Re: Routing with Linux

To: "Gregory Wood" <gwood@farsweb.com>, <debian-isp@lists.debian.org>
Subject: Re: Routing with Linux
From: Burner <burner@clanpips.dk>
Date: Wed, 5 Mar 2003 20:41:50 +0100
Message-id: <20030305194152.EEFE3325.fepA.post.tele.dk@there>
In-reply-to: <IPEKJEOCOJFENCNPNAMMEEECCAAA.gwood@farsweb.com>
References: <IPEKJEOCOJFENCNPNAMMEEECCAAA.gwood@farsweb.com>

Thanks for the quick answer :)

On Wednesday 05 March 2003 18:14, Gregory Wood wrote:
> You didn't mention volume. Also, public address and firewall seems to be a
> contridiction.
>

load average is about 5Mbyte/s spikes at 10MByte/s, all traffic is webcontent.

> If the volume is small, many of the $100 USD firewall boxes will work.
> There will be some work redirecting IP through the firewall.

I choose linux for several reasons, partly because i had some bad
experiences with cheap firewalls, like random crashes and resets for no 
apparent reason, this doesn't make me feel safe.
Linux has given us little trouble so far, so why not protect the troublesome 
windows servers with a nice linux box.

>
> If the volume is higher or you just want a linux box then:
> www.linuxrouter.org -- linux router project

linuxrouter.org seems usefull for this, i'll have a look and hope it'll fit 
my needs.


> It maybe that you can port scan your network and turn off everything but
> what you really want on.
>
> Best of luck.



>
> -----Original Message-----
> From: Burner [mailto:burner@clanpips.dk]
> Sent: Wednesday, March 05, 2003 10:21 AM
> To: debian-isp@lists.debian.org
> Subject: Routing with Linux
>
>
> Hi
>
> My boos just asked me to build a Linux firewall to protect our servers, we
> have about 20 servers, all configured with only the public (internet) IP,
> and
> connected through a switch directly to our IPS's router.
> I've only build firewalls for small lan networks using NAT with
> iptables/ipchains.
>
> I've read some iptables and iproute2 howtos, but i realy do not know where
> to
> begin, i dont even know if the hardware will be sufficient. P3/800 128Mb
> ram and two good NIC's.
>
> We don't need any advanced routing like bandwith balancing etc. I just need
> to block most ports from public access and allow the servers (win) to
> update from the internet.
>
> I would like to keep the public IP addresses on the servers if possible.
>
> Maybe i should configure the linux router with all the external IP's on one
> NIC, and give the protected servers local IP addresses. then NAT the public
> IP/ports to the servers using iptables, this is a way to do it, but is it i
> good way?
>
> I would be happy to recive any hints from someone who has done anything
> like this before.
>
> //Burner

Reply to:

Follow-Ups:
- Re: Routing with Linux
  - From: Randy Kramer <rhkramer@fast.net>

References:
- RE: Routing with Linux
  - From: "Gregory Wood" <gwood@farsweb.com>

Prev by Date: Re: Routing with Linux
Next by Date: Re: Routing with Linux
Previous by thread: Re: Routing with Linux
Next by thread: Re: Routing with Linux
Index(es):
- Date
- Thread