We have a crowded home network
that is shared with our tenants. We need to have secure access to the
Internet and we want to have several machines without our Internet provider
charging us for eating up their address space. For example gaming
sessions, working on other people's machines and also playing around with new
hardware. I also want to use a real firewall because quite honestly our
Linksys BEFSR41 has not cut it.
We use our workstations for
gaming, web access, office stuff, occasional mp3 downloading, etc. We had
a tenant who was the MP3 sharing bandwidth hog from hell. Fortunately he
moved out but this did illustrate three problems with our network which we
needed to resolve for future rental situations.
1) Our cute Linksys
BEFSR41 NAT Router tends to hang when there are too many streams as caused by
mp3 sharing programs and certain online games. Our former tenant's
Limewire was notorious for sending it on a coffee break. Once it stops
responding it needs a power-off reset to get it going again. This not only
causes me stress but it also upsets my wife who needs bandwidth to be
happy. I have flashed numerous versions of code, tried cooling the thing
and even wiped the configuration and restarted to no avail. From other
people's perspective this is a rare problem - most people are happy with this
box.
2) It'd be nice to have the capability to limit our bandwidth
allocation to our tenant and make them use the connection according to our ISPs
user acceptance policy, so we can abuse the bandwidth. Smoothwall is still
based on LINUX which allows me to implement traffic throttling if I chose
to. As it is I chose to move my game/ftp/web/etc server to the same
segment as our tenant so restricting traffic isn't a good idea. We can
monitor the traffic which is good enough. Rent increases are another
method of bandwidth restriction, no?
3) Our previous tenant was about as
computer literate as a brick (the red kind). When he fired up his cute
brand-name PC, it immediately started transmitting a LOT of packets with no
apparent services running. His MP3 program wasn't even up. Did I
want this potentially hacked system on the same network as my systems?
No. I wanted to set up a DMZ which would keep the tenant's machine away.
If it gets hacked it is a small threat to my important stuff.
We needed to replace the existing router with a device that costs
a similar amount (does anyone want to buy a grumpy BEFSR41? No?), does not
go on stress leave when it's too busy, protects our network, allows NAT for
external-facing services and does bandwidth restriction by DMZ/interface.
I also need a separate zone for my network including my wife's parents. I
need this machine to fit in my network rack as well so it can't be too
large.
This rack guarded by my insane cat. She is clearly
nipped. What? Why do I have a network equipment rack?
Network equipment rack: $25 (from building salvage company - good
score bro!). Look on co-worker's faces when they see pics of computer
room: priceless.
Actually it just seemed like a cool thing to do.
Maybe I will convert it into a stereo stand later.
