[rescue] CompUSA broadband "router"

ssandau at bath.tmac.com ssandau at bath.tmac.com
Sun Jun 23 22:51:28 CDT 2002 

> > Do these things (or anything like them) allow for some ports to have
> > private address space (with NAT) and other ports have public address space
> > that can be used as a DMZ?
> 
> Hi Paul,
> 
> This is why I dumped the Linksys "DSL Router" for an OpenBSD box running
> on an old PeeCee with 3x PCI ethernet cards.
> 
> IMHO, there is not a secure way to do a DMZ network with these things.
> To be fair, that is well outside of what the engineers had intended.
> 
> In addition, my ISP (AOL/Time Warner Road Runner of North Carolina) is
> known locally for shoddy DNS service.  So I needed a local DNS server.
> Lastly I have machines all over the house that go to the same web sites,
> so a caching http proxy was warranted.
> 
> So I went down to the basement, grabbed a P100 with 1.2GB HD, 16MB RAM
> (since doubled to 32MB) and installed the latest OpenBSD snapshot.  On
> top of that I put dhcpd, named and squid.  It's got a third leg network
> (DMZ) for my public servers, as well as my IRC client.  Everything else
> is protected behind a much more robust set of firewall rules.  Oh yeah
> it also acts as a VPN gateway connecting me to my biggest client (but
> they can't traverse the VPN back into my network), and to my father in
> law's house.  So it's like a private WAN for me.  I print invoices
> directly to one of my clients printers, I send pictures of my daughter
> to her grandparents hard drive directly.  My DNS is up 24x7 (and very
> fast too).  And my web performance is quite snappy, especially on
> frequently hit sites.  All in all, this is performing much better than
> the old Linksys.  On top of that I get the other features I mentioned,
> as well as other security features that you'll never see in a toaster
> like that.
> 
> The out of pocket cost for me was about $30 (plus sales tax) for the
> three PCI ethernet cards.  The PeeCee was an IBM PC 330 that a local
> school threw out by the dozens.
> 
> Aside from periodically reviewing logs, there is really no maintenance.
> It just runs and runs.  Performance is great.

Pretty much what I have set up. I also have all my local in-house
machines in the DNS, so I don't need a hosts file on each one.

Works very well for mea nd was entirely free. I like free. ;)

-- 
Steve Sandau, IS Technician
ssandau at bath.tmac.com
TMA Bath Maine

More information about the rescue mailing list