-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Van den Wildenbergh wrote: > Gustin Johnson wrote: >> You have two default gateways. While not necessarily a bad thing since >> a Linux box can be multi-homed, you need to do a little more work. For >> these sorts of configurations you may wish to consult the advanced >> routing and traffic shaping site, http://www/lartc.org >> > http://lartc.org/howto/ > found it will read today... Thx! >> >> I also do not usually use IPCop in these more complex situations though >> I am sure it is capable. > I've been using it for ~8 years, know/understand it, love it, but it's > getting older... >> 1) Vanilla Linux install, usually Voyage (Debian) or Ubuntu server, >> pretty much doing all the things found in the lartc guide. >> > Not enough FW knowledge to do this >> 2) Microtik RouterOS >> > Never heard off will check it out on google
It is a commercial OS (based on Linux with their web management layer). It usually comes with some of the gear that I buy. Pretty slick but you still need a solid understanding of more advanced routing and filtering techniques. >> 3) Vyatta & 4) pfsense/monowall >> > Tried it but it's not as 'easy' as IPcop. (me lazy) I like the management interfaces so that I do not have to write every rule by hand. Iptables may be awesome, but it can get tedious. I am trying out "Untangle". It is a mix of open and proprietary (like Astaro but more modular), it is missing some of the advanced proxy stuff that I know and love, but is a slicker web interface. >> I do not really see the point in having a green *and* an orange network >> on the same VM server. > I've been debating that one a couple of times. > On the inside will be an NFS/SAMBA/CUPS/fax server, a vm running > winBlows XP for the odd program that requires it. > On the outside servers for qmail, apache + a VM talking to limewire (for I would keep it all in the "orange", slightly harder to configure, but easier to maintain. Of course the problem here is that you are limited to the throughput of the IPCop box since all packets will then traverse it. > the kids) and a VM with a 'gotoMyPC' solution (echogent server - > http://www.echogent.com/products.htm) Cool project, will have to look in to this further. > > My reasoning was that if one of the orange ones get hacked, they can > 'attack/see' the other orange VMs fairly easy, but cannot get to my > 'private' green VM as fast ... > Sure, in this case you do not need to specify a gateway for the green network. The interface can see anything on the same subnet and will communicate with it directly. For anything where the destination is not part of your subnet, it will pass the packet off to the default gateway, so this is why you only really need one gateway. > It is all more an exercise and proof of concept than anything else. > The box a Dell 1950, has 2x xeon processors (8 cores total), 5GB ram, > and a jbod of 1.2 TB in a raid 6 Minor jargon correction, JBOD and RAID are different. JBOD is similar to RAID in that you have a single logical volume spanning multiple physical disks, but with none of the redundancy of RAID 5/6. > Something I picked up from a bankrupt company... found it a waste to > have it just sit there ... > You were the victim here really. It does seem a shame not be doing something useful with such hardware. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqZf5wACgkQwRXgH3rKGfPiTwCgneVW/XXxOancwRq0msZmovbE WGoAn2XGQAUc6Ez0vevXdcpmZG3znk4r =+fuR -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
