Please tell me how many linux boxen I need for this setup :)

xtp183 · 04-01-2006, 12:38 AM

Hi all,

I hope there are some users who are familiar with the following daemons I'm wanting to incorperate into my network:

-OpenSSH
-SQUID
-iptables
-SNARE
-Snort
-Nessus

The question is how many linux boxen will I need to run all these programs at optimal efficiency?

SQUID and iptables will be in separate boxen, but I'm just not clear on whether I can jam the others in without comprimising something.

Please help,
Thanks!

michaelsanford · 04-01-2006, 05:28 PM

Impopssible to answer without some idea of the kind of traffic you expect (mostly because of squid).

What kind of setup do you have? Why do you think want to put the firewall (iptables) on a separate box from ssh and nessus?

gloomy · 04-02-2006, 03:56 AM

Everyone of those services run on a single linux machine. If that is what you want.

xtp183 · 04-02-2006, 06:24 AM

Well, traffic for Squid will be low (<5 users), though besides from any boosts I may recieve from the cache, I'm looking forward towards the proxying.

So would iptables, Nessus, and SSH all run efficiently on the same box? I was planning on having two linux boxen for these daemons, so if I could run iptables, Nessus, and SSH on one, and Snare, Snort, and Squid on the other that would be great.

gloomy · 04-02-2006, 06:59 AM

Well, I guess you are quite right with Squid - it is perhaps the most heaviest from the above services.

Haven't ever used Nessus, or had the need for it, but SSH does not take much and iptables are very light, even if one is going to use all the available options that come with the kernel. Anyhow you probably need iptables for routing purposes etc. on each one of your machines.

But naturally everything depends on the performance of your machines themselves.

Personally I would also consider more the outline of your network.

But I guess the answer to your question is yes.

xtp183 · 04-02-2006, 08:05 AM

Great!

So the proposed layout is this:

============================================================
--------------------------------------------------------------------------------------------------
-- Internet --<><>-- 'server#1' --<><>-- 'server#2' --<><>-- router --<><>-- 'clients' --
--------------------------------------------------------------------------------------------------
...............................#iptables................#Nessus.......................................................
...............................#openSSH..............#SQUID........................................................
...............................#snort...................#SNARE........................................................
============================================================

Is it looking good? :^)

P.S. I hope the diagram is displayed correctly for everyone. x_x

michaelsanford · 04-02-2006, 01:15 PM

You only expect 5 users for SQUID? What kind of traffic? We we saying that those 5 users will bw browsing the web, checking email, getting some patch files, or downloading 20 ISOs a day?

If it's the first, put it all on one (fast) box! If you buy (for example) a 2 GHz with 2 GB RAM Athlon64 for server 1 you'll be wasting 99% of the server.

iptables is a firewall/routing (through MASQ) tool. For simple routing rules it takes negligible overhead. SSH also uses negligible overhead if properly configured. Nessus, I presume, will run security audits periodically, so it can be on any box (i.e., also the same server).

The heaviest app by far is SQUID but like I said, for <5 users it may make little difference.

xtp183 · 04-02-2006, 10:42 PM

The two computers are going to be hand-me-downs, so I'm not really concerned about wasting their cpu cycles - perhaps I might consider F@H on them to counter this :p. The computer with the most ram, and fastest hard-drive will be the one with SQUID running on it. In the future, I might just upgrade the SQUID server to use some i-RAM for storage, if it needs be :D.

So if there isn't any thing wrong with the proposed setup, I guess my question has been answered :).

gloomy · 04-03-2006, 07:20 AM

No, the layout looks fine to my eyes likewise the table you drew

.

Nevertheless, depending on the performance of the servers, I might consider putting all those services on a single server, as there is hardly anything to gain from routing through two servers solely because of the services per se.

Yet, my own setup looks rather similar - the server #1 (amd k6-2, 550mhz, 256mb ram) acts efficiently as a server (firewall via iptables, SSH, snort and squid), while the other machine just routes the traffic for clients.