Jiffy Script, Inc.: Networking: Papers: Home Networking

unix
security
networking

tools

papers

Home Networking

abermud

video
contact
home

Home networking in a single IP environment

Jeffrey S. Marker, CISSP
magic@jiffyscript.com

Abstract:

This document describes the building of a multiple host home network when one's Internet Service Provider only assigns a single public IP address. Four designs are presented.

Background

The following is information pertinent to all of the discussion:
Cable modem or DSL router Two hosts desktop laptop Possible hub, switch, or router/firewall ISP assigns us "dsl.example.com" Internal network is 10.10.13.0/24 NAT and ipforwarding enabled on the desktop

Single NIC

This is the design when we only have a single network card for each machine we seek to use.

Figure 1: Single network card diagram
$\begin{figure}\begin{center} \leavevmode \hbox{%% \epsfysize =4in \epsffile{single-nic.eps}} \end{center}\end{figure}$

The machine we will use as our gateway is on the left.
We connect the modem/router to the hub's "uplink" port. If the hub does not have an uplink port, we'll need a cross-over cable.
We connect the gateway machine to the hub and arrange for its interface to have both the ISP's assigned address and an address on the internal net. In the diagram, that is 10.10.13.1.
We connect the laptop to the hub and give it an IP address on the internal network. In the diagram, that is 10.10.13.2. We then set the default route for the laptop to 10.10.13.1, the internal address for the gateway.

Single NIC benefits

Some of the benefites of this design are as follow:
No need for additional network cards Some computers may only be able to handle one card Multiple machines can be on the internal network

Single NIC drawbacks

Some of the drawbacks of this design are as follow:
Traffic on the internal network can be seen by the modem Mitigate by using IPSec on the internal net Multiple IP addresses on individual NICs works poorly on some operating systems Each internal host must have its IP address assigned "by hand" DHCP requests may find their way to the ISP The gateway must be able to perform IP Forwarding and NAT Nothing prevents an internal machine from bypassing the gateway

Dual NIC plus hub

This is the design when we have two network cards for the gateway machine, and we have a hub or switch.

Figure 2: Dual network card plus hub diagram
$\begin{figure}\begin{center} \leavevmode \hbox{%% \epsfysize =4in \epsffile{dual-nic-hub.eps}} \end{center}\end{figure}$

The machine we will use as our gateway is the tower in the center.
We connect the modem to the first network card in the gateway, and arrange for that to obtain its IP address from the ISP. The second network card is connected to the hub, and is given our internal 10.10.13.1 address.
We connect the laptop to the hub and give it an IP address on the internal network. In the diagram, that is 10.10.13.2. We then set the default route for the laptop to 10.10.13.1, the internal address for the gateway.

Dual NIC plus hub benefits

Some benefits of this design are as follow:
Multiple hosts on the internal network Unlike Single NIC, internal hosts can use DHCP to obtain internal IP addresses This assumes that the gateway, or some other internal machine, is a DHCP server All Internet traffic must pass though the gateway The gateway can then be used as a firewall

Dual NIC plus hub drawbacks

The gateway must be able to perform IP Forwarding and NAT

Dual NIC

This is the design when we have a two network cards for the gateway machine, and we do not have a hub or switch. This requires a cross-over cable. Also, we are limited to two machines on the network.

Figure 3: Dual network card diagram
$\begin{figure}\begin{center} \leavevmode \hbox{%% \epsfysize =4in \epsffile{dual-nic.eps}} \end{center}\end{figure}$

The machine we will use as our gateway is the tower in the center.
We connect the modem to the first network card in the gateway, and arrange for that to obtain its IP address from the ISP. The second network card is given our internal 10.10.13.1 address.
We connect the laptop to the second network card with a cross-over cable, and give it an IP address on the internal network. In the diagram, that is 10.10.13.2. We then set the default route for the laptop to 10.10.13.1, the internal address for the gateway.

Dual NIC benefits

Some of the benefits of this design include:
No need to possess a hub, switch, or router Unlike Single NIC, internal hosts can use DHCP to obtain internal IP addresses This assumes that the gateway, or some other internal machine, is a DHCP server All Internet traffic must pass though the gateway The gateway can then be used as a firewall

Dual NIC drawbacks

Some of the drawbacks of this design include:
The gateway must be able to perform IP Forwarding and NAT Only one internal machine can be used A cross-over cable, rather than a normal cable, is required

Hardware router/firewall

The final option is to use a hardware router/firewall solution.

Figure 4: Hardware router/firewall diagram
$\begin{figure}\begin{center} \leavevmode \hbox{%% \epsfysize =4in \epsffile{hardware-router.eps}} \end{center}\end{figure}$

In this scenario, we connect the modem to the router. The router obtains the IP address from the ISP. The internal side of the router assumes the IP address 10.10.13.1.
Both the desktop and the laptop are given addresses in the internal network range (10.10.13.2 and 10.10.13.3, respectively, in the diagram). The desktop and the laptop have their default route set to the internal address of the router.

Hardware router/firewall benefits

Some of the benefits of this design include:
NAT and ipforwarding are handled automagically The CPU time on the desktop is not burdened with performing gateway duties

Hardware router/firewall drawbacks

The number of internal machines may be limited by the DHCP implimentation

Conclusions and Thoughts