Gateway project networking help
Posted: 2019/11/23 18:51:00
Dear all,
I have been striving to build myself a "better mousetrap" in alternative to the (good, but deficient) setup I have at home. I wantt this gateway to be dual-stack IPv4/v6; however for reasons known only to my ISP I can not subdelegate any more prefixes from my IPv6 subnet. My goal, given my ISP's ONT terminal has several weaknesses - namely, the aforementioned nonroutable prefix (about which I can not do anything about) and that the router it provides is prone to freezing, its built-in dhcp is unable to provide more than class C IPv4, and IPv6 drops altogether under load - is to create a no-frills dual stack firewall /gateway, but in order to do that I need also IPv6 connectivity. This is what I envision:
Internet ---> ONT ---> CentOS Box --->Switch to my LAN
The means by which I want to do that is through a dual NIC where port A will be ONT facing and port B will be LAN facing.
Services at port A: Web + TV + VoIP -- These remain as they are and are "outside" the projected gateway, which is just to provide the reliability that my ONT does not have. It can handle the IPTVs and the VoIP, but I will be taking control of my network, thank you very much. So to do this I was thinking about a virtual bridge comprising port A and B of the dual MAC adapter (since packet forwarding from port A to port B is, essentially, nonfunctional for me). The idea is to have it dual homed, though: Port A will receive its addresses from the ONT box, whilst port B will host DHCP v4 / v6 and DNS, everything secured via firewall of course.
This long introduction is necessary because I do not know for sure how to make the kind of bridge that I described above. Do I create a virtual bridge comprising the dual-NIC card and two virtual adapters, one outward and one inward, or is there a different kind of method to it?
Thanks in advance.
I have been striving to build myself a "better mousetrap" in alternative to the (good, but deficient) setup I have at home. I wantt this gateway to be dual-stack IPv4/v6; however for reasons known only to my ISP I can not subdelegate any more prefixes from my IPv6 subnet. My goal, given my ISP's ONT terminal has several weaknesses - namely, the aforementioned nonroutable prefix (about which I can not do anything about) and that the router it provides is prone to freezing, its built-in dhcp is unable to provide more than class C IPv4, and IPv6 drops altogether under load - is to create a no-frills dual stack firewall /gateway, but in order to do that I need also IPv6 connectivity. This is what I envision:
Internet ---> ONT ---> CentOS Box --->Switch to my LAN
The means by which I want to do that is through a dual NIC where port A will be ONT facing and port B will be LAN facing.
Services at port A: Web + TV + VoIP -- These remain as they are and are "outside" the projected gateway, which is just to provide the reliability that my ONT does not have. It can handle the IPTVs and the VoIP, but I will be taking control of my network, thank you very much. So to do this I was thinking about a virtual bridge comprising port A and B of the dual MAC adapter (since packet forwarding from port A to port B is, essentially, nonfunctional for me). The idea is to have it dual homed, though: Port A will receive its addresses from the ONT box, whilst port B will host DHCP v4 / v6 and DNS, everything secured via firewall of course.
This long introduction is necessary because I do not know for sure how to make the kind of bridge that I described above. Do I create a virtual bridge comprising the dual-NIC card and two virtual adapters, one outward and one inward, or is there a different kind of method to it?
Thanks in advance.