OpenBSD Router
I took an old 2.2 Celeron system that we were going to pitch, stuck a bunch of NICs in it…. and turned it on. Actually I installed OpenBSD 4.5, did some packet filter/firewall configuring and some DHCP goodness.
Here’s what I was looking to achieve:
WAN (Internet)
|
|-Work
|
LAN (Wireless link)
I’m going to have other people on the wireless link and I don’t want them having access to my work network. My solution was pretty simple. I assigned fixed IP addresses to each of my personal machines given out by MAC address via the DHCP server running on the router. I was also able to give the work domain name and DNS servers via DHCP to only my machines too. I then added one NAT line to the pf.conf file to only allow my fixed IP addresses out to the work network. The only way people would be able to access work is if they hard coded one of the IPs on their system… plus they’d need to know the IPs of our network and all that. I think it’s pretty safe.
Next thing to have the router do is traffic shaping. I want to do quality of service for our VOIP and throttle the kid so he doesn’t saturate the connection. The same thing goes for me and SMB to my workstation. I might install Nagios for fun. I’ll probably use the box to route to my web server too.
As far as the link itself, I’m having a hard time deciding what to do. The customer-premises equipment (CPE) that I’ll need to give to the rest of the folks that will be using the link hasn’t been released in the 802.11n version yet. If I buy 802.11g radios, I’ll lose the 80Mbps speeds I’ll get with a 802.11n bridge. I could just buy 802.11g stuff with the intention of selling it later. The Internet only comes down at 18Mbps sustained… which 802.11g can handle. But Comcast is rolling out 50Mbps service and 802.11n can handle that. Decisions, decisions.
Other than that, I’m sick as a dog. I took off a 1PM on Wednesday and stayed home today too. It’s nearly midnight and I’m not feeling much better.