[SATLUG] Home Network Configuration

David Kowis dkowis at shlrm.org
Thu Apr 22 08:56:14 CDT 2010

On 4/21/2010 11:45 PM, Dylan Nelson wrote:
> I want to do some home networking with building my own hardware firewall. I
> want to run either openbsd, iptables (like ipfire), and need a linux server.
> I need some serious practice on these kind of configurations. The problems
> come in play with constant trial and error with the home network while my
> wife is home and online. No kind of 'sorry honey, building a firewall. Oh,
> oops about shutting the dvr connection off during Glee' is even
> approachable. How can I build my own practice lab without really affecting
> her network until I can expertly configure this setup. thanks in advance. Oh
> here is all I got on hand:
>    - desktop with three nics (firewall)
>    - 3 desktops (1 mac as multimedia pc)
>    - 2 laptops
>    - 2 smartphones
>    - 1 ipod (wireless)
>    - switch ( 8 port)
>    - modem
>    - router (Netgear g. might get n soon).
>    - also, a soekris board in mail soon.

I've always been a big fan of shorewall. It's a scripted interface to
iptables. The configuration scripts are easily copy-able between
multiple machines and are isolated to /etc/shrorewall and
/etc/shorewall6 (for ip6tables).

It's got support for traffic shaping, which is wonderful. Linux traffic
shaping was difficult for me to understand, and the shorewall setup
helped alleviate that somewhat.

I use an openwrt now after my original dell computer died (the harddrive
has a nice groove in it.) I was able to make a few changes to interface
names, and remove the ebtables specific stuff (because openwrt doesn't
have ebtables support.) And then apply my existing shorewall
configuration onto a completely different system and architecture.
That's really nice.

But as for a practice lab, you could use virtualbox even to test your
firewall. Run it on your desktop, build the machine the way you want,
and then you can test the ports being forwarded and such. You can use a
second virtualbox machine attached to the firewall and simulate NAT and
other such things to ensure it actually works.


More information about the SATLUG mailing list