[geeks] Cable modems/routers

[mrl]

On Thu, 2004-06-17 at 09:56, Francois Dion wrote:
> mrl wrote:
> 
> >Just got cable installed at the house (after slogging along for 2 years
> >with dialup and 6 months with 90$/mo ISDN), and the cable modem they
> >give us sucks (at least it's a no-extra-fee "loaner", tho).
> >
> What is it? The Toshiba cable unit currently given out by Time Warner is 
> not bad. It isn't anything like the good old Motorola I had back in 
> 1995. half rack, but 1.5U unfortunately. Still, you could add L brackets 
> to rack mount it.

hrm... don't remember the brand (I'm at work now). I want to replace it
because:
- it came with no documentation. when we called the cable company about
it, they said "it should just work". it didn't. they said "there is no
web server in there, you can't http to it". not true. they said "you
don't need a username and password to log into the thing". yes, we did.
- when we finally do get into the thing (my dad said he found a default
u/p on the web), there's no way to configure it. you can see some
settings, i guess to give you some idea of what's wrong if you're
troubleshooting, but there's no port-forwarding, inputting our own dns
servers, turning on/off dhcp, setting its own internal ip address, etc.
it's possible that we can log in with another u/p, but with a stupid
cable co and no docs, that's not going to be easy.

> 
> >Oh, and if I purchase a PCI cable modem, are there any gotchas?
> >
> Dont even go there. Set up a proper stand alone modem, then a hub (to 
> connect the modem and firewall with straight thru cabling and for your 
> IDS - you could use a switch too but they are vulnerable to all kinds of 
> things and it's more work to sniff), then a proper firewall, then 
> whatever you want behind that (multiple zones is best). If you get an 
> all in one router/broadband gateway with wireless, put another firewall 
> behind it, and your internal network behind that. Serves two purpose. 
> One, even if someone hacks your wireless, they cant get to your internal 
> network, and if they hack the cable modem or get thru, at most they get 
> to your wireless device(s). Ok, maybe I'm paranoid, but the amount of 
> scanning and tries of exploits since I've moved from DSL to cable is 
> tremendous.

if i put an internal cable modem in, it'll be in the computer that
already routes packets, and we'd add a firewall to that. as in, i'm
already running a linux gateway for isdn, and i had planned to run the
same machine as the gateway/firewall for this network as well.

> 
> >On a related note, one of our switches may be failing. Any suggestions
> >on what to replace it with are welcome (in the 4-8 port range, nothing
> >huge).
> >  
> >
> What kind of devices do you have? Any gigabit? If so, Linksys SD2008. 
> We've been abusing them in over 100F environments and 24h/7days a week 
> operation with no problems. This is in stand alone environments.

no gigabit yet, although in the future, that'd be fun :)

> For anything that is backbone and where you need to monitor the network, 
> you want a managed switch. Used Cisco Catalyst 28xx (10 mb but can take 
> 100mb modules too) and 29xx (100 mb) are great for home networks, 
> altough a little large at 2U and a little noisy (set it up in the 
> basement, under the stairs, or something like that). I'm suggesting in 
> particular the 2916XL or 2924XL, since you said "one of our switches". 
> I'm assuming you have several 4-5 port switches. Might want to 
> consolidate to 1 switch. The 29xx (the old ones, 2U not the newer 1U) 
> are great because they have 2 multiple use slots. 

consolodating the switches is a good idea if all the computers are in
the same room and/or you're very concerned about being able to transfer
lots of data quickly from any one computer to any other computer.

however, this is a largish two story house, and we have a couple of enet
ports in almost every room. there's an 8-port in a closet, which goes to
every room with computers, but in several places (my room - 1-6+
computers, the upstairs computer "nook" - 2-3 computers, and my dad's
office - 2-4 computers), there are more computers than ports. having
smallish switched in those locations reduces the huge wiring headache.
We almost never see the performance cost because we don't transfer lots
of data from system to system too often, and if we do, it's more than
likely either staying in the same room and not going through the main 8
port switch.

> You can buy a module 
> for fiber 100 base fx, gigabit, fddi etc, atm, 4x or 8x 100basetx so on 
> and so forth so you can adapt your home network backbone to changing 
> needs. You can get to anywhere in your house with cat5, and anywhere on 
> your property with fiber.

we actually had cat5 run under the ground between the houses on this
property when they were being built (two structures: the house where me,
my parents, and my siblings live, and the house where my mom's parents
live). they have no computer on the network, but hey, the cable is there
:).