Building a Home Network

Kent Reuber
reuber@stanford.edu
Outline
 Will focus on physical layouts. Hard
to get very specific.
 Too many OS versions and network
hardware combinations.
 Example network layouts.
 Example home network components.
General recommendations
 Buying things:
 Ask questions (e.g., Expert Partners list) before you
buy. Have a goal…
 Check online to see if manuals are available.
 Buy stuff that you can return, if possible.
 Use dedicated hardware (e.g., print servers,
broadband routers) rather than software
 Dedicated hardware is more robust and simpler to
operate.
 Don’t have to depend on a computer being up.
Networking shopping list
 Necessary or highly recommended:
 Internet Service Provider (ISP).
 Broadband (NAT) router.
 Print server or network printer.
 Cables.
 Optional:
 Wireless access point.
 Wireless repeater.
 Small hubs/switches.
 Web cams, …
Network addressing
 All IP addresses within the
network must be unique.
 Check your docs for
subnet mask and gateway.
 Most broadband routers
have DHCP servers, so
you don’t have to manage
addresses manually.

“All I did was to ask for her

IP address.” (IT Guy comic)
Broadband routers
 Broadband (NAT) router
 Hides network from
the outside world
using NAT.
 Connections:
 WAN Ethernet
QuickTime™ and a
TIFF (Uncompressed) decompressor interface for
are needed to see this picture. connection to ISP
equipment.
 Ethernet LAN
interface(s).
 Usually also has
wireless.
What is NAT?
 NAT = “Net Address Translation”
 Several different methods. For the gory details,
see RFC 1613.
 Most frequently encountered method is the one
used in home broadband routers which “hide” an
entire non-routable network range behind a single
routable “public” IP address.
 Ref: Bill Dutcher: “The NAT Handbook” (Wiley)
Why would you want to use
NAT?
 Allows you to buy a single IP address from your
ISP and share that address among a large number
of devices. (May save $$)
 All devices on the local network can access the
Internet at the same time, though the bandwidth is
shared.
 Firewall:
 Outside hosts can *reply* to hosts behind the NAT
router.
 Inside hosts have to initiate the connection.
 Note: there are some ways around this.
NAT router setup
 NAT routers are given two
IP’s addresses:
 1 non-routable (LAN -- you)
 1 routable (WAN – ISP)
 Machines on LAN side get
special non-routable
QuickTime™ and a
addresses (usually 10.*.*.* or TIFF (LZW) decompressor
192.168.*.*). are needed to see this picture.
 No IP addresses in these
ranges are routed on the
Internet.
How NAT works
 Normal routers maintain
source and destination IP
addresses from end-to-end.
QuickTime™ and a
 NAT routers change IP TIFF (LZW) decompressor
are needed to see this picture.
addresses and port.
 Outgoing packets appear to
come from the NAT router’s
public address.
 NAT routers keep track of
each “flow” so that replies
can be returned.
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
How NAT firewalling works

QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.

 Suppose a host (either friendly or malicious) sends a packet to the

NAT router without the connection being initiated from the inside.
 Outside hosts can’t send directly to the hosts on the local network side
-- they have non-routable addresses!
 Since there is no entry in the flow table, the NAT router has no
idea where to forward it and drops the packet. Instant firewall!
Circumventing the NAT firewall
(if you must)
 You may want to run a server behind your NAT router.
How do you let in some traffic?
 NAT routers have a limited ability to “port forward”,
sending all traffic to a given computer on the internal net
and bypassing the flow table.
 For example:
 Send all Web traffic (port 80) to 192.168.1.3
 Send all mail traffic (port 25) to 192.168.1.5
 You can get hacked if forwarded port is running a
vulnerable service! For example, if your IIS Web server
isn’t patched, your firewall won’t help you. Always keep
services with open ports patched.
Should you use a NAT router?
 It’s your only choice if you get 1 address from
your ISP and you want to create a network.
 If you get multiple addresses from your ISP, you
don’t necessarily need one, but it’s still a good
idea.
 Examples: Stanford DSL, Stanford West, Welch Rd.
apartments.
 May want to put one or more hosts on the public side of
the NAT (e.g., file server).
 You should keep most private information (e.g., bank
accounts) on the private side.
Example home network: mixed
public/NAT setup

QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Wireless
Wireless frequency choices
 Usually you’ll want wireless 802.11b/g
support.
 My opinion: wait on 802.11n until the
standard is more mature.
 Internet access speed is usually limited
by the ISP.
 Most DSL is only 1 Mbps. Even 802.11b
won’t be a bottleneck.
 Faster 802.11g usually only matters for
transfers within your network.
Wireless network name
 A computer will be able to roam freely between
access points with the same network name (also
called SSID)
 Any of your access points should have a different
SSID than those of your neighbors.
 In most cases, all of your access points should
broadcast the same SSID.
 If you put up your own wireless on campus, it
should not use the SSID “Stanford”. Use a name
that indicates that it belongs to you.
Wireless protection
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
 Use address filters, WEP
or WPA to prevent
neighbors from using your
wireless.
 May want to use hidden
SSID (network name).
 Use encrypted protocols
(https, SSH, Kerberos,
SSL) especially in public
wireless areas.
Printing and cabling
 Print server
 Used to network a
printer that doesn’t
have a network
interface.
QuickTime™ and a
TIFF (Uncompressed) decompressor  Usually has one
are needed to see this picture.
Ethernet and one or
more parallel or USB
interfaces.
 Wireless also
available.
Cables
 Ethernet cables
 Category 5 or 5e is sufficient. No need
for Category 6.
 Only 2 pair cable is necessary for
10/100. Gigabit needs 4 pairs.
 May need crossover cables for switch-
switch connections.
 May also need USB or parallel
cables.
Other devices
Wireless access point
 Wireless broadband router without the
router.
 Usually only 1 Ethernet port.
 Use if you need more than one wireless for
coverage.
 Also useful if your broadband router
doesn’t have wireless.
 Range extenders are also available.
Hubs and switches
 Probably doesn’t matter which you use.
Unlikely that your net is so congested that
a switch would add performance.
 Switch speed is almost always faster than
your ISP, so switch speed will not be a
bottleneck to accessing the Internet.
 Always remember not to create loops in
cabling -- you must wire in a “star” shape.
Web cams
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
 Many of the new
Internet cameras have
built-in Web servers
so that you don’t need
a computer.
 Some people use
cams for security or
just to watch their
kittens…
Voice over IP (VoIP)
 Many companies are starting to sell
equipment that can place calls over
Internet connections.
 Expect lower quality voice, but you may save
money.

QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Stanford-run networks
Stanford DSL
 5 usable Stanford IP addresses.
 Network is ready to go.
 Can access resources IP limited resources (e.g., journals)
 Don’t need a broadband router, but it’s still a good idea.
 Netopia router (provided):
 Can distribute your addresses via DHCP. Good for
laptops.
 Has 4 10/100 ports for devices.
 Only routes IP.
 DNS is provided by campus servers.
 You can connect to your computer by specifying its hostname
(xxx.stanford.edu).
Kent’s Stanford DSL Network

QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Stanford West/Welch Rd.
 10Mbit Ethernet service. Not DSL!
 Way faster than DSL. 100Mbit service available.
 Up to 4 Stanford IP address for each paid jack. Can
also get additional private (non-routable) addresses for
print-servers, access points, etc.
 Like department Ethernet networks, any network
protocol that gets sent onto the wire can affect
your neighbors. Play nice!
 DHCP & DNS provided by campus servers.
Books
 “Linksys Networks, the Official
Guide”, Kathy Ivens, Larry Seltzer,
Osborne
 “Home Networking Bible”, Sue
Plumley, Wiley
Web Sites
 Stanford West/Welch Rd. Computing
FAQ:
 http://www.stanford.edu/services/stanfordwest
/faq.html
 Stanford VPN Service:
 http://vpn.stanford.edu
 Stanford DSL Service:
 http://www.stanford.edu/services/dsl/