LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-29-2003, 02:57 PM   #1
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Rep: Reputation: 30
Thumbs up finally setting up broadband!!


Like the subject says i am finally setting up broadband, was going to go with wireless, but costs too much so adsl it is.

I need some advice, i have 2 pc's i want to connect to the internet connection. (1 running slackware 8.1 and the other on win ME yeah i know f*****g win me, its not mine)

I have a dlink router modem with one ethernet port, an 8 port switch, an old compaq desktop 200Mhz 128mb ram with onboard nic.

now i really want to setup some sort of router with the compaq machine for the fun of it (ie linux or bsd), i also want to do it because i want to control traffic on certain ports because i am limited to 10GB international traffic, so kazaa will be blocked sometimes for one user and speed limited too. I know i can do all this with isa server is there some way to do this with linux?? (im sure there is)

i also want to use it as a mail server eventually , but for the meantime i just want to get it doing the basics.

I am guessing i will have to buy another nic for the compaq machine? (also what do you think about the onboard nic, easy to get working?? if the chipset is supported)

Is there a way to get the 2 internet clients only talking to the compaq router machine and not directly to the dlink router? with only one nic in the compaq?

something like, the dlink router plugs into the switch and the compaq machine plugs into the switch. then the 2 internet clients plug into the switch too?

also what about dmz's and so on?? i do understand most things and if not i can read up about them, i just want an idea of what you guys think is the best way to do it, (ie the most fun :P) and the most secure real world solution.

also my dlink router has a built in firewall.

all ideas will be much appreciated!!

cheers for your time
 
Old 04-29-2003, 04:21 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Quote:
I am guessing i will have to buy another nic for the compaq machine? (also what do you think about the onboard nic, easy to get working?? if the chipset is supported)
As you said: if it's supported, piece of cake :)
And yes, you should be getting a second one.

Quote:
something like, the dlink router plugs into the switch and the compaq machine plugs into the switch. then the 2 internet clients plug into the switch too?
I wouldn't think so, since I believe that iptables wouldn't
accept an aliased interface as the destination (since it
usually also protocols MAC) for NATting ....

Quote:
i want to control traffic on certain ports because i am limited to 10GB international traffic, so kazaa will be blocked sometimes for one user and speed limited too. I know i can do all this with isa server is there some way to do this with linux??
There's iptables based QoS and Traffic-shaping and
accounting available...

Good luck with your undertaking!

Cheers,
Tink
 
Old 04-29-2003, 06:13 PM   #3
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
so in the end the only real way of doing it is to:

connect the dlink router to the phoneline, and the compaq pc to the dlink router and to the switch and then have the other 2 internet clients hanging off of the switch?

i also have an old 486 pc i could use that as a web server and maybe mail?

the dlink router could act as the first firewall? and the compaq as the second running slackware and doing routing and qos stuff. then put the 486 inbetween the 2 outside my internal network.

that is effectively a dmz isnt it??
 
Old 04-29-2003, 07:03 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Gidday mate... :)

Quote:
connect the dlink router to the phoneline, and the compaq pc to the dlink router and to the switch and then have the other 2 internet clients hanging off of the switch?
Sounds like a reasonable scenario to me :)

Quote:
then put the 486 inbetween the 2 outside my internal network.
Not quite sure how you intend the "between ... outside"
to be set-up ...

But to have the 486 accessible from the outside it would be
sufficient to set up rules for incoming traffic on port 80
to be redirected to the box on the same segment, even
though (technically speaking) for a DMZ you'd probably
have to have a third adapter in the compaq :}
Code:
   External Network (BAD)
           |
           |
       eth0|
    -----------------
    | xxx.xxx.xxx.xxx|    Server Network (DMZ)
    |                |eth1
    |                |-------------
    |                |192.168.1.1 | 
    |                |            |
    |192.168.2.1     |            |
    -----------------        ----------
           | eth2            |WWW/SMTP|
           |                 ----------
           |                 192.168.1.2
           |
   Internal Network (GOOD)

Cheers, regards from windy Wellington :)
Tink
 
Old 04-29-2003, 07:09 PM   #5
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
nice one, cheers tink

yeah i agree it would be heaps safer having a third nic for the 486, so i think thats what i will do :P

i dont suppose you would know about fragmenting packets of data?

all the way from wet whangarei!!! :P
 
Old 04-29-2003, 07:37 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Quote:
Originally posted by N_A_J_M
nice one, cheers tink
Pleasure mate :)

Quote:
yeah i agree it would be heaps safer having a third nic for the 486, so i think thats what i will do :P
/me coughs ...
Hey, that's just what a DMZ is, but I think it would
be fairly safe to just do it software-wise, anyway ;)

Quote:
i dont suppose you would know about fragmenting packets of data?
Not quite sure why you'd want to do that,
but you can either use the mtu XXX parameter to
route to achieve smaller packets, or force iptables
to split stuff as it goes ...
Code:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss XXX
Quote:
all the way from wet whangarei!!! :P
What's the :P for this time? :)

Cheers,
Tink
 
Old 04-29-2003, 09:09 PM   #7
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
all the :P come in as i feel the need, haha no real reason for them

the reason i would like to know how to fragment the packets into smaller size is an experiment to see if it will increase download speed, by having lots of small packets of data.

this is to do with packet shaping software.
 
