[geeks] My network configuration

Charles Shannon Hendrix shannon at widomaker.com
Sat Mar 31 13:59:33 CDT 2007 

I have been using my "new" network configuration for a few weeks now,
and I'm posting it here since several threads talked about using
an Ultra 1 as a router, etc.

My network is a private LAN at 192.168.1/24.  It has a WAN gateway via
PPP to my ISP.  It also has a gateway to 192.168.100/24, which is not my
network.  That network has a WAN gateway to a cable network, and I use
that as my default route.

It looks like this in ascii:




                           PC workstattion
						    192.168.1.10
                                  |
	192.168.1/24 ->    o----------+-----------------+-------------o
                                 /                  |
                                /           192.168.1.3 - .20
                               /                <servers>
                              /
                             /
				      192.168.1.2
               gateway (news,DNS,mail,routing), Ultra 1
			          192.168.100.251
			                |
							|
                      192.168.100.250
					WAG54AG (game adapter)
                            .
                            .
                            .
                            .
                            . <-- 802g wireless link
                            .
                            .
                            .
                            .
					 192.168.100.1
                   WRT54G WLAN router
				         |
	192.168.100/24 -> o--+----------------------------+------------o
	                                                  |
						                            .100-150
                                                  <client machines>

The gateway machine is a Sun Ultra 1 with two happy meal interfaces, one
of which goes to a gaming adapter to make the wireless bridge to the
other private LAN.  It runs NetBSD 3.1.

routes on the Ultra 1 gateway machine:

Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default            192.168.100.1      UGS         2     1953      -  hme1
127/8              127.0.0.1          UGRS        0        0  33136  lo0
127.0.0.1          127.0.0.1          UH          1       64  33136  lo0
192.168.1/24       link#1             UC          4        0      -  hme0
192.168.1.254      link#1             UHLc        1       35      -  hme0
192.168.100/24     link#2             UC          1        0      -  hme1

When my PPP link is up to my ISP, I also have these routes:

Routing tables

204.17.220/24      69.72.100.23       UGS         1        1      -  ppp0
<and routes to the mail servers, DNS, and news>

For the PPP link, I have to use ipnat to do redirection for anything
going out of that link:

map ppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000

I don't map ftp, because I don't expect to ever use that link for
anything except ISP traffic, and a couple of special hosts.

I also have firewall rules in ipf.conf.

This setup almost worked, but I found that I also had to set up ipnat
for hme1 to the other private LAN.  I thought maybe NetBSD's ip
forwarding would automatically take care of that, but it doesn't.

I'm still a little bit puzzled, since I thought that you only needed NAT
when you were mapping one range of IP addresses to another.

Nevertheless, these entries took care of the rest:

map hme1 192.168.1.0/24 -> 192.168.100.251/32 proxy port ftp ftp/tcp
map hme1 192.168.1.0/24 -> 192.168.100.251/32 portmap tcp/udp 40000:60000
< and a list of redirects for certain services >

Oh, and one more thing:

The WRT54G on the other LAN needed a static route back to my network.

So far NetBSD on the little Ultra 1 is doing a fine job.

I don't have huge firewall rules, but I do have a couple dozen, and I
still get good speed on both hme interfaces, even at the same time.

Problems I've noticed:

The WRT54G isn't that impressive to me. It seems to balk under heavy or
even medium network loads and the WWW interface is often unresponsive or
painfully slow.  It seems to really stagger when hit with a lot of
little packets.  It's routing and NAT rules interface sucks, badly.

The WGA54AG mostly works. It's pretty simple after all. However, it runs
very hot, and it occasionally stops working. I can either wait for it
to start working, or toggle power. The newer firmware is supposed to
fix this problem, but the firmware update never works for me. Not even
running sftp.exe under Windows to update the firmware works.

NetBSD and the Ultra 1: The only problem so far is that once in awhile,
it will stop routing packets.  No errors, and no CPU load, it just stops
for a bit, or packets will route really slowly.

Since it isn't a CPU load issue, I even wonder if it some kind of
built-in governing, because it does frequently happen when it is routing
large number of tiny packets from peer-to-peer clients.

All in all, I'm pretty happy.  The Ultra 1 is a lot faster at routing
than I was expecting it to be.

OpenBSD might be easier, I don't know, and probably won't bother trying
unless this fails in some way.

-- 
shannon           | We are all of us in the gutter, some of us looking at the 
                  | stars.  
                  |         -- Oscar Wilde

More information about the geeks mailing list