Practical Home Networking
 Using a Linux Router
Tony Bemus
Penguicon 2015
http://2015.penguicon.org
http://bemushosting.com
Notes:
What I'm going to talk about 
  • Internet Interactions
  • Inside the Home Network
  • Replace the Commercial Router
  • Physical Design of the Network
  • Logical Design of the Network
  • Configure the new Router
  • Addressing Devices
  • Port Forwarding
  • Public IP address
  • Dynamic DNS (DDNS)
Notes:
ISP
Home/Coffee Shop
Web Server
You
Google.com / Facebook.com / MDLUG.org
Typical Internet  interactions
Notes:
ISP
Home/Coffee Shop
Home Network
You / Remote User
Home Server
Notes:
Inside the Home Network
  • Modem / 
ISP Router


  • WIFI Router


  • Switch


  • Server / PC
Notes:
Replace the
Commercial Router
  • PC / laptop
  • Download software
  • IPFire.org / IPcop.org
  • Smoothwall.org
  • PF Sense
What you need:
Notes:
Computer Requirements
  • 1000 Mhz
  • 128 MB Ram
  • 2 GB HD
Minimum
Recommended
  • 2.4 Ghz Pentium 4
  • 1 GB + Ram
  • 20 GB + Hard drive
Required - 2 Network Cards (NIC)
Choices:
  • wired and wired
  • wired and wireless
  • wireless and wireless
Notes:
Physical Design
ISP Modem
Linux Router
PC / Home Server
Wireless AP
Notes:
Logical Design
Common ISP Modem networks to avoid
  • 192.168.0.x
  • 192.168.1.x
  • 10.0.0.x
http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
RFC1918 name     IP address range     number of addresses
24-bit block     10.0.0.0 - 10.255.255.255     16,777,216  
20-bit block     172.16.0.0 - 172.31.255.255     1,048,576  
16-bit block     192.168.0.0 - 192.168.255.255     65,536  
Safe Networks To Use
I suggest to stay close to your ISP modem
and just change the third number:
ISP - 192.168.1.x        Yours - 192.168.2.x
Notes:
Initial Router Config
Red NIC goes to Modem = DHCP
Green NIC goes to Switch = Static IP
Blue NIC goes for Wireless  = Static IP
   (optional static - 192.168.3.1)
Orange NIC is for DMZ = Static IP
   (optional static - 192.168.4.1)
Gets address from the ISP Modem
first or last in your range: 192.168.2.1
Notes:
Initial Router Config cont...
Enable DHCP server
Set DNS as the router green IP
If you are reusing your wireless router:
  • Turn off DHCP server 
  • Set IP address on the inside of your green
DHCP Pool range about 100 addresses:
192.168.2.100 - 192.168.2.200
This will leave room for static address devices
Notes:
Addressing Devices
Static Assignment
DHCP reservation
Manualy assign and configure device
Configure DHCP to give the same address
to a single device.
No device configuration needed (leave as DHCP)
Usually inside DHCP pool
***  Static address are ALLWAYS
         outside of the DHCP pool
          192.168.2.1 - 192.168.2.99
Notes:
ABC Network
192.168.2.1 - Router (Static)
192.168.2.2 - Wireless AP (Static)
192.168.2.101 - Home Server (DHCP)
192.168.2.102 - Printer (DHCP)
Use both static and DHCP reservations!
Client PC are handled by DHCP
Notes:
Port Forwarding
Only  forward ports needed!!!
Shut off port not currently being used
Common TCP ports to forward:
  • 22 - SSH / SSHFS / FTPS
  • 80 - HTTP
  • 443 - HTTPS
  • 3389 - RDP
Notes:
Port Forwarding cont...
Source Port is from the internet
Destination port is on your server
Open SSH to server
Source port 22 to destination port 22
  on IP address 192.168.2.101
This model allows for changing the source
port without having to configure the server
Thus Security through Obscurity 
*** Not Really Secure
Notes:
Public IP address
ISP supplied DHCP
ISP supplied Static IP
Static IP is better for hosting servers
**  Monthly charges apply
*The Most Common
Not conducive to hosting servers
Dynamic DNS Needed
Client software needed to report current Public IP address
two options - do not use both
  • Linux Routers have it built in
  • ddclient on one of the servers

Notes:
Dynamic DNS (DDNS)
Services
http://www.gnutomorrow.com/best-free-dynamic-dns-services-in-2013/
Best Free Dynamic DNS Services
  • *Namecheap.com Domain Registrar 
                                                              *** Free Dynamic DNS
  • DNSExit.com
  • DYNU.com
  • FreeDNS.afraid.org
  • System-NS.com (Beta)
* - This is what I use
Notes:
http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
Private IP ranges
References
License
Presentation by Tony Bemus is licensed under a Creative Commons
Attribution-ShareAlike 4.0 International License.
Based on a work at http://bemushosting.com/practical-networking-using-linux-router.
http://www.gnutomorrow.com/best-free-dynamic-dns-services-in-2013/
Best Free Dynamic DNS Services
Notes: