General Questions

I want to set up a network at home with the following components:
around 6 computers both wireless and connected.
A hardware firewall
A server for sentral storage of documents etc.

I currently use a 3com modem/wireless router for connecting them, which is connected to the internet

My setup: INTERNET ----- 3com router/wireless -------- pc 1,2,3,4,5,6

But now I want to setup a hardware firewall and a central server as well. But I can't understand how to set it up properly.

I plan on using a very simple hw firewall from one of my current computers, and install either http://m0n0.ch/wall/quickstart.php or http://www.alti.at/knowhow/obsdlivecd/fw.php or  http://sofi-firewall.sourceforge.net/routerctl/ .
I haven't installed any yet, just need help with figuring this out first before trying them out.

My question in this regard is:
How do I set all this up, when I have both cables and wireless network? I am unable to find anything about this on the internet, usually it only mentions that you need 2 network cards in the computer but nothing about wireless, nor how to set it up with several computers.

My suggestions are:

Suggestion 1: INTERNET ------ 3COM ROUTER ------ HW FIREWALL ------- ROUTER/SWITCH WITH WIRELESS ------- PC CLIENT 1,2,3,4 + server?

or, should the setup be like this?

Suggestion 2: INTERNET ------ HW FIREWALL WHICH TAKES OVER THE ROUTERFUNCTION TO 3COM ROUTER ------- ROUTER/SWITCH WITH WIRELESS ----- PC CLIENT 1,2,3,4 + server

OR

Suggestion 3: INTERNET ------ HW FIREWALL WHICH TAKES OVER THE ROUTERFUNCTION TO  3 COM ROUTER + WIRELESS -------- PC CLIENT 1,2,3,4 + server

Have anybody set up anything similar. Will it not be many sources of error if you have a router both behind and in front of the firewall? For instance with torrent clients which demands that some ports have to be opened. Where should I then open this ports, in the first router, the firewall, or the second router, the purpose is to be able to centralise the administration to the firewall alone?

Thanks in advance for taking your time

kanolsen

The simplest and most straightforward setup would be:

Internet Modem > WAN NIC on Firewall/Router (m0n0wall or other) >

>LAN NIC_1 on Firewall/Router > Switch > wired computer(s) and wireless router/access point
>LAN NIC_2 (DMZ) on Firewall/Router > server

You could, optionally, set up separate NIC's and networks for the wired and wireless clients, but in any case a DMZ for the server is a good security measure.

The DMZ gives you the ability to "wall off" the server on its own IP network and limit access between it and the client computers on the LAN, which you'll want to give freer access to things you wouldn't want open to a server.

Give m0n0wall a try. It'll teach you a lot about how a real firewall and router work, in comparison with the run-of-the-mill SOHO routers that let everything in unless you specifically shut it down. Monowall is much more robust and secure, and it's not uncommon for them to run for a year or more fuss-free once properly set up.

I know there are plenty of other NIC's out there but I've gotten great, hassle-free performance from Intel NIC's. Monowall recognizes them instantly and works flawlessly with them. Just my opinion. You can get them for $8-10 on ebay, so they don't need to cost much more than a cheap Realtek NIC.

Hope this makes some sense.

Thank you very much, for such quick answer.

I have to have a Internet modem first before the firewall (I now use the 3com with wireless  - I assume I have to turn the wireless off). But won't it create problems for me with port forwarding and stuff since it also has many settings for configuring ports  and settings, should they be shut down somehow so everything is shipped straight through to the firewall for sorting and forwarding there?

Or else I have to set up port forwarding in both internet modem and firewall?

Thanks in advance
kanolsen

I want to set up a network at home with the following components:
around 6 computers both wireless and connected.
A hardware firewall
A server for sentral storage of documents etc.

I currently use a 3com modem/wireless router for connecting them, which is connected to the internet

Have anybody set up anything similar. Will it not be many sources of error if you have a router both behind and in front of the firewall?
kanolsen

To begin with, the 3Com modem may have a mode for pass-through. If it's a cable modem or DSL it can be configured in most devices (endpoints.) But if it can't, my suggestion would be to use a new cable or DSL modem of your choice that has an option like this. For instance, you can pick up a cheap Linksys Modem and it only hands off ethernet to the router of your choice. To find out if the 3Com will do what you want, go to the 3Com support site and read the manual or FAQs on using the device as a passthrough or in transparent mode. You will need to disable routing, SPI firewall,  AND dhcp.
Next, use your M0n0wall as the ONLY firewall and DHCP server on your network. The ethernet coming from the modem will just plug into the M0n0wall and you can use DHCP auto configuration for the WAN port. If you have a static IP, set up the WAN port with the settings your ISP provided. Enable dhcp for the M0n0wall LAN port. Attach your network switch to this, or plug it into one of the LAN ports on your WiFi router and leave the WAN port on that device open. Some WiFi routers will give you a hard time when the WAN port is set to auto dhcp AND unplugged, so configure that port with an imaginary subnet with static settings. You CAN use the WiFi router with the WAN port connected to the M0n0wall if you like, but then the M0n0wall will only see one IP address in that case, so any user-or IP-based settings in the M0n0wall will be useless.
Another option I've been pimpin' lately is Untangle Server. The firewall and router "racks" in the software are not as detailed or full-fledged as M0n0wall. And you will need a much more powerful PC to run it on, too. But the big plus is full filtering capabilities for your network users, meaning you can stop any of your users from viewing p0rn, gambling, violent, etc. contents. Plus you can stop P2P apps or forbid any site or all sites except the ones you want people to use (walled garden.) There's also the transparent mode which I use in addition to the M0n0wall so that all traffice must pass through the Untangle Server before reaching the M0n0wall, so my wife and I are unrestricted while our kids are filtered. This server can also provide VERY detailed, sexy reports which show all sites visited, bandwidth, protocols, banned requests and the user that tried to access it, etc. It's worth a look: http://www.untangle.com
Good luck and happy routing.