Daperture

Since my Service Electric/Prolog/PTD in the Lehigh Valley limits bandwidth to 7Mb down and 800Kbit up with a 50G cap per month, I canceled my limited basic television and got business class cable internet for $59.95/month + taxes versus the $55 (inc taxes) I was paying. To explain the $55/month rate, I got grandfathered in for $30/month internet as I had a customer supplied modem + $18 limited basic cable and the other misc fees. However, since no one in our home watches TV, i got rid of the TV services and upped the internet.

One of the interesting things about the Service Electric internet service is that they give you two IPs, so that two devices can get an IP from the cable modem. My observations show that each IP gets around 800KB/sec down and 200KB/sec up. With 2 IPs, one can theoretically double up on the bandwidth available.*

Gear

• Linksys WRT54GL Router - $60 (@ newegg)
• GE DECT Skype Phone - $230 (I got mine for $110 before amazon raised prices on these)
• 2x Extra Ethernet cards (Netgear r8169 chipset nic) ~$10-15 each (@ newegg)
• Powermac G4 Dual 1.25 w/ 2GB ($175 off of craigslist, but almost any old PC will do)

Software (all free!):

• Debian Linux 5.0 w/ Shorewall
• Tomato

Topology

• Cable Modem ethernet port attached to WRT54GL WAN port (4)
• WRT54GL Ports 1(3) & 2(2) connected to Powermac's eth0 & eth1.
• WRT54GL Port 3 & Powermac's eth2 connected to a switch and other computers

To explain the topology:

• WRT54GL is acting only as a psuedo managed switch and a wireless bridge. No routing done here.
• Powermac with 3 ethernet interfaces is the router connecting to 2x ISPs/PTD doing the heaving lifting, routing, traffic shaping and firewalling.

Linksys WRT54GL Configuration & Explanation
The linksys WRT has 5 ports. 1x WAN & 4x LAN. These ports are actually arbitrary ports that have been vlan'd to create a wan and lan segment. It is trivially possible to switch around these ports as desired. I have made the WAN,1,2 into a switch for the WAN segment. Ports 3 & 4 are set to be the LAN as well as a bridge to the wireless interface.

It would be simple to add a small switch to connect the WAN devices but that would add to the clutter of devices, wires, plugs and mess that generally is the internet setup. The solution is to minimize the hardware and set the WAN,1,2 to be a 3 port switch connecting the Cable modem and 2 interfaces of the Powermac. It is possible to setup the tomato router to connect to the 2 interfaces, but I like having a router with some weight to handle other activities.

Tomato Installation
-Install tomato onto Linksys WRT54GL. Download and extract appropriate firmware from http://www.polarcloud.com/tomato and do a firmware update in the web interface of the router.
-Disable WAN interface
-Turn off Telnet access
-Turn SSH access on & start ssh at boot.

How to move ports to the WAN vlan on the WRT54GL

1. Goto Administration -> Scripts in the tomato webinterface
2. Select the "Init" script.
3. Copy & paste the following lines:
   
nvram set vlan0ports="0 1 5*"
nvram set vlan1ports="2 3 4 5"

4. Save & Reboot!

vlan0 is the LAN
vlan1 is the WAN

The internal numbers do NOT match the external port numbers. Here is a mapping

Internal NumberNumber on Outside PlasticDescription

0LAN 4

1LAN 3

2LAN 2

3LAN 1

4WAN

5N/ATrunking port assigned to all VLANs

Following the above grid you can edit the init script as you please to add and remove interfaces from the LAN and WAN vlans.

Install Debian

Install & Configure Shorewall

-------------------
*This is bandwidth available, this doesn't mean that a single transfer can reach 1600KB/sec down, but multiple transfers in aggregate can reach those speeds.