Home Networking Joy
Quite some time ago, my wife “tired” of me deciding that my firewall needed rebooting, reconfiguring in the late hours of the evening. I finally got tired of the complaints and said: you’re getting your own router. I needed a way to share the Epson Inkjet printer as well (which had a parallel interface), so I bought a D-Link 704P, which in addition to being a router also has a parallel port on the back for making an old printer “networkable.” She’d have access to the printer (it was hooked up to her router, after all), and I had creative ways of hooking into her network so I could print too.
Since that time, that Epson printer has been replaced with a Konica Minolta Magicolor 2350. This printer has an Ethernet port, so the D-Link was no longer necessary. I’ve swapped my wife’s router more times than I care to count, of course doing it when I knew she wasn’t using the computer. The printer had to be on her network, of course, so she should use it even when my own network was subject to my own personal armageddon.
As you’ve read in my past few blog entries, I’ve brought my WiFi Access Point back to life. Because I trust WiFi about as well as I can see the radio waves, it’s gotta be on a seperate network from both my wife’s network and my own.
If that’s not enough, I want all of the networks (my wife’s included) subject to the rateshaping I’ve got set up. At the same time, my wife’s gotta be able to still use the Internet if my firewall decides it no longer wants to operate, either because the hardware dies or because I do something stupid.
As a result of all of these requirements, my firewall now pretty much resembles a standard three-legged configuration: WAN (connected to the cable modem), LAN (my personal network), and DMZ. On my DMZ, I have the WiFi stuff. I also have my wife’s router. While this might sound like my wife’s now subject to my network problems, it’s not. Her outer is a Nexland ISB Pro 800 Turbo (Nexland is now owned by Symantec). The only redeeming quality about this particular router is that it has two WAN ports. You can either configure them in a load-balancing configuration or a master/backup configuration. The WAN 1 port is configured as the primary and it’s connected to my DMZ. Here, she can benefit from the rateshaping I do. The WAN 2 port is connected directly to the cable modem. If for some reason my firewall goes away, she can still access the Internet directly through the cable modem.
In order for me to be able to access the printer despite all this, I had to add a second path into my wife’s network: a “backdoor” router that basically allows me access to her LAN while bypassing her router and my firewall. The backdoor router doesn’t allow her access into my network, though.
How could I simplify this? If my main firewall had a forth interface on it (which it can’t due to hardware limitations), I could put my wife’s network behind that, configure a small hole in her firewall to allow me to use the printer, and be done with it. Since I don’t trust what might be on my current DMZ due to the WiFi, I can’t do that now, thus my “backdoor” router.
My home network is complicated, no two ways about it. It is partially complicated because I am a paranoid bastard, and complicated because of the requirements. This is probably how corporate networks turn into such complete nightmares. At least this is small scale, and as the one-and-only network administrator, I can pretty much change things as I see fit. Imagime throwing the beauracracy of the typical company into the mix.