Why?
Why did I set things up the way I did? After all there are dedicated hardware firewall solutions that run about US$250.00 or so - and many for less. Yeah, and I may buy one someday but for now this has taught me a bit about doing this on my own. Hopefully I'll be better prepared to research what I want in a dedicated firewall when I go to purchase one. As far as the rest (mail, web, etc.) I find my setup very useful for learning. In effect I'm a small ISP. I'm now much better at setting up Apache for virtual hosting (something I had never done before). That in turn taught me more about HTTP 1.1 and the Host: HTTP header element. I learned that sendmail is an ancient, nearly pre-historic, program that should be relegated to the history books. There are much better solutions for what I needed (relative ease of configuration being pretty high on that list).

That's the long answer. The short answer is that this is in line with what I do for a living and I like it. It's cool to get this set up for yourself. I'm certainly no expert but given how many hits I'm getting because of the Code Red and Nimda worms I'm doing better than some people.

Environment
Originally I had dialup services on a single machine that could run any of Solaris 8 x86, RedHat 7.2, or Windows 98. My wife is more comfortable in Windows and we have some peripherals (digital camera, USB scanner, etc.) that only work with Windows.

I then got a Sun Ultra 5 and wanted to allow it to have access to the net. Over a dialup line this was just ridiculous (and the morons at Qwest could only get me to 24Kb because they couldn't design a network if their life depended on it). Additionally, there was another Intel box and a laptop.

On all of these machines I wanted internet access at one time or another. Sometimes at the same time.

Enter Sprint

I had been trying to get DSL from Qwest for some time (like 3 years) but Qwest put the cheapest phone equipment that they could find into my neighborhood. I'm not an expert on telephone switches, but they had installed a "Slick" or SLC switch made by Lucent. Apparently in my neighborhood there is some sort of multiplexer that converts the copper to fiber optic and sends it to this switch. DSL from Qwest only works over phone lines that are copper from the house to the switching station. The irony is that, because my house is only a few years old (indeed, my entire neighborhood), we couldn't get DSL while houses that were older (before the advent of fiber) could.

Cable wasn't any better. Since I've lived in my house our cable has gone through three owners, the current one being AT&T (Ooops - strike that, it's now Comcast. Again, I guess they installed the cable system in as cheap a manner as possible as they don't expect to offer cable internet connections for 3 years!

So when Sprint began offering broadband connections in my neighborhood I jumped on it.

Sprint's Hardware Configuration
My Sprint installation uses a small transceiver outside my house attached to a Hybrid broadband modem. The transceiver is pretty small and not too visible from the outside. It helps that it's color is not too far off from my house color. Attached to it is what looks like normal coax wire and a grounding wire. The ground gets attached to, well, a ground (in my case the copper pipe for my sprinkler system). The coax gets attached to first a power supply and then to the cable modem itself. My run of coax is probably about 25 feet but I've seen some houses in the neighborhood that have to have 100 feet or more coax used.

The cable modem has a coax in, a 9 pin serial port that is unused in my configuration, and a 10base T output. The modem came with a crossover ethernet cable so that you can directly connect the modem to your computer without the need for a hub. I didn't use this cable for my installation.

About the only negative things I can say about this set up is that the antenna power supply and the modem are both pretty big. If you don't have alot of space they can get in your way. But these are minor issues and generally the setup from Sprint is very clean.

Sprint's software configuration
The installation comes with two static IP addresses. The modem gets an address and, for the service I signed up for, there is one IP address behind it. Sprint offers other plans with more IP addresses, but with what I describe in this document you could have an entire class A network behind this one IP address.

The modem has a DHCP server in it that gives you your IP address, routing information and the addresses of two DNS servers. The IP address that it gives out is always the same and the router is always the modem. DNS hasn't changed since I've had the service and Sprint documents the DNS servers on their support web site. I have safely ignored whatever the modem was telling me for all the addresses with no problem.

My configuration
Solaris is not an officially supported O/S by Sprint (big surprise) but it was simple to get it to work with this setup. I've got an older Intel box (PII 333) serving as the gateway between the Sprint network and my network. This box is running Solaris 8 with IPF that I use for both network address translation (NAT) and firewall services. It also runs Bind and Sun's DHCP server. Behind the firewall I've got the Ultra 5, an Intel machine that triple boots (Solaris 8, Red Hat Linux 7.0, and Windows 98 ), along with a Windows laptop. The Ultra 5 hosts Postfix (a mail transfer agent), sshd from OpenSSH and the Apache HTTP server. This machine has a static IP. The other machines get their IP's from the DHCP server running on the firewall. My internal network is a class C network using 192.168.1.0/24 for the network addresses. IP addresses in the 192.168.0.0/16 network are reserved for private networks and should never be seen "in the wild" on the internet. RFC 1918 has more information. Since I don't expect to have over 254 machines on my network a single class C address is just fine.

Next, Configuring the firewall