Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. How much traffic can a normal off-the-shelf soho router (such as a Linksys 4port) handle? When using the router as a DHCP server the default settings are to allow around 50 clients. Can it really handle that much traffic?
2. In setting up larger networks (more than say 25 computers), would it be advisiable to use a regular soho router to handle DHCP requests and have a seperate DNS server/Domain controller, or have a seperate DHCP Sever running (linux/win2k) and DNS to provide that service.
3. I have heard good and bad things about double NAT'ing Good is that it seems to be able to provide network monitoring services. Bad is causes network slowdown? Confusing IP / Routing tables?
For security purposes wouldn't it be better to have the order go
(outside internet)---> (router) --->(linux firewall)---> (DHCP/DNS Server) --> (clients)
1. Check the manufacturer's documentation. I'd say they can handle enough for a home. I would suspect any business to use high quality equipment than what Bestbuy sells. If it is for a soho (which i think of as less than 15 machines) then yeah, go ahead and use bestbuy stuff.
2. If you have a business of 25+, I'd suggest some type of setup similar to this.
firewall/proxy/NAT -> switch/telco -> desktops and servers
3. I don't know why or how double NAT'ing would provde any monitoring services. Most likely that is a separate daemon running somewhere. And I've never heard anything good about it.
----------------------------------------------------------
For security purposes wouldn't it be better to have the order go
(outside internet)---> (router) --->(linux firewall)---> (DHCP/DNS Server) --> (clients)
My question would be, what the heck is your router routing to? Simply setup a switch or two if you only have 25 clients. The firewall can handle NAT and the firewall (some will say that is a security issue), wire it to a telco closet or switch(s).
1. The bottleneck will likely be your internet connection speed, less likely to be how much traffic the router can handle.
2. Given that you have the resources to run a standalone server, yes it is in my opinion advisable to setup a separate DNS/DHCP server using Linux(forget about Win2k). It will be much more flexible than what the soho router can provide in most cases.
3. Double NAT?
These SOHO routers are designed for quick plug and play operations, most of them don't provide much functionality. Why not save the money and have your Linux firewall do the routing.
I am just trying to figure out what is practical and in terms of networking which is more correct.
I can get a DHCP/DNS Server running Win2k (next step is learn how to do it in linux) and get my workstations to connect to the internet using DHCP and RRAS.
The thing is that a basic SOHO router can do pretty much all of that too.
Each of the switches is on a floor of the building. I have a questionable internet connection (Chinese DSL). The ISP give us a static IP. This apparently works fine for regular internet connections. We had a Win2k DHCP server where the router was, but I took that down and replaced it with the router, so I could play with the server a little bit.
Trying Win2k AD (since it was on the box first) and then going to try building a DHCP server with Linux FDC2.
I don't know if it's conincidence or not, but it SEEMS that sometimes the connection is really slow since I put the router in place of the server. I haven't had any complaints, but i've personally been having trouble w/ some downloads.
Nobody seems to care what I do about the network(as long as they can surf the web and chat)...I could leave it as it is and go about my business, but i want to learn more.
I would like to expand the capabilities of the network to include file and print sharing. Would it be advisable to run a NAT/DHCP/DNS/Firewall all on one machine connected to the internet? That just seems a bit dangerous.
>How much traffic can a normal off-the-shelf soho router (such as a Linksys 4port) handle?
It varies considerably. Despite many firmware revisions netgear routers still crash
ocasionally when handling lots of connections. The throughput will be determined
by the link speed. You can expect to be able to handle a couple of hundred
simultaneous TCP connections with an average router.
>When using the router as a DHCP server the default settings are to allow around 50 clients. Can it really handle that much traffic?
There is no correlation between the amount of traffic an the number of client machines.
One machine running emule can have more connections open than 50 machines that are just use for light websurfing
now and again.
For general web and email use I'd use the ISP's DNS servers for anything up to a few hundred machines.
DNS packets are small. I would not consider a windows machine as a reslving DNS server, I'v heard too many
storys about strange behaviour.
>a seperate DNS server/Domain controller
Internet DNS and windows domains are completly different things.
>and get my workstations to connect to the internet using DHCP and RRAS.
You don't use RRAS, you just tell the client machines to use the NAT
box as the gateway or to use internal proxys.
>Would it be advisable to run a NAT/DHCP/DNS/Firewall all on one machine connected to the internet? That just seems a bit dangerous.
You don't want to leave you DNS server open to querys from the internet but other than
that there is nothing dangerous about it.
I have seen a significant slow down in connection speed using the router. AIM and similar Messaging services frequently disconnect, and d/l speeds are slower. Even the box that was there before (win2k running ICS) was much faster.
You said that I don't want to leave my DNS server open to queries from the internet. I am plan on running a private DNS server/domain controller. If my IP assigns me a static IP for an internet connection, then I use NAT on my DNS server (same machine) is it still open to queries? I assume that it's not, b/c the DNS server is running on the NAT'd side, not on the public side correct?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.