Archive for July, 2014

Adventures in Networking, Part 5: Splunking

When I finished part 4, I had a zone-based firewall set up with rules for traffic between each zone. Since I started with a locked-down configuration, how did I know what was getting blocked, especially those services that may run in the background without any user intervention? I solved this, and many other problems, by using Splunk to analyze my firewall rules and figure out what was getting blocked.

Read the rest of this entry »

Adventures in Networking, Part 4: Zone Defense

After part 3, I had a fully-functioning, switched network. So then why would I want to change that? Ah, because if it ain’t broke, you aren’t doing it right. As I stated before, ACL-based firewalls are limited, defining only inbound, outbound, and local (to the router) rules on each interface. I didn’t like that limitation, since it wasn’t granular enough for those VLAN-to-VLAN connections. Fortunately, though, EdgeOS has the capability to get as strict as you want, but you better be ready for some CLI configurations!

Read the rest of this entry »

Adventures in Networking, Part 3: Switch It Up

When I ended part 2, I had a functioning router with a WAN interface and two subnets. But unless you only have a couple of clients to connect to the router, how are you going to turn that one interface into many? Hubs are stupid and broadcast everything. A switch is better because it limits collision domains. However, with two subnets, using just one switch is rather pointless as it would join them together. What is needed is a managed switch so we can set up VLANs and separate those networks. So that’s what I bought.

Read the rest of this entry »

Adventures in Networking, Part 2: Initial Setup

Part 1 was the intro; now let’s assume that you just bought your EdgeRouter Lite, unboxed it, and plugged it in. Now what? It’s not exactly a plug-and-play device. Fortunately, it’s not too hard to set it up, and there is a lot of help with EdgeOS if you need it.

Read the rest of this entry »

Adventures in Networking, Part 1: Intro

I’m no CCNA, but computer networking is fun. I’ve always been the kind of person to configure everything by hand, build computers, hack up scripts to get things done, and so on. Years ago, I flashed my Linksys router with dd-wrt in order to get the most out of it (better performance mainly), but I was never really satisfied with that. The biggest gap was the lack of IPv6: because my router only had 4 MB of RAM, it could not load a dd-wrt version with IPv6 support. Once Comcast started handing out IPv6 addresses to my (purchased, not rented) Motorola Surfboard cable mode, which I discovered entirely by accident, I was even more unhappy. Alas, though, I was stuck with what I had for a while.

Read the rest of this entry »

  • Current Mood: Tired