Router best having two NICs, is that true?

DaveQB · 05-27-2010, 10:42 PM

Hi all.

I am considering moving to a software (ebox/pfSense/Zeroshell etc) based router.

It fits well to have 1 NIC connecting to your modem & the other to your switch & network. It seems to make sense it is more secure, but is it?

If I assign the 1 NIC in my router 2 IPs, a subnet for the modem and a subnet for the LAN, how is the different?

I can't think exactly what it is. I am no network guru and probably missing something down at a lower networking level, but for a home router, does 1 or 2 NICs make any difference?

Thanks.

rhoekstra · 05-28-2010, 01:17 AM

The easiest thing to approach is to think of what will happen if one nic is serving two networks..
Traffic destined for one network (read: subnet) will be sniffable on the other. vice versa, your internet connection will be clogged with broadcast packages from your local network, being visible to the internet provider. Being paranoid, you don't want that to happen. Physical separation is the best approach to provide a plain, easy, understandable infrastructure.

But back to your question.. can you elaborate on why you want to go with this approach, or is this merely a study case for you?

DaveQB · 05-28-2010, 02:32 AM

Hmmmm I see, I see.

I thought it would be something like that.
How likely someone on the "outside" trying to come in from the modem will be able to gain access to LAN packages?

Well looking at small hardware, like my Marvell Sheeva plug. Could be a great router, but only have 1 NIC.
I could by an Apple USB to Ethernet Adapter, but that's $40 I am trying to save

rhoekstra · 05-28-2010, 02:54 AM

I see..

Well there isn't a reason technically why it shouldn't work with one nic (you might need to fiddle with ICMP redirection prevention, though).

There's one thing though.. how does the router achieve it's outside IP ? if that is through DHCP, and you want your workstations to use DHCP as well, there's a real issue there.. on one physical network (serving one or many subnets) you cannot have multiple DHCP servers. Well technically you can, but you won't be able to tell which DHCP server is going to win the workstation, and your internet provider won't be fond on serving multiple outside IPs to your workstation....

Then again, your local DHCP server will be local and thus quicker (less round-trip), so it COULD be that the workstations will always pick IPs from the local DHCP server... but you'd have to make sure that the router gets its own IP from the provider...

If the configuration is static and the internet provider does not respond to DHCP requests, you'd be safe.

DaveQB · 05-28-2010, 03:03 AM

Thanks.

Yeah never had any issues there. My modem gets my static, external IP. Then it is static set an IP on my LAN. Then my Sheeva Plug runs as DHCP server for my LAN using dnsmasq.

I think I am safe with rgards to DHCP.

I think $40 is worth a little extra safety blanket (and probably much easy configuration.)

Thanks.

scheidel21 · 05-28-2010, 07:31 AM

Really having two IP networks running on one physical network really can cause problems. Two NICs is the easier route. BTW how do you like the SHeeva Plug I've been thinking of some things I could do with one of those.

DaveQB · 05-28-2010, 08:23 PM

Thanks.

I think I will go ahead with purchasing the Apple USB-to-Ethernet adapter. Seems well supported and performs well.

The Plug is nice. Very cool little device. I am finding it hard to find uses for it. So far it is just my DNS/DHCP server and Nagios network monitor. Maybe it will be my VPN server too. Low power, so good to use instead of a full on desktop/server if you can to save on electrical bill.

I think I might get another or a guruplug

http://www.globalscaletechnologies.c...ugdetails.aspx

Or this:
http://www.fit-pc.com/web/fit-pc2/fi...pecifications/