[Wftl-lug] DSL or cable

[Paul M Foster]

On Sun, Dec 09, 2007 at 11:01:50PM -0500, Andrew wrote:

<snip>

> Gar mentioned using a home commodity router, I'm not that familiar
> with high speed hardware, could someone shed a little light for me?

There are a couple of ways to do this. First, the cable company will likely 
provide some kind of box that converts cable to RJ45 jacks. RJ45s have 8 
conductors and connect to Cat5 cable. Cat5 looks a lot like phone cable, as 
do its connectors. But with 8 conductors, the connectors and cable are a 
little bit more hefty.

The Cat5 cable that comes out of that box can go a couple of ways. My setup 
is like this: from my DSL modem (with RJ45 jacks, like your cable/Cat5 
converter box), it goes to an old Pentium I machine which serves as a 
router/firewall. It runs IPCop as a "firewall" Linux OS. This box has 2 NIC 
cards in it, one "in" (from the DSL modem), and one "out" to a "switch". A 
switch is a box that has one Cat5/RJ45 input and several outputs (you can 
buy these at computer stores). The outputs are from your switch to each 
computer. Thus, your firewall/router sits between your computers and the 
internet. Like this:

cable->router/firewall->switch->computer(s)

An alternative, and what Gar may have been talking about, is to eliminate 
that firewall/router PC and switch, and replace them with a single box, a 
router, which you can also buy at computer stores. In that case, you have 
this:

cable->router->computer(s)

A router like this is considerably smaller than a PC, and simplifies 
cabling. As I understand it (I've never used a store-bought router), there 
is a web interface to this box which allows you to adjust the parameters of 
your firewall (it also serves as a firewall) from your PC. You can block 
port 80 inbound (so no one can surf to any internal websites you've put 
up). You can block port 22 inbound (SSH). Etc.

The advantage to a store-bought router is that it is simple to cable, and 
relatively simple to set up and administer. You don't have to know a lot 
about TCP/IP packets, firewall rules, etc. The disadvantage is that, as a 
firewall, it is far less flexible and must be administered from your PC, 
since it has no keyboard or screen. By contrast, a PC serving as the 
firewall allows you to run iptables, which is the kernel-level firewalling 
software in Linux. Iptables is unbelievably flexible, and allows you to 
tailor firewall rules in any way you can imagine. The other advantage is 
that I can stand at the firewall, and, with keyboard and monitor, hack the 
firewall machine in any way I like, because it's just a Linux PC.

If you don't really want to know a lot about iptables, and you don't have 
spare old computer, and you don't want to learn the complexities of 
administering IPCop, Coyote, Smoothwall or some other "firewall" 
distribution, then a store-bought router is probably the best option. Me, 
I'm a geek and I want to know how to do this all myself, so I did it all 
the hard (complex) way. 

Additionally, your store-bought router may come with wireless capabilities, 
which your old PC firewall probably won't.

Paul

-- 
Paul M. Foster

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.