Re: One network card many rj45 sockets

To: David Christensen <dpchrist@holgerdanske.com>
Cc: debian-user@lists.debian.org
Subject: Re: One network card many rj45 sockets
From: Dan Ritter <dsr@randomstring.org>
Date: Tue, 19 Jan 2021 17:35:53 -0500
Message-id: <[🔎] 20210119223553.GE31330@randomstring.org>
In-reply-to: <[🔎] c5bf11c9-9647-2b61-72c9-3ad93cf70598@holgerdanske.com>
References: <37b84cbcca34b450bf09e2e32dd12ee0.ref@gmail.com> <[🔎] 37b84cbcca34b450bf09e2e32dd12ee0@gmail.com> <[🔎] 20210119142242.GC31330@randomstring.org> <[🔎] c5bf11c9-9647-2b61-72c9-3ad93cf70598@holgerdanske.com>

David Christensen wrote: 
> On 2021-01-19 06:22, Dan Ritter wrote:
> > 
> > My firewall (yes, it runs Debian) has an Intel 4x 1gig ethernet
> > card in it, as well as the 1 gig port on the motherboard. Each
> > is completely independent, so I have:
> > 
> > - one connection to the public Internet
> > - one connection to my switched network of wifi access points
> > - one connection to my general wired network switch
> > - one connection to my remote power switch
> > - and a free connection for the future.
> > 
> > Each of these has one or more different IP addresses, including
> > IPv6 on three ports, and packets are routed between them and
> > blocked by the firewall.
> 
> On 2021-01-19 08:40, Dan Ritter wrote:
> > [The remote power switch] can turn on and off a set of wall outlets,
> > to which other computers are attached. In other words, if the firewall
> > is running, I can power-cycle several other machines.
> 
> 
> I assume your Wi-Fi, LAN, and remote power switch interfaces are on
> different network segments (?).
> 
> 
> Do you have use-cases that require or benefit from this, or could you
> replace the 4-port NIC with a 1-port NIC connected to a switch connected to
> all of the inside devices (AP's, clients, servers, power gateway, etc.)?

The remote power switch doesn't have to be directly attached;
it could be attached to the switch that the general wired
network uses. However, it needs to be fully functional with just
the firewall being alive -- the idea is that if I can get into
my firewall, I can deal with a hung server.

The APs are deliberately separated from the wired network:
nothing on an AP is trusted more than the general Internet,
except that they get to see DHCP, DNS, NTP and a printer.

All the wired devices trust each other a bit more; there are
some NFS mounts that allow an entire subnet to read from them,
for example.

So I could drop down to a 2-port NIC, using 3 total and not
having any spares, but I already have this setup, and it's been
running nicely since 2014. I spent about $250 on it, including
some parts I had lying around, and with luck it will last until
something better than gigabit fiber comes to my neighborhood
with nothing worse than a power-supply replacement for $40 or
so. The best part is that it runs straight Debian, AMD64, so
unlike all the SOHO routers, it stays up to date.

-dsr-

Reply to:

Follow-Ups:
- Re: One network card many rj45 sockets
  - From: David Christensen <dpchrist@holgerdanske.com>

References:
- One network card many rj45 sockets
  - From: mick crane <mick.crane@gmail.com>
- Re: One network card many rj45 sockets
  - From: Dan Ritter <dsr@randomstring.org>
- Re: One network card many rj45 sockets
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: One network card many rj45 sockets
Next by Date: Re: One network card many rj45 sockets
Previous by thread: Re: One network card many rj45 sockets
Next by thread: Re: One network card many rj45 sockets
Index(es):
- Date
- Thread