User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
selfhost:gateway [2025/02/18 11:06] – created willyselfhost:gateway [2025/03/13 14:59] (current) – [C) Network Gateway] willy
Line 1: Line 1:
 +====== C) Network Gateway ======
  
-===== Networking ===== +Your home has it's internal network (more details about it [[networking:start|here]]) and at least one external connection, your ISP.
-The second issue with using a laptop is that you will need at least twobetter three, wired Ethernet connections to use your server: +
-  * One LAN interface, to talk to all your home devices +
-  * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers)+
  
-I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICsIf you are lucky, your laptop should have one, the others needs to be added via USB network cards. This is where things get a bit complex because USB network cards are quite unreliable. Luckily Linux nowadays support most of existent USB network cards, but in my experience they tend to fail quite easilySome suggestions: +The interface between your internal network and the internet is also called your **gateway** and it's a critical piece of infrastructureYour Internet Service Provider (ISP) will indeed provide you with one device that acts as a gatewaybut you should think of this device as dangerous and not good to be your internet gateway because this device is actually in the hands of your ISP. In my experience, changing ISP will give you a different ISP gateway which will be incompatible with the older one and force you to change your internal networkMoreoverwho knows if your ISP gateway has backdoors or other security issues?
-  * Buy a known brandstick to 1Gbps cards +
-  * Prefer USB-3 ro USB-C (seems more solid kernel drivers?+
-  * Avoid "multi-hubs-with-also-ethernet" and buy devices that does only __one__ thing: networking +
-  * Keep them cooled: heat will make them fail more than often+
  
-If you experience links going down, buy a different brand / model and hope for the best.+In other words: you need to purchase and setup a dedicated gateway for your home network.
  
-===== Routing ===== +===== hardware =====
-Your laptop will be your server and your router. Which means that all your services will run on it as well as all your routing tables, fail-over between ISPs and such.+
  
-This means that if you mess up or need to reboot the laptop, your home will lose internet connection for a while. Also, if your laptop dies for any reason you will not only lose all your self-hosted services (until you restore a backup/replace hardware) but also everybody at home will be cut from internet. 
- 
-Setting up routing with multi-ISPs (fail-over, or load sharing...) will be done manually with a few routing rules and settings (see [[router:nat|Routing on the Home Server]], [[router:networking|Network Configuration for the Home Router]] and such pages).  
- 
-While less glamour than using a fancy web GUI, it fits the same purpose and maybe it's also interesting to learn. This approach doesn't limit you to anything, actually might even be more fun than the advanced approach, but more error-prone e less resilient. 
- 
- 
- 
- 
- 
- 
-===== Networking ===== 
 From the network hardware point of view, you want to purchase a so called **firewall appliance** with at least four Ethernet NICs. The CPU is not very important, the cheapest you find should be already more than enough. RAM and storage requirements might vary, depending if you want to do web caching or not. From the network hardware point of view, you want to purchase a so called **firewall appliance** with at least four Ethernet NICs. The CPU is not very important, the cheapest you find should be already more than enough. RAM and storage requirements might vary, depending if you want to do web caching or not.
  
Line 33: Line 14:
   * One LAN interface, to talk to all your home devices   * One LAN interface, to talk to all your home devices
   * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers)   * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers)
 +  * One DMZ for services on the home server
  
 I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you don't want to buy a dedicated firewall appliance hardware, you can always emulate one with a normal PC, plugging in as many PCI-Express NICs as needed. The overall power consumption will be higher tough, so i recommend to go for a low-power firewall appliance. In both cases, you will be installing OpnSense on it, so the hardware doesn't matter much. I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you don't want to buy a dedicated firewall appliance hardware, you can always emulate one with a normal PC, plugging in as many PCI-Express NICs as needed. The overall power consumption will be higher tough, so i recommend to go for a low-power firewall appliance. In both cases, you will be installing OpnSense on it, so the hardware doesn't matter much.
  
 +===== Software =====
  
-===== Routing ===== +My choice is the amazing [[https://opnsense.org/|OpnSense]] which is the best approach to unleash the full potential of your network, it let'you manage ISP failover, VLAN, DNS filtering and resolving, and much more using a nice web GUI interface on well-proven, state of the art, firewall dedicated software
-The routing for the home network will be managed by your firewall appliance and OpnSenseOF critical importance is to properly define how you want to organize your network, and understand how a firewall applicance works to be able to leverage it'power properly. +
- +
-More details will be provided later on.+
  
 +OpnSenses is based on BSD, so it's hardware compatibility list is quite limited, specially on the WiFi side of things...
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information