LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-12-2008, 11:11 PM   #1
amocjr
Member
 
Registered: Aug 2003
Location: Connecticut
Distribution: Mandrake, Debian
Posts: 39

Rep: Reputation: 15
Whare are the best NICs to use for a Linux-based firewall?


I'm building a firewall/DHCP-server/proxy for my home network and would like to know what the best NICs would be to use for that.

I have the following NICs (one of each) available to me:
  • 3COM 3c905 100BaseTX "Boomerang"
  • Macronix MX987x5
  • Via Technologies VT86C100A "Rhine"
  • Linksys Etherfast LN100TX
  • RTL 8139C (that's what's on the chip -- I don't have the box or docs)
I could probably lay my hands on another Via VT86C100A and on a D-Link DFE-530TX if they were any good.

The main purpose of the firewall is to separate my wireless traffic from my wired traffic. I want the wireless computers to be able to access the Internet but not the computers on the wired LAN.

So, I need to use three cards -- one for the WAN (the Internet, by way of a cable modem), one for the wired LAN, and one for a wireless access point. The WAN card will have to handle the most traffic, the wired LAN card the second most, and the wireless LAN card the least.

Any suggestions? Are any of these cards better than any of the others, or are they all pretty much the same?

Thanks!
 
Old 01-13-2008, 12:25 AM   #2
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Personally I am fond of intel and 3Com NIC's but it really shouldn't matter as long as theres a driver for the NIC.

I'm not familiar with the Macronix MX987x5 at all so I can't comment on it, Linux should have no trouble detecting anything else I see listed there..

the bottom card you listed uses a chip manufactured by Realtec

Last edited by farslayer; 01-13-2008 at 12:28 AM.
 
Old 01-13-2008, 12:57 AM   #3
Drakeo
Senior Member
 
Registered: Jan 2008
Location: Urbana IL
Distribution: Slackware, Slacko,
Posts: 2,521
Blog Entries: 3

Rep: Reputation: 208Reputation: 208Reputation: 208
3com and rtl will do fine
 
Old 01-13-2008, 01:07 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
I haven't used all of those so I can't really compare. But I can tell you that I've been using Realtek 8139s on Linux for years and they've been great. Most of the time I actually try to get 8139-based NICs for projects just because I know from experience that they are wonderfully supported by Linux. The fact that they are dirt-cheap is a bonus.
 
Old 01-13-2008, 01:37 AM   #5
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 171Reputation: 171
If you are going to put the card under heavy load I have always seen the highest throughput with 3com nics.

Again if you are going to put the card under heavy load I would consider moving the server card up to a GigE card. Even if you do not run the card at GigE speeds, the hardware is designed to withstand a much higher throughput than any 100 base nic. I have picked up a lot of 3com's GigE cards on Ebay for $15 including shipping. If you wind up needing the higher transfer rates (say a TV PVR) the GigE rates really help.

Good Luck
Lazlow
 
Old 01-13-2008, 10:21 AM   #6
Tons of Fun
Member
 
Registered: Dec 2004
Location: Orlando, Florida
Distribution: Debian Squeeze / BackTrack 5/ Linux Mint 11
Posts: 359

Rep: Reputation: 32
What firewall are you using? I am using IPCop, and it has had no problems detecting and installing any card I have fed into it. The only difference between IPCop and others I have seen is that when IPCop detects the card, it identifies the cards from the chipset, not the make and manufacturer. So when I installed the Green and Red cards, I identified them on the back of the computer with a Sharpie for later identification. On that machine, I am using a D-Link, 3-Com, Linksys, and a Kingston.
 
Old 01-13-2008, 02:37 PM   #7
amocjr
Member
 
Registered: Aug 2003
Location: Connecticut
Distribution: Mandrake, Debian
Posts: 39

Original Poster
Rep: Reputation: 15
Thanks!

Thanks everyone for your input.

I'm going to go with the 3COM for the WAN interface, and the RealTec and Via cards for the internal interfaces. I'll report back anything dramatic.

To Tons of Fun, I was planning to roll my own with iptables, ipmasq, dnsmasq, and squid and dansguardian for "parental controls." Lately, though, I've been considering using Shorewall as the foundation.

Thanks!
 
Old 01-13-2008, 02:45 PM   #8
Tons of Fun
Member
 
Registered: Dec 2004
Location: Orlando, Florida
Distribution: Debian Squeeze / BackTrack 5/ Linux Mint 11
Posts: 359

Rep: Reputation: 32
I'm not familiar with Shorewall, but IPCop will allow you to write your own tables, has unlimited configuration for 4 NICS (WAN, LAN, DMZ, and WLAN), and supports Dan's Guardian as well as Snort and other applications. I really like it and feel well protected sitting behind it. I am not running Dan's Guardian, but IPCop will install it and work with it. I do have Snort running. Check it out, you might like it: http://ipcop.org/

Good luck with your project.
 
Old 01-13-2008, 02:48 PM   #9
Jirka11
LQ Newbie
 
Registered: Jan 2008
Posts: 24

Rep: Reputation: 15
Quote:
Originally Posted by amocjr View Post
I'm building a firewall/DHCP-server/proxy for my home network and would like to know what the best NICs would be to use for that.

I have the following NICs (one of each) available to me:
  • 3COM 3c905 100BaseTX "Boomerang"
  • Macronix MX987x5
  • Via Technologies VT86C100A "Rhine"
  • Linksys Etherfast LN100TX
  • RTL 8139C (that's what's on the chip -- I don't have the box or docs)
I could probably lay my hands on another Via VT86C100A and on a D-Link DFE-530TX if they were any good.

The main purpose of the firewall is to separate my wireless traffic from my wired traffic. I want the wireless computers to be able to access the Internet but not the computers on the wired LAN.

So, I need to use three cards -- one for the WAN (the Internet, by way of a cable modem), one for the wired LAN, and one for a wireless access point. The WAN card will have to handle the most traffic, the wired LAN card the second most, and the wireless LAN card the least.

Any suggestions? Are any of these cards better than any of the others, or are they all pretty much the same?

Thanks!
Realtec and 3COM works OK for me a long time with hard bandwith...

_____________________________________________
http://www.nmonitoring.com
 
Old 01-13-2008, 11:10 PM   #10
amocjr
Member
 
Registered: Aug 2003
Location: Connecticut
Distribution: Mandrake, Debian
Posts: 39

Original Poster
Rep: Reputation: 15
Thumbs up Update

Thanks for the tip, Tons of Fun, I'll check out IPCop.

The consensus definitely seems to be around 3COM and RealTec, so that's what I used, along with the Via card. All cards were recognized (Debian 4.0 Etch) and are working. Right now it's set up as a simple bridge just to test everything -- in fact, I'm communicating through it right now. The next step will be to put a wireless access point on it and isolate that from the wired part of my network.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
configure 2 NICs on linux firewall ooorah Linux - Networking 17 12-20-2007 07:59 AM
Linux based Firewall OS with traffic management filips01 Linux - Networking 2 04-14-2007 07:37 PM
Linux or *nix-based firewall/router for PPPoE jantman Linux - Security 2 06-09-2006 09:52 PM
Linux Box w/ 2 NICs and passive firewall? rruss Linux - Networking 1 04-14-2005 08:15 AM
Firewall + 3 NICS on DSL and T1 jj12345 Linux - Networking 1 10-08-2004 11:03 AM


All times are GMT -5. The time now is 06:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration