|
finally setting up broadband!!
Like the subject says i am finally setting up broadband, was going to go with wireless, but costs too much so adsl it is.
I need some advice, i have 2 pc's i want to connect to the internet connection. (1 running slackware 8.1 and the other on win ME yeah i know f*****g win me, its not mine) I have a dlink router modem with one ethernet port, an 8 port switch, an old compaq desktop 200Mhz 128mb ram with onboard nic. now i really want to setup some sort of router with the compaq machine for the fun of it (ie linux or bsd), i also want to do it because i want to control traffic on certain ports because i am limited to 10GB international traffic, so kazaa will be blocked sometimes for one user and speed limited too. I know i can do all this with isa server is there some way to do this with linux?? (im sure there is) i also want to use it as a mail server eventually :), but for the meantime i just want to get it doing the basics. I am guessing i will have to buy another nic for the compaq machine? (also what do you think about the onboard nic, easy to get working?? if the chipset is supported) Is there a way to get the 2 internet clients only talking to the compaq router machine and not directly to the dlink router? with only one nic in the compaq? something like, the dlink router plugs into the switch and the compaq machine plugs into the switch. then the 2 internet clients plug into the switch too? also what about dmz's and so on?? i do understand most things and if not i can read up about them, i just want an idea of what you guys think is the best way to do it, (ie the most fun :P) and the most secure real world solution. also my dlink router has a built in firewall. all ideas will be much appreciated!! :) cheers for your time |
Quote:
And yes, you should be getting a second one. Quote:
accept an aliased interface as the destination (since it usually also protocols MAC) for NATting .... Quote:
accounting available... Good luck with your undertaking! Cheers, Tink |
so in the end the only real way of doing it is to:
connect the dlink router to the phoneline, and the compaq pc to the dlink router and to the switch and then have the other 2 internet clients hanging off of the switch? i also have an old 486 pc i could use that as a web server and maybe mail? the dlink router could act as the first firewall? and the compaq as the second running slackware and doing routing and qos stuff. then put the 486 inbetween the 2 outside my internal network. that is effectively a dmz isnt it?? |
Gidday mate... :)
Quote:
Quote:
to be set-up ... But to have the 486 accessible from the outside it would be sufficient to set up rules for incoming traffic on port 80 to be redirected to the box on the same segment, even though (technically speaking) for a DMZ you'd probably have to have a third adapter in the compaq :} Code:
External Network (BAD)Cheers, regards from windy Wellington :) Tink |
nice one, cheers tink
yeah i agree it would be heaps safer having a third nic for the 486, so i think thats what i will do :P i dont suppose you would know about fragmenting packets of data? all the way from wet whangarei!!! :P |
Quote:
Quote:
Hey, that's just what a DMZ is, but I think it would be fairly safe to just do it software-wise, anyway ;) Quote:
but you can either use the mtu XXX parameter to route to achieve smaller packets, or force iptables to split stuff as it goes ... Code:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss XXXQuote:
Cheers, Tink |
all the :P come in as i feel the need, haha no real reason for them
the reason i would like to know how to fragment the packets into smaller size is an experiment to see if it will increase download speed, by having lots of small packets of data. this is to do with packet shaping software. |
Well, let's tackle this one applying logic ;)
Most of the hops around the world will have a mtu of around 1500 bytes... looking at the ethernet and tcp-headers which make a bunch of bytes (I don't have my tcp/ip programming books around) let's say 24 byte, and ethernet, hmm ... I really didn't dive that deep into network programming.... let's say 20, for the sake of it :) If you split that down to small packages you get more overhead per net-downloaded bytes :) (grabs his calculator...) Let's assume you're downloading 1048576 Bytes You're getting 721 packets, and an overhead of approx 32K ... if you split the packets to 256 bytes, you get 4967 packets, and ~ 210K overhead :} Cheers, Tink |
ok so the smaller the packets, the ratio between valid data and overhead increases towards overhead ie:smaller packets = more overhead and less valid data.
the reason i was looking at this is because if you are using a jetstart account which is capped at 128k and you click on something to download it it will zoom along very quickly for a brief moment until something happens, now i dont think that has to do with buffers because the mount of data received is more than what the 128k line is capable of providing in that short space of time. however what i think is happening is that the data is passed down at the greater speed something of jetsteam speed until the packet shaper kicks in and slows it down. by creating smaller packets it may be possible to trick the packet shaper?? its just a theory, and a bit of fun just to understand how things are working? |
Is that "zoom along" and "something happens"
bit in Linux or on a WinDOHs machine? :) Cheers, Tink |
It seems to be with both, ?
im just trying to understand how it all works. If you have a 128k jetstart account (pressuming something is set at the exchange for this?) then if you login to the jetstream games site you get full rate jetstream?? so what is it that controls this? must be some sort of software? im probably poking around where i shouldnt thinking about this?, but i am just interested in how it all works :) |
Hmmm ... I wouldn't know, I'm on Telstra's cable :)
Look at these ... I believe it has to do with your local relay rather than your DSL modem :) http://www.google.co.nz/groups?hl=en...=Google+Search Cheers, Tink |
kool, the last one says it all the cap may be lifted at the exchange.
thats just what i am trying to work out, what system are they using at the exchange to limit the rate of data?? i guess i will never know :P anyway back to my previous post, about setting up my system. i downloaded smoothwall yesterday, and i think i will put it onto my compaq pc. it seems like a good choice as far as secure router software goes :) what i am wondering is if it has the capabilies to do what i need? ie:qos stuff like what i mentioned before about restricting certain types of traffic for particular users? oh yeah, what is cable like?? damn you!! :P what is the max speed? and data limits? |
Getting 256KBit/s (even though I can get
up to 35KB/s from some NZ servers :}) with a 10GB limit as of 1st of May (is 5 'til then...) ... As for smoothwall ... read this: it's old, but I never checked on them again afterwards ;) http://www.heise.de/english/newstick...-14.01.02-002/ Cheers, Tink |
geez thats not much good!! hmmm second thoughts about installing...
what do you suggest i put on there? i have slackware 8.1 which i use on my main pc, i havn't really tried to harden the system and i know if i am going to install it as a router/firewall it will need some extreme tightening! i was thinking about bsd eventually. oh yeah do you know what version of smoothwall had these vulnerabilities?? cheers |
| All times are GMT -5. The time now is 02:09 AM. |