Firewall Reset
19 Aug
For the last seven years running I have been in overkill mode with my home firewall. In my desire to learn more about networking I went overboard, as usual, and immersed myself into my own DIY home firewall project. The objective was a solid firewall built on the tenants of modern network engineering. Basic hardware/OS setup was as follows with number one being the exterior and bigger numbers moving towards the LAN:
- ADSL modem (i.e., SpeakEasy was my ISP)
- External router Soekris net4801 OS OpenBSD
- Bastion router Soekris net4801 OS OpenBSD
- DMZ web server Pentium II OS Ubuntu
- Internal router Soekris net4801 OS OpenBSD
However, last month I pulled the plug on SpeakEasy for a number of technical reasons and went back to cable internet with Comcast. Comcast does not allow open ports so the web server in the DMZ had to be hosted remotely (FYI – now hosted by Bluehost). With the web server gone I began to question the sanity of running a Split-screened subnet with dual-homed host and the resultant bi-yearly maintenance headaches that crop up when upgrading OpenBSD. So, I sold off two of the routers and reduced it to one external router running DHCP, dhclient and DNS cache. Life is much easier now or so I hope.
No comments yet