Last night I thought about the function of router of my server, and I summarize them below.
1.The server must support packet forwarding function, which is the basic function of a router. To move a packet from ethernet 1 to 2, or vice verse vice. Interestingly, the ethernet connected to the public network would be a host of the wide area network, and the ethernet connected to my private network would be the gateway of my private network.
2.The sever must provide PAT function. Beside this server, I have other hosts and I assigned private IP addresses to them. So to let them be able to access the Internet, PAT is the first-of-choice (because I have only dynamic public IP address). Consequently, the PAT function must be enabled on the server.
3.I need to access anyone of my host in the private network (behind the server) via SSH, Apple Remote Desktop, etc. So these hosts in the private network would behave like a SSH server, and so on. Although the PAT allows hosts in private network to exchange data with the wide are network, as SSH server, web server, PAT is not able to make them be accessed from the wide area network. This is due to the fact that PAT would change the port. For instance, the web service 80 port would be changed to a random port number between 1024 and 65535. As a web server, this is not-acceptable. Same issue exists for SSH server (port 22). To fix this issue, I think I need the port forwarding function. So the third function must be enable on the router / server is port forwarding.
(
Still investigating, and it seems like the PF function of BSD could do something for this)
Below is my network topology:
WAN > (ethernet 1) Server / Router (ethernet 2) > switch (to connect some hosts) [subnet 1] > router 2 (to split the private network into 2 subnets) > other hosts [subnet 2].
4.DHCP function on server is recommended to be turned on. I about to connect two APs to subnet 1, and these APs are for wireless devices, like smart phones, iPads, Androids, MacBook Pro, etc. So to assign IP address by DHCP is recommended. For hosts connected to subnet 2, I plan to use static IP and these hosts are wire-connected hosts like iMac, Win, Linux, printer, etc.
(
This issue has been figured out)
5.My ISP assigns me public IP address via PPPoE. So anther must-enabled feature of the server is that, the server is able to dial PPPoE automatically. Occasionally, I need to reboot or turn off my server / router, and if I had to dial PPPoE manually, things got complicated. For instance, if I am not at home (server / router is at home), and away from my home thousands of miles, once I reboot the server / router, the connection breaks and I am about to lose the access to the server / router. All private network will down if this happens.
(
This issue has been figured out)
6.The server has to update the dynamic IP with my registered domain periodically. The reason for this is that my public IP address changes over time (several hours to a week, maybe). If I want to access my server from WAN via domain, I need to match the public IP and the domain. Domain is fixed, but IP is changing. So I have to update the info (IP and domain matching) in my name server (the name server is provided by
http://freedns.afraid.org/).
(
Still investigating, and it seems like that a cron job script would resolve this issue)
PS: The freedns.afraid.org site is hosted by FreeBSD, and the DNS service provided by it also is via FreeBSD.
I would update this post if I get new ideas.