Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| selfhost:gateway [2025/02/18 11:12] – willy | selfhost:gateway [2025/03/13 14:59] (current) – [C) Network Gateway] willy | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== C) Network Gateway ====== | ||
| + | Your home has it's internal network (more details about it [[networking: | ||
| + | The interface between your internal network and the internet is also called your **gateway** and it's a critical piece of infrastructure. Your Internet Service Provider (ISP) will indeed provide you with one device that acts as a gateway, but you should think of this device as dangerous and not good to be your internet gateway because this device is actually in the hands of your ISP. In my experience, changing ISP will give you a different ISP gateway which will be incompatible with the older one and force you to change your internal network. Moreover, who knows if your ISP gateway has backdoors or other security issues? | ||
| - | Using a dedicated firewall appliance like [[https:// | + | In other words: you need to purchase |
| + | ===== hardware ===== | ||
| - | |||
| - | |||
| - | ===== Networking ===== | ||
| - | The second issue with using a laptop is that you will need at least two, better three, wired Ethernet connections to use your server: | ||
| - | * One LAN interface, to talk to all your home devices | ||
| - | * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers) | ||
| - | |||
| - | I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you are lucky, your laptop should have one, the others needs to be added via USB network cards. This is where things get a bit complex because USB network cards are quite unreliable. Luckily Linux nowadays support most of existent USB network cards, but in my experience they tend to fail quite easily. Some suggestions: | ||
| - | * Buy a known brand, stick to 1Gbps cards | ||
| - | * Prefer USB-3 ro USB-C (seems more solid kernel drivers?) | ||
| - | * Avoid " | ||
| - | * Keep them cooled: heat will make them fail more than often | ||
| - | |||
| - | If you experience links going down, buy a different brand / model and hope for the best. | ||
| - | |||
| - | ===== Routing ===== | ||
| - | Your laptop will be your server and your router. Which means that all your services will run on it as well as all your routing tables, fail-over between ISPs and such. | ||
| - | |||
| - | This means that if you mess up or need to reboot the laptop, your home will lose internet connection for a while. Also, if your laptop dies for any reason you will not only lose all your self-hosted services (until you restore a backup/ | ||
| - | |||
| - | Setting up routing with multi-ISPs (fail-over, or load sharing...) will be done manually with a few routing rules and settings (see [[router: | ||
| - | |||
| - | While less glamour than using a fancy web GUI, it fits the same purpose and maybe it's also interesting to learn. This approach doesn' | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ===== Networking ===== | ||
| From the network hardware point of view, you want to purchase a so called **firewall appliance** with at least four Ethernet NICs. The CPU is not very important, the cheapest you find should be already more than enough. RAM and storage requirements might vary, depending if you want to do web caching or not. | From the network hardware point of view, you want to purchase a so called **firewall appliance** with at least four Ethernet NICs. The CPU is not very important, the cheapest you find should be already more than enough. RAM and storage requirements might vary, depending if you want to do web caching or not. | ||
| Line 40: | Line 14: | ||
| * One LAN interface, to talk to all your home devices | * One LAN interface, to talk to all your home devices | ||
| * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers) | * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers) | ||
| + | * One DMZ for services on the home server | ||
| I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you don't want to buy a dedicated firewall appliance hardware, you can always emulate one with a normal PC, plugging in as many PCI-Express NICs as needed. The overall power consumption will be higher tough, so i recommend to go for a low-power firewall appliance. In both cases, you will be installing OpnSense on it, so the hardware doesn' | I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you don't want to buy a dedicated firewall appliance hardware, you can always emulate one with a normal PC, plugging in as many PCI-Express NICs as needed. The overall power consumption will be higher tough, so i recommend to go for a low-power firewall appliance. In both cases, you will be installing OpnSense on it, so the hardware doesn' | ||
| + | ===== Software ===== | ||
| - | ===== Routing ===== | + | My choice is the amazing [[https:// |
| - | The routing for the home network will be managed by your firewall appliance and OpnSense. OF critical importance | + | |
| - | + | ||
| - | More details will be provided later on. | + | |
| + | OpnSenses is based on BSD, so it's hardware compatibility list is quite limited, specially on the WiFi side of things... | ||