[TriLUG] Dual-homed Internet?

bak bak at picklefactory.org
Fri Oct 22 10:03:07 EDT 2010


No way do you need a C2D in order to route a couple Mbit of traffic
around. Give it to me -- I'll trade you for the Pentium III I have
sitting in the closet. Seriously, get the lowest-powered, cheapest CPU
you can find.

Nor do you need an SSD. A CompactFlash card with an EIDE or SATA adapter
would do fine. The only thing this box ought to be writing on a regular
basis is logfiles, and you can use a ramdisk for that. Or an NFS mount
to some more permanent storage.

Webmin is awful. The only thing I hate more is cPanel. Please do not use
it unless you don't know how to configure a Linux box, which you
obviously do just from your email here. At minimum it's a giant security
hole, but it also likes to change things in inscrutable ways, which can
be frustrating when you deviate just slightly from what its authors had
in mind you'd be wanting to do. And if you're going to do the sane thing
and have some version control for your configuration files, why bother
with webmin in the first place?

Gentoo is basically way too build-y and upgrade-y. Sometimes that
flexibility is nice for software development or internet services
applications, but for routing traffic around? You want to set and
forget. I recommend Debian stable for such a thing. Or, if you're in a
hardcore sort of mood, OpenBSD. My first router/NAT box way back in the
day was a 486DX running OpenBSD 2 with I think 16MB or 20MB of memory --
and that handled 1.5 MBps DSL without a hiccup, so I can only say that
it is just about impossible for you to go "too low" in terms of hardware
for this purpose, even with Nagios and MRTG.

All of this, of course, my $0.02 :)

--bak

On 10/22/10 9:26 AM, Paul Bennett wrote:
> Hi,
> 
> Any tips, tricks, suggestions, or gotchas regarding dual-homed setup?
> 
> At home, my wife and I currently run two DSL lines. For some time, I've
> been meaning to install a smart load-balancer to effectively share both
> lines between both our PCs. It's never been a priority because, well,
> DSL's DSL, and 2 * DSL / 2 == DSL.
> 
> However, because she works from home, we're going to be replacing one of
> the DSL lines with a T1, in order to get stability, guaranteed ping, and
> guaranteed uptime.
> 
> Therefore, setting up something clever has become a bigger priority. I
> want to get set up so that ping-sensitive traffic goes to the T1 line,
> and bandwidth-hungry traffic goes to the DSL line, among other things.
> Also, since we'll have several static external IPs, I'm thinking some
> 1:1 NAT would be good for our SIP devices and a web server.
> 
> I'm thinking a severerly-hardened Gentoo box running Shorewall, with
> Webmin, Nagios & MRTG, on a low-end Core2 Duo with 4GB of RAM and a
> 10Krpm hard drive and/or cheap SSD.
> 
> Anything I should know (especially about Shorewall) before I start RTFM?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20101022/34f316a3/attachment.pgp>


More information about the TriLUG mailing list