The fact you can read this is a good sign.

My initial goal was to rebuild my home DSL server and split it between a front DSL/DMZ server and then place a NAS behind it.

Currently it does both, and it's also my linux toy box, so it runs a mix of Debian stable + security and various Debian unstable, with a complicated iptable setup to expose only a limited set of ports to the outside with plenty more services in the inside, and then with a secondary network just for the wireless that is treated as mostly insecure with WEP, MAC filtering and all sorts of goodies.

That Linux install has been around since almost 7 years now, perpetually evolving as I updated the kernel many many times, changed hardware, changed hard drives, etc. There's no much in common with the stock Linux that got installed 7 years ago, and there's probably not a single hardware component that hasn't been upgraded.

So anyway, this time I needed to upgrade the hard drives again. I could just have swapped one hard drive by another twice bigger but that didn't sound satisfactory enough. Since I have so much free time in my hands (negative numbers always look more impressive), I decided to rebuild a new server from scratch just for the NAS, and then a simpler smaller server just for the DSL and NAT.

Then I realized that I can really dispense of the separate server for the DSL and NAT, or more exactly use a Linux box that does that very well: an embedded Linux such as any of those DSL/Cable Wifi routers does exactly that. So I started looking for one.

My first choice was towards a Netgear WGT624. I like the design, the specs are OK and I'm familiar with the configuration interface since my father has a Netgear DGB834G for ADSL2+ and that works pretty well. Unfortunately, the reviews and online comments for the WGT624 are really terrible (lots of wifi disconnects or router freeze.)

Since there's ample concurrence in the domain of 802.11g gateway/routers, I continued looking online and eventually it turns out that people mostly like the Linksys WRT54GS or the Buffalo WHR-G54S. Comments have it that the latest revision of the Linksys WRT54GS is bit too cheap and most will prefer the Linksys WRT54GL (same hardware with a bit more memory). All these apparently share the same reference design and the firmware is based on Linux.

Note that generally I wouldn't care so much if it ran Linux or whatever else. However here the bottom line is that the firmware being open source has been made public and there have been at least a couple of good projects started around this code base, adding features that you may not find in the original firmware.

Anyhow I ended up getting the Buffalo WHR-G54S, which incidentally was cheaper than the Linksys, available at Circuit City online with a discount and in-store pickup. Oh and it looks much better than the Linksys massive box.

So I first gave it a try. My idea was to keep the setup the router to do the NAT, DHCP and all that, disable these services on the PC server and use port forwarding to make the other services available.

Setting up the router was easy. The first thing was to change the admin password and to close the open wifi network (brr!), then configure the LAN on 192.168.1.x (it comes on 192.168.11.x), add some DHCP static hosts and the port forwards. On the old PC server side, it was a bit harder. It took me a while to realize that clearing the iptables tables was a bad idea when it defaulted to drop rules. Then of course I had to change all the bind config to match the new network. As usual what should have taken 5 minutes took a whole afternoon.

Anyhow yesterday I had my network mostly setup, with the only problem that trying to access my web site using the external domain name would just show me the router's config page. Quite frankly, I find it really dumb that they would put the router's internal web site on port 80 (Netgear puts his on 8080). Now that the problem with Apache's virtual host is that they depend on the hostname, so fine I duplicated the virtual host to use a specific hostname that was mapped to a local network address. It worked but then Wordpress started barking at me because they name their database table using the hostname itself! Grrr... That sounded like too much hacking around the fact that I couldn't change the integrated web server's port.

After thinking about for a while, I had a look at the DD-WRT forums and found a post indicating the web server port can be changed. DD-WRT is one of the open source replacement firmware for the router. So finally this morning I bit the bullet and just upgraded the firmware (flashing the router was as easy as following the instructions).

The feature set is mostly the same with some obvious enhancements: the integrated web server can run on https rather than http (which in itself solves the port 80 issue), and most important you can ssh to the modem, view the config files and manipulate all variables in the nvram manually.

So there I have, part 1 of my new home network. Next step is the NAS and DMZ.