[rescue] CompUSA broadband "router"

Chris Hedemark chris at yonderway.com
Sat Jun 22 22:07:20 CDT 2002 

On Sat, 2002-06-22 at 15:48, Paul Phillips wrote:
> Do these things (or anything like them) allow for some ports to have 
> private address space (with NAT) and other ports have public address space 
> that can be used as a DMZ?

Hi Paul,

This is why I dumped the Linksys "DSL Router" for an OpenBSD box running
on an old PeeCee with 3x PCI ethernet cards.

IMHO, there is not a secure way to do a DMZ network with these things. 
To be fair, that is well outside of what the engineers had intended.

In addition, my ISP (AOL/Time Warner Road Runner of North Carolina) is
known locally for shoddy DNS service.  So I needed a local DNS server. 
Lastly I have machines all over the house that go to the same web sites,
so a caching http proxy was warranted.

So I went down to the basement, grabbed a P100 with 1.2GB HD, 16MB RAM
(since doubled to 32MB) and installed the latest OpenBSD snapshot.  On
top of that I put dhcpd, named and squid.  It's got a third leg network
(DMZ) for my public servers, as well as my IRC client.  Everything else
is protected behind a much more robust set of firewall rules.  Oh yeah
it also acts as a VPN gateway connecting me to my biggest client (but
they can't traverse the VPN back into my network), and to my father in
law's house.  So it's like a private WAN for me.  I print invoices
directly to one of my clients printers, I send pictures of my daughter
to her grandparents hard drive directly.  My DNS is up 24x7 (and very
fast too).  And my web performance is quite snappy, especially on
frequently hit sites.  All in all, this is performing much better than
the old Linksys.  On top of that I get the other features I mentioned,
as well as other security features that you'll never see in a toaster
like that.

The out of pocket cost for me was about $30 (plus sales tax) for the
three PCI ethernet cards.  The PeeCee was an IBM PC 330 that a local
school threw out by the dozens.

Aside from periodically reviewing logs, there is really no maintenance. 
It just runs and runs.  Performance is great.

More information about the rescue mailing list