For those of you who wish to push the limit, connecting your home LAN to the Internet is becoming more practical, though it is not cheap ... yet.

First of all, this idea is probably of interest only to people with intimidating geek codes (http://krypton.mankato.msus.edu/haden/geek.htm), but if the idea strikes your fancy, read on!

Second, I'm a Unix type of guy. I'll be writing from that perspective. Most old geezer geeks favor Unix for networking; if you know Unix, you'll know what I'm talking about.

Third, this column is about not doing Windoze. Enough said.

As it is in the office, not everyone at home is a geek. You'll most likely need to accommodate several different types of ``playstations'' at home. Running Linux on your home gateway is quite nice because you can handle so many protocols on it. Linux supports about every LAN protocol for micros that you can think of in two minutes or less. From Appletalk to NetWare to Samba, you can do it with Linux.

You'll need the usual hardware: network interface cards (NICs) for each machine, ethernet cable (10baset is good), a hub large enough for the number of ports you'll need, plus a couple extra, and a box you aren't doing anything with to act as Internet server and gateway/firewall.

The first thing is to setup the individual machines as their users want them. Install the NICs and connect them to your hub. Each machine's operating system will require its own network configuration to recognize other hosts. Obviously, some do this better than others, but few do it as well as Unix/Linux.

While you don't have to have a server-based network, if you want to connect your LAN to the Internet, it is practically required. You'll have to have some machine that is responsible for routing the packets to and from the Internet. Linux makes a terrific packet router, and you should read the Ethernet HOWTO and Net3 HOWTO for more details on this configuration. I'll just gloss over some administrative concerns; you'll have to read up on the installation and configuration details for yourself.

Linux out of the box is not the most bulletproof security-wise; other Unixes or OSs are possibly better, but Linux and Unix are certainly battle tested. And after you configure your server properly with the necessary security features, such as TCP wrappers, shadow passwords, a password authentication module, packet filtering and so forth, your home server will be pretty darned safe. Your home server may attract the occasional attack, but unless someone in your household has aggrivated a cracker who carries a grudge, you probably won't need military-grade security. If you are a good sysadmin and upgrade those packages with security holes on schedule, your home will be adequately secure from all but very sophisticated attacks. You'll be spending most of your time helping your kids play Duke Nukem 3D anyway.

At this point in time, maintaining a 24-hour connection to the Internet will probably cost you at least $200 a month. I've seen dedicated 14.4Kbps modem connections for $150 or less, but this is sort of scraping the barrel. Especially when you can connect at 28.8Kpbs on a non-dedicated basis for less than $20 a month. If you have the budget, a dedicated frame relay connection can be had for about $250-$1500 a month at speeds from 56Kbps to 1.5Mbps. A dedicated T1 might cost you between $400 to $1500, depending on speed, and that does not include your CSU/DSU hardware expense: probably another $1000 or so.

Another possibility is co-locating your server with your Internet provider. Thus, you can have your dedicated modem or ISDN connection, but you get to maintain your server remotely. Again, Linux does well with remote administration. However, the ISPs usually make it slightly less expensive for you to connect to their servers with dedicated modems than to your own co-located server, but if you do co-locate, you have greater control and discretion over your server's configuration.

Unless you have a deep wallet, you'll probably want to configure your server for on-demand dialup access to one of your ISPs modem banks. In the future, the cost structure will probably allow affordable dedicated T1 lines to your home. Bandwidth appears to be moving in only one direction--up!

The actual details for creating your own network with its own firewall and gateway will largely determine how secure your LAN is. You have to do it right; make a mistake, and may have at least one hole. Read your HOWTOs and FAQs, and ask someone from the LINUX-Net mailing list to test out your firewall. Find out about S.A.T.A.N. and COPS. Hang out in #linux on the IRC chat rooms and get to know the seasoned sysadmins. They're a wealth of knowledge.

I'd keep PCs with sensitive information on them disconnected until your get the firewall and gateway configured properly.

The simplest configurations are usually the best. Don't run more daemons than necessary. Find a substitute for Sendmail (Sendmail traditionally has more bugs than Indiana Jones did in the Temple of Doom. I hear good things about Qmail.) Keep abreast of CERTs and unix.security.announce posts. Upgrade buggy packages as often as necessary.

There are some good packet sniffers available for Linux. This will also tell you where your kids are spending their time on the Internet. You can configure filters for ``suspicious packets'' that will tell you about attacks.

Naturally, you'll want to scan your logs and ensure that no one else is becoming root. If someone is becoming root, it's likely they'll modify the logs to hide their ``footprints,'' so I'd be aware of any mysterious changes in log size. Also, you'll want to make sure there are no daemons running that seem peculiar or ``modified.'' You'll probably also want to make sure no ``extra modules'' are running in your kernel, and that the ones that are running unmodified. Verify each user account yourself periodically. Stay in touch with other sysadmins, because they're your most important resource now. Read everything you can find about network security.

For those of us who want to control our own networks without all the hassels and heartaches of a very large network, administering your home network can give you quite an adventure. Your own webserver, ftp server, and gopherspace can sit quietly under your desk for all the world to visit. As a NetGod, you can sit in your throne with a mouse in one hand and the TV remote in the other, tweaking performance while watching ``Seinfeld.''