[mythtv-users] Slightly off topic: Network connection question

Tue Jan 1 19:44:41 UTC 2013

On 01/01/13 16:40, Bryan and Melissa Festa wrote:
>> Larry Finger wrote:
>>
>>> On 12/26/2012 05:59 PM, Joe Henley wrote:
>>>
>>>> Hi,
>>>>
>>>> Sorry if this is too far off topic....
>>>>
>>>> I want to pull my MythTV system (server, three clients) off my home wired
>>>> network and onto wired+wifi network.  I'm thinking that I rewire from:
>>>> cable modem --> router --> server and 3 clients
>>>>                                            --> office PCs
>>>> to:
>>>> cable modem --> switch --> router (both wired and wifi connections) -->
>>>> server
>>>> and 3 clients
>>>>                                             --> router (wired only) -->
>>>> office PCs
>>>>
>>>> I don't know if I can put a switch between the cable modem and the
>>>> router (or
>>>> two).  Thoughts, suggestions?
>>>>
>>>
>>> I'm sure you will get lots of suggestions; however, I don't think you can
>>> put the switch between the modem and the router. If you use NAT on the
>>> router, then you certainly cannot.
>>>
>>> For testing wireless drivers, I have three wireless routers that are
>>> cabled like this:
>>>
>>> modem --> router 1 --> router 2 --> router 3
>>>
>>> Router 1 has both wired and wireless clients. Routers 2 and 3 only have
>>> wireless clients.
>>>
>>> The one special thing that I have done is to leave the WAN ports on
>>> routers 2 and 3 empty, thus they are treated as switches with a wireless
>>> server. On them, DHCP is disabled, and they are given a fixed address in
>>> the network 192.168.1.0/24, but outside the range offered by the DHCP
>>> server in router 1.
>>>
>>> Why is it setup this way? The main benefit is that everything connected
>>> to this system has an address in the 192.168.1.X range, and every device
>>> can be accessed no matter which router is used for the connection.
>>>
>>> In your case, the latency will be reduced a little by putting the switch
>>> between your two routers.
>>>
>>
>> Thanks for your reply!
>> What I'm trying to accomplish with my suggested layout is to split my
>> network into two pieces, but both sharing the cable modem connection to my
>> ISP.  The first piece is the wired piece which has all the office devices
>> on it (desktops, NAS, printer, etc.)  This would be highly secured;
>> primarily via the firewall in the (wired) router.  The second piece is the
>> wireless piece which has MythTV, dlna TV net connections, and wireless
>> connections for Kindle and tablets.  This would be much less secured (even
>> with a wireless router) since it has wireless devices.
>>
>> What I'm trying to do is probably overkill, but I really don't have much
>> faith in the security of wireless routers, dlna on TV, ....
>>
>> I understand your comments about the modem -> switch -> router not working
>> -- and yes, I use NAT on the wired side.  The way I understand your
>> arrangement is that routers 2 & 3 are acting as managed switches.  Do I get
>> that right?
>> In your set up, how/where do you firewall the devices connected to routers
>> 2 & 3 from malicious wireless attacks?
>>
> Since I'm guessing your isp only issues one ip address per modem you will
> most likely want 3 routers. 1 router for say 192.168.1.x which will act as
> your backbone. Then connect a router for your functional network as
> 192.168.2.x and a router for your tv network as 192.168.3.x the two
> networks will not cross talk. From there it is up to you how many port
> switches you need or wireless access points.
> On Jan 1, 2013 11:25 AM, "Joe Henley" <joehenley at kc.rr.com> wrote:
>
Huh? This is the *exact* network topology I am using and I don't need three 
routers. Talk of NAT problems is irrelevant since all the internal networks are 
the same side of the firewall.

My system has a Jetway mini-itx board with an add-on multi-NIC card, but the 
same result could be had by using any motherboard and adding NICs. I run pfSense 
as my firewall software. The Internet side is connected to a cable modem which 
gets a single DHCP-assigned IP address.

On the "inside", as it were, I have three 192.168.x.x subnets defined although I 
don't use one of them at present. One is the "trusted" network with all the 
servers and linux workstations on it. The second is "untrusted" and has the 
windows boxes and the Wireless Access Point. The AP defines a fourth subnet 
which is used by all wireless users, filtered by MAC.

There are specific static routes defined such that wireless users and the 
windows boxes can access my printers and the myth server for mythweb, etc. Other 
than that there is little need for configuration.

-- 

Mike Perkins