Linux based n-way router?

Fraser Campbell fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Fri Sep 24 16:08:58 UTC 2004 

On Friday 24 September 2004 08:09, Scott Allen wrote:

> I'm thinking of using Slackware Linux and the FireHOL iptables
> generator script, since my experience with both has been quite
> positive. FireHOL looks like it would make it easy to set up and
> maintain all the "virtual" routers required (see:
> <http://firehol.sourceforge.net/> ).

Linux distro is pretty much irrelevant for a firewall although you'd probably 
want to avoid those that are targetted to the desktop.

I looked at firehol right now (for about 60 seconds) didn't like the looks of 
it.  That's probably just because I'm used to shorewall and it's config 
files ... I'm sure firehol is capable, it's probably best to go with what 
keeps you comfortable, once deployed I expect you'll rarely be changing 
firewall rules anyway.

> We would like to have all workstations configured from a DHCP server
> (plus whatever Windows domain configuration is required) on the
> backbone. This means the router whould have to be a DHCP relay agent
> (and more?).

That shouldn't be a problem, as far as I recall it's "dhcrelay -i eth0 
server", once for each interface, if the networks share a common dhcp server 
then one instance of dhcrelay should do the trick.

> Any suggestions on what hardware would be required? There seems to be
> a few sources of quad and 6 port ethernet adapters, and I've read
> that at least Intel and D-Link ones have Linux drivers.

There are 4 port cards from DLink we had pretty good luck in the past with 
DFE570TX but chances are you can't get that anymore.  There's a new one (580) 
based on the sundance driver, the old one was tulip (or de4x5).  We've had 
some duds from both batches but overall I think the 570s were better.

I think Syskonnect makes 4 port gigabit nics, they are probably pricey but I 
expect they're good.

You should consider throughput.  I'm sure today's normal PCs are capable of 
saturating many 100Mb networks, Gigabit I am not so sure ... there is 
probably a bottleneck in there. I'll leave the math for others though since I 
have absolutely no idea ;-)

Someone else already mentioned this but I'll add it as well, build 2.  2 
identical systems with heartbeat makes failover trivial, it will save you a 
lot of stress.

-- 
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org>                 http://www.wehave.net/
Georgetown, Ontario, Canada                               Debian GNU/Linux
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list