Old 04-29-2003, 09:34 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Well, let's tackle this one applying logic ;)

Most of the hops around the world will have
a mtu of around 1500 bytes... looking at the
ethernet and tcp-headers which make a bunch
of bytes (I don't have my tcp/ip programming
books around) let's say 24 byte, and ethernet,
hmm ... I really didn't dive that deep into network
programming.... let's say 20, for the sake of it :)

If you split that down to small packages you get
more overhead per net-downloaded bytes :)
(grabs his calculator...)

Let's assume you're downloading 1048576 Bytes
You're getting 721 packets, and an overhead of
approx 32K ... if you split the packets to 256 bytes,
you get 4967 packets, and ~ 210K overhead :}

Cheers,
Tink
 
Old 04-29-2003, 10:13 PM   #9
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
ok so the smaller the packets, the ratio between valid data and overhead increases towards overhead ie:smaller packets = more overhead and less valid data.

the reason i was looking at this is because if you are using a jetstart account which is capped at 128k and you click on something to download it it will zoom along very quickly for a brief moment until something happens, now i dont think that has to do with buffers because the mount of data received is more than what the 128k line is capable of providing in that short space of time.

however what i think is happening is that the data is passed down at the greater speed something of jetsteam speed until the packet shaper kicks in and slows it down.

by creating smaller packets it may be possible to trick the packet shaper??

its just a theory, and a bit of fun just to understand how things are working?
 
Old 04-29-2003, 11:21 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Is that "zoom along" and "something happens"
bit in Linux or on a WinDOHs machine? :)

Cheers,
Tink
 
Old 04-30-2003, 02:17 PM   #11
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
It seems to be with both, ?

im just trying to understand how it all works. If you have a 128k jetstart account (pressuming something is set at the exchange for this?) then if you login to the jetstream games site you get full rate jetstream?? so what is it that controls this? must be some sort of software?

im probably poking around where i shouldnt thinking about this?, but i am just interested in how it all works
 
Old 04-30-2003, 03:45 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Hmmm ... I wouldn't know, I'm on Telstra's cable :)

Look at these ... I believe it has to do with your
local relay rather than your DSL modem :)

http://www.google.co.nz/groups?hl=en...=Google+Search

Cheers,
Tink
 
Old 04-30-2003, 04:15 PM   #13
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
kool, the last one says it all the cap may be lifted at the exchange.
thats just what i am trying to work out, what system are they using at the exchange to limit the rate of data?? i guess i will never know :P

anyway back to my previous post, about setting up my system.

i downloaded smoothwall yesterday, and i think i will put it onto my compaq pc. it seems like a good choice as far as secure router software goes

what i am wondering is if it has the capabilies to do what i need?
ie:qos stuff like what i mentioned before about restricting certain types of traffic for particular users?

oh yeah, what is cable like?? damn you!! :P what is the max speed? and data limits?
 
Old 04-30-2003, 04:53 PM   #14
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Getting 256KBit/s (even though I can get
up to 35KB/s from some NZ servers :})
with a 10GB limit as of 1st of May (is 5
'til then...) ...

As for smoothwall ... read this: it's old, but
I never checked on them again afterwards ;)
http://www.heise.de/english/newstick...-14.01.02-002/


Cheers,
Tink
 
Old 04-30-2003, 05:43 PM   #15
N_A_J_M
Member
 
Registered: Aug 2002
Location: Whangarei New Zealand
Distribution: Slack 8.1
Posts: 300

Original Poster
Rep: Reputation: 30
geez thats not much good!! hmmm second thoughts about installing...

what do you suggest i put on there? i have slackware 8.1 which i use on my main pc, i havn't really tried to harden the system and i know if i am going to install it as a router/firewall it will need some extreme tightening!

i was thinking about bsd eventually.

oh yeah do you know what version of smoothwall had these vulnerabilities??

cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
setting up broadband for linux + windows jimjamjahaa Linux - Newbie 4 05-15-2005 02:39 PM
Finally, finally switched Celettu LinuxQuestions.org Member Success Stories 9 08-25-2004 12:59 PM
Problem Setting Telewest Broadband On Redhat 9.0 kamal2099 Red Hat 0 03-01-2004 03:27 PM
few IP questions on setting up broadband. qwijibow Linux - Networking 6 12-04-2003 08:19 PM
Setting BIND/Sendmail behind a broadband router/firewall ppuddick Linux - Networking 1 03-27-2003 06:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration