If you are like me and need to have remote access to your systems over your broadband connection then you should carefully consider the type of firewall you have securing the connection.
Most isp supplied firewalls and routers provide varying levels of functionality in the form of port forwarding/dmz access but these can be tricky to configure and miss some of the advanced features like Ipsec which are useful for secure "on the road" remote access.
A few years ago I worked for a Service provider that used Netscreen firewalls for CPE, and it was here that I discovered the powerful features that make the smaller models ideal for soho environments.
My home firewall is an older 5GT model that I picked up a few years ago on eBay for around £60 although there are now various flavours including an ADSL and Wireless model.
The 5GT has five 10/100 ethernet ports one for the internet side and four for the LAN in standard trust/untrust mode, for simplicity I would have opted for a cable broadband connection with ethernet hand off and enabled dhcp on the Netscreen untrust port to obtain the public ip address, however there is no cable availability in my area so ADSL and PPPOE (ppp over Ethernet) was the only option.
I obtained a second hand adsl modem/router from ebay that supports RFC 1483 ADSL Bridging mode to terminate the line and provide an Ethernet port for my netscreen to connect to the isp with pppoe.
The next problem you will have is finding a good broadband provider that supports pppoe because as you may know pppoa(ppp over atm) is the typical encapsulation for UK adsl connections.
After a false promise from TalkTalk and a few hours troubleshooting they admitted they didn't support pppoe and that their salesmen would "say anything to get a sale" - so I promptly cancelled.
I looked into BT as I know they support pppoe on all of their broadband offerings however I found them pricey and in the end opted for Post Office Broadband which unofficially resells BT Broadband under their own banner but at their own prices.
I know have my Netscreen providing the following services -
- Ipsec dialup vpn for on the road remote access to LAN devices and NAS
- Voip media proxy using SIP ALG to ITSP
- Sip access to Asterisk PBX when on the road.
- Ssh access to Linux servers from Internet
Jab
