![\"network-model\"](\"http:\/\/ahmeddirie.com\/wp-content\/uploads\/2009\/12\/network-model.png\" "\\"network-model\\"")
<\/p>\nI’ve got several computers lying around, and so I think its high time that I begin to make good use of them. More recently, I’ve been working with Vyatta’s operating system a lot more for my routing and security purposes. My previous project in getting Vyatta on the cloud has been successful. And so, this post will be about getting that same powerful enterprise network at the office… home.<\/p>\n
<\/p>\n
In my Cisco days, we followed a certain model that is similar to the 3-tier architecture. I won’t go into too much detail here, but it divides up your network into three levels; Core, Distribution, and Access. You must be wondering how we’re going to apply this concept to the home? \u00a0Below is a visual representation of what I’ve got in mind. We’ll break this down piece by piece and build each part as we go along.<\/p>\n
<\/p>\n
Typically, the Access Layer can be either switches or routers, depending on your setup. Just so my home network doesn’t get overly complicated, I’m going to leave that later as switches. Also, because this is being implemented in a home, you will notice that there are no redundant links here, ie, dual wan connections, etc.<\/p>\n
<\/p>\n
Setting up the Core Router<\/strong><\/p>\n For the Core Router, I’m using a computer with two network interfaces. We’re going to<\/p>\n Getting Started<\/strong><\/p>\n At this stage, I assume you would have already installed Vyatta. Once you’ve got it up and running, you should be able to logged in and see the main list of options. To begin configuring the router, type<\/p>\n Configuring the External Interface (eth0)<\/strong><\/p>\n We’ll start by configuring the external address. Because most homes don’t have a static ip address assigned to them for their internet connection, we’re going to configure our external interface with a dhcp address.<\/p>\n If you happen to have a static ip, and know your subnet mask, you can enter it as follows<\/p>\n Configuring the Internal Interface (eth1)<\/strong><\/p>\n We can now configure the internal address in the same way. However, this time we’ll have to assign an address ourselves.<\/p>\n So, from here we’ve set our internal network to be 10.0.0.0 with a subnet address of 255.255.255.248. Our core router has the .1 address, and so our distribution router will more than likely get a .2 address. This really isn’t set in stone. But if you feel you want to make it .3 or .6, go right ahead. Basically, all we’re doing here is using a convention that will be easy to remember.<\/p>\n Configuring SSH access<\/strong><\/p>\n Configuring SSH will allow us to have secure shell access to the router externally. I would set this up instead of Telnet for security purposes. It’s relatively simple. Basically, we want to change the port we connect to from the default (22) to something random, like 30000. Also, I’m going to deny root access to the system. If you wish to have root access, set it to true.<\/p>\n Configuring DHCP<\/strong><\/p>\n Technically speaking, you want to skip this section all-together. For your core router, you want it to strictly stay on the ball when it comes to doing its job, and this is forwarding packets between the distribution layer to the external network. However, because this is my home network, I’m not overly concerned.<\/p>\n Here, we’ll setup the DHCP server, give it a name (like the pool in Cisco), and the other characteristics.<\/p>\n For the DNS servers, I’ve set it up here to point to OpenDNS<\/a>. I setup all my routers to use their DNS servers. You don’t have to specify it here, you can set it as your router and specify the name servers in your global configuration as we will be doing in the next step.<\/p>\n\n
configure<\/pre>\n
set interfaces ethernet eth0 address dhcp\r\ncommit<\/pre>\n
set interfaces ethernet eth0 address 1.1.1.1\/24\r\ncommit<\/pre>\n
set interfaces ethernet eth1 address 10.0.0.1\/29\r\ncommit<\/pre>\n
set service ssh\r\nset service ssh port 30000\r\nset service ssh allow-root false\r\nset service ssh protocol-version all\r\ncommit<\/pre>\n
set service dhcp-server\r\nset service dhcp-server shared-network-name Pool1\r\nset service dhcp-server shared-network-name Pool1 subnet 10.0.0.0 default-router 10.0.0.1\r\nset service dhcp-server shared-network-name Pool1 subnet 10.0.0.0 start 10.0.0.2 end 10.0.0.6\r\nset service dhcp-server shared-network-name Pool1 subnet 10.0.0.0 exclude 10.0.0.1\r\nset service dhcp-server shared-network-name Pool1 subnet 10.0.0.0 dns-server 208.67.220.220\r\nset service dhcp-server shared-network-name Pool1 subnet 10.0.0.0 dns-server 208.67.222.222\r\ncommit<\/pre>\n