hate overquoting too but I think these ones are proper as they're actually quoting something.
 
Yes, setting the 'box' to a bridge/gateway and using your own router is what I would do.

A 'proper firewall' would depend on your needs, a hardware or software solution, and it may be integrated with routing capabilities (like a Ubiquiti Edgemax Lite)
 
@ kevineugenius
Yes, grabbing a WD MyNet N750 or a TP-Link WDR3600 / * will do just fine for your needs as firewall/gateway (ERL uses the same software-base so I don't see how it would be any "better").
That said, it wont protect you from malicious software on your computer. A decent Anti-Virus program will do that however.
//Danne
 
OpenWRT is one distro. But the front end might be a little more important to a new user.

For a noobie I would endorse something like either using tomato firmware or an ASUS router uploading it with Merlin.
 
Yeah, because it makes sense to buy a router that's subpar with pretty much anything recent to run Tomato.... (Tomato only supports ~3-5 year old platforms). OpenWRT with LuCI will do just fine as front end.
//Danne
 
You're talking about the original Tomato firmware I presume?
http://www.polarcloud.com/tomato

Should be mentioned in terms of long-time support that Merlin depends on Asus releasing firmwares in the future whereas OpenWRT is completely self-contained and follows Linux upstream.

//Danne
 
Merlin would be a safe choice then.


Merlin advertises her firmware as a patched and updated version of the ASUS firmware with a couple extra features thrown in.

Notably He patched the FTA admin exploit 7 months before ASUS did. That's 5 months before the issue became front page news worthy.
 
Security is important but almost any reputable piece of hardware you buy these days will cover the vast majority of consumers. If your primary focus in on the consumer side (e.g., streaming movies and music, wifi to devices), you will be fine with a router. OpenWRT unlocks more options in a router, but it's not pfsense or sonicwall. If you were running an Exchange or web server, I would understand some additional need, but it doesn't seem like you are going down this route?

Like what Dark_Shade posted, that's what your probably are looking to do in terms of network topography, and ditto on proper firewall if you are hosting things (see above examples).
 
@ Mackintire
As opposed to what? I'd rather have something that's up to date and doesn't rely on vendor provided firmware(s) which makes the Atheros/QCA platform much more interesting with OpenWRT.

As for those just claiming random stuff, please explain what iptables lack that pf has apart from much more sane syntax. (Yes, I do prefer pf over iptables but its not more safe/better).
//Danne
 
To a certain extent this project is about learning how stuff works. A bit of security and Linux are on my to-learn list so adding more-than-necessary security is fine. I've heard the phrase "you can build a good Linux firewall really cheap" so that was kind of my starting point.

Side note: I've got a DreamSpark account for a little while longer; are there are Server platforms I should download that would be useful to someone at my level? I don't really think I'll use Lync or Sharepoint or SQL or Exchange but... Hyper-V might be fun to play with (no clue how to make it work) or just straight up Windows Server 2012... Any input on which version of Server 2012 would be appreciated too, I don't want to download them all.
 
My suggestion is to not tackle too much at once, yes it does all interconnect at the end but it's far more helpful to yourself (and potential employers) if you focus on some of the basics first and expand that knowledge into things like virtualization and higher level services like Active Directory. That's just my opinion from being in the field for several years.

Don't overwhelm yourself, stuff makes far more sense when the foundation is solid (networking, permissions, etc)
 
I just went through this process on a home that my wife and I built/moved into. While my goal was not to have the most outrageous kicka** network or run the home on enterprise gear, it was to design something that was going to be reliable in providing the services we use on a daily basis.

The design that I have today is not something that I bought/did/learned overnight. This "project"/instance of my network is designed based upon my learnings from previous network and figuring out what my wife can deal with. I try to keep everything as simple as possible so if something breaks she can fix it. I have done the rack mount servers, Cisco network gear, dedicate firewalls, etc. Enterprise gear is fun and cool to learn on, but at the end of the day it is almost impossible for someone else to fix when things are not working like they should.

Service that we use:
Internet
VoIP
Guest Wifi
Whole Home Private Media
Cable Company Whole Home DVR
Printer
Remote VPN
Lab Network

Network Infrastructure:
NetGear FSM7328S - 24x10/100 4x10/100/1000
Unifi AP
NetGear WNR3500L v2 running Shibby
Raspberry PI running Incredible PBX
Cisco 1x7960, 1x7940
Grandstream DP715
 
Thank you, everyone, for your input. Might take me some time but I'll get this up and running pretty soon.
 
Nothing yet, going to set up some VMs and play with a couple different software offerings first. Probably the WDR3600 or a very close variant though. I have an old-ish system with a bad GPU (I think) that I'll reconfig to be a file server. It runs a Q6600 though and I'm not sure I want that kind of power drain running 24/7 so... Still at the drawing board for sure.
 
Back
Top