I have configured my LAN to provide a number of services that most home
LANs lack. This has improved the utility of my network, as well as
security.
|
The Basics
My lan is composed of a 100 megabit wired subnet and a 802.11b
wireless subnet. My three computers are usually connected to the
wired subnet, but my laptop sometimes connects via wifi.
Security
My wired network has modest security needs, however it is
protected from the Internet by my firewall, and
additionally I restrict network drives to those IP addresses assigned
to my computers.
Given poor options available for wireless security, I protect my
traffic with
an SSH tunnel to a proxy server. In addition, I block all traffic
from the wireless network that is not directed to my SSH server. HTTP
connections are redirected to a page that informs users that my
network is not open to the public.
Services
Apart from the usual network drives and Internet access, a number
of services are provided on my network. The primary one is a DHCP
server. While broadband routers provide this functionality, running
my own DHCP server allows me to set static IP addresses for my
computers while reserving a range for guest computers. I also run a
private DNS server because in the past I have had performance
and reliability problems with the one provided by Shaw. A side effect
of this is that I can assign meaningful names to my computers without
having to maintain a hosts file on all the machines. I use the
version of BIND
that ships with OpenBSD. Since my LAN provided a convenient testbed
for some DNS projects I was assigned at work, I also have a slave
server running on my desktop that uses zone replication, and both
servers allow me to do reverse lookups for my private IP space.
My webserver has a virtual host
configured to provide a number of services I find useful, such as
a private wiki and webmail for arbitraryconstant.com. I also have a
vhost configured as a caching proxy for Ubuntu's repositories, since
that distribution's popularity has caused significant slowdown for me
during updates.
|