Joshie.com

Now that I have my Actiontec FiOS router acting as a double bridge I am able to put devices on public IP space since I have 13 static IPs from Verizon. The problem is that I don't really want to hang much on public IP space with no protection. It sounds ironic that I went through all that effort to double bridge only to hide devices, but it really does make sense. :)

My father had given me his old Compaq 700Mhz, 256Mb RAM, 20Gb HD machine some months ago and I almost tossed it several times, but it ended up being a perfect firewall device. I bought 3 Zonet Gigabit PCI Ethernet cards at $14.99 each (Micro Center) which are nice cards because they are cheap and inside they are Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet cards so they work just fine with Linux.

Now I had a firewall/router as far as hardware, and I just needed to figure out what software I was going to run. I narrowed it down to pfSense and SmoothWall. I really liked SmoothWall, but it didn't allow me to have multiple Red (Public) network IP addresses. Since I have 13 addresses this is a pretty big deal. Still I spent some time with SmoothWall because I thought there might be something I could find to fix that pretty major issue. I found the Full Firewall Control homebrew mod which solved ALL my issues. I also found Mod Commander which allows for extremely easy install of the most popular mods for SmoothWall. I very much recommend Custom ISO Creator to make a backup of your system. It makes an ISO that can re-install the OS exactly as it was. If you aren't in need of constant backup then taking a monthly ISO snapshot is probably good for most folks. If the hard drive goes then pop in a new hard drive, boot up the ISO burned to a CD and you are back in business.

 My configuration is pretty simple. I have the Red / Orange / Green configuration. The Red network comes in from the Actiontec's dirty ethernet port #1 and I assign 12 of my 13 public IPs. I have a VPN device connected to the Actiontec's dirty ethernet port #2 and it has a public IP. The VPN device has a LAN switch on it so the Green network from the SmoothWall goes in to that VPN's LAN switch. SmoothWall provides DHCP to the Green network. From the VPN switch I connect to the WAN port on the Actiontec to give network to the FiOS cable boxes. My primary Airport Extreme also connects to the VPN's LAN switch and is set to bridge the connection. So my Purple (wireless) network is really just the Green network. I didn't need to make a seperate Purple network. The Orange (DMZ) network is where my VMWare ESXi server and my Openfiler storage server live. They have services exposed to the Red (Public) network via rules in the SmoothWall.

Sometime soon I'll write up how my ESXi accesses my Openfiler server via iSCSI on a secondary storage network. I think it is really cool and is so much cheaper than the Drobo Elite that I wanted to buy, but honestly couldn't afford. That will be a longer and more complicated article.