ulyssesonline.com

I redesigned my home network the other day. Previously, I had two separate private networks. One wired network and a wireless network. Both networks were behind a Smoothwall Linux firewall running on my old PC. The wired network was directly behind the Smoothwall firewall while the wireless network was behind the wired network which means it’s going through two NATs or network address translations. Well, it’s not a very good design. It was probably causing a little bit of propagation delay.

With the new design, I essentially collapsed the two networks into one and got rid of the extra NAT for the wireless users. I like the simplicity of the design, but in my opinion, it makes my wired network vulnerable to potential hacks since it’s shared with the wireless network. It does have it’s own advantage. The new network design simplifies the network by making several applications, e.g. Samba and VNCserver work seamlessly without adding firewall rules in the wireless access point, the second NAT.

Another improvement to the internal network is replacement of an older 4-port hub with a 8-port 100mb switch. The change will speed up data transfers between computers within the internal network. Another positive is replacing the older 802.11b wireless access point with a newer 802.11g access point. So, my wireless network is now operating at a higher speed of 54mbps instead of 11mbps.

Unfortunately, you can’t have everything. My old access point had a feature I really liked which suprisingly is not available with on the new wireless access point. This feature is called MAC address filtering, a security feature for isolating wireless networks. MAC filtering essentially denies access to any wireless device that’s not on the list of approved MAC addresses. I wished that feature is available on my new access point, then I can really go to town.

So, with the network redesign, I accomplished many things; simplifying the internal network, removing the second NAT, removing the extra firewall, and finally making applications work seamlessly without the additional firewall rules. I just wished the MAC address filtering was available on the new wireless access point.