Tag Archives: router

pc engine – pfsense as router / firewall

Posted on by No Comments ↓

download (1)Just built a pfsense router on  a pc engine to replace my aging 7390 fritzbox…. Very very awesome and fast!

Perfect for UFB (ultra fast broadband) here in New Zealand – FTTH has arrived :)

I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD);

  • dhcpd – DHCP server
  • miniupnpd – UPnP server
  • ntpd – NTP server
  • squid – Transparent Proxy & Reverse Proxy
  • snort – IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
  • ssd – SSH server
  • unbound – DNS Server
  • ipsec – IPsec VPN (site to site VPN)
  • openvpn – Open VPN (client VPN)

Check these links for some great advise…

https://mateh.id.au/2014/09/build-awesome-apu-based-pfsense-router/

http://www.smallnetbuilder.com/other/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense

http://homeservershow.com/building-your-own-super-router-with-pfsense-and-untangle.html

Grab hardware here – http://www.pcengines.ch/apu.htm

IMG_5305

Cisco – adding a static route to router

Posted on by No Comments ↓

To show what routes your cisco router currently has loaded type the following command (from the enable prompt) ;

show ip route

To add any new static routes you need to use the following command (from the config terminal prompt) ;

ip route 10.10.20.0 255.255.255.0 192.168.100.1

the syntax as above is ip route network netmask gateway


Router on a stick – Adding VLANs to a cisco router

Posted on by No Comments ↓

Telnet to your cisco router, enable then go into config t. Passwords may be required depending on how it has been configured…

en

config t

Ensure that ip routing has been enabled…

ip routing

To create the VLAN adapter you’ll need to run the following commands to create a “router on a stick”…   Note: the .2 after the interface name creates a virtual adapter on the interface.

interface FastEthernet1/1.2
description “VM Host Network”
encapsulation dot1Q 2
ip address 172.25.2.1 255.255.255.0

The following is another example of a VLAN (110) on a router. This one has the ip helper-address (DHCP server) specified for this range.

interface FastEthernet1/1.110
description “Ak IDN”
encapsulation dot1Q 110
ip address 172.25.20.1 255.255.255.0
ip helper-address 172.25.20.15

That is the router side of things setup. Remember to save your changes via…

copy run start

Now you’ll need to add the VLAN to your switches. If you have VTP in your environment its as simple as adding the extra vlan onto your “server” vtp switch. Telnet (or null cable) to your “server” switch and go into “enable” mode, then go into the vlan database and add the required vlans as per above…

en

vlan database

vlan 2 name “VM Host Network”

vlan 110 name “Ak IDN”

VTP will propagate the vlans out to your client switches. Done.

Virtual Appliance – Virtual Router

Posted on by No Comments ↓

This is quite a handy app for creating small virtual routers. See the website for more detail… The commandline is similar to cisco – so its good for practice if you are going for your CCNA.

http://www.vyatta.com/products/virtualized.php

Oh – its open source and free!

I’m a bit lazy in most cases and just add a few virtual nics into my VM’s and do the routing though them. But some people may find this handy for a single point to manage networking.