I have a few general questions about networking.

1. How much traffic can a normal off-the-shelf soho router (such as a Linksys 4port) handle? When using the router as a DHCP server the default settings are to allow around 50 clients. Can it really handle that much traffic?

2. In setting up larger networks (more than say 25 computers), would it be advisiable to use a regular soho router to handle DHCP requests and have a seperate DNS server/Domain controller, or have a seperate DHCP Sever running (linux/win2k) and DNS to provide that service.

3. I have heard good and bad things about double NAT'ing Good is that it seems to be able to provide network monitoring services. Bad is causes network slowdown? Confusing IP / Routing tables?

For security purposes wouldn't it be better to have the order go
(outside internet)---> (router) --->(linux firewall)---> (DHCP/DNS Server) --> (clients)

or does the router at this point not matter?


Thanks for any replies.


Dave

1. Check the manufacturer's documentation. I'd say they can handle enough for a home. I would suspect any business to use high quality equipment than what Bestbuy sells. If it is for a soho (which i think of as less than 15 machines) then yeah, go ahead and use bestbuy stuff.

2. If you have a business of 25+, I'd suggest some type of setup similar to this.
firewall/proxy/NAT -> switch/telco -> desktops and servers


3. I don't know why or how double NAT'ing would provde any monitoring services. Most likely that is a separate daemon running somewhere. And I've never heard anything good about it.

----------------------------------------------------------
For security purposes wouldn't it be better to have the order go
(outside internet)---> (router) --->(linux firewall)---> (DHCP/DNS Server) --> (clients)

My question would be, what the heck is your router routing to? Simply setup a switch or two if you only have 25 clients. The firewall can handle NAT and the firewall (some will say that is a security issue), wire it to a telco closet or switch(s).

thats all
Lets here the agreements/disagreements

1. The bottleneck will likely be your internet connection speed, less likely to be how much traffic the router can handle.

2. Given that you have the resources to run a standalone server, yes it is in my opinion advisable to setup a separate DNS/DHCP server using Linux(forget about Win2k). It will be much more flexible than what the soho router can provide in most cases.

3. Double NAT?

These SOHO routers are designed for quick plug and play operations, most of them don't provide much functionality. Why not save the money and have your Linux firewall do the routing.

Thanks for the quick replies...

I am just trying to figure out what is practical and in terms of networking which is more correct.

I can get a DHCP/DNS Server running Win2k (next step is learn how to do it in linux) and get my workstations to connect to the internet using DHCP and RRAS.

The thing is that a basic SOHO router can do pretty much all of that too.

The current set up is :

(oustide internet) ---> (router) --> (switch)--> (switch)--> (switch)
.....................................................|...............| ...............|
.................................................... V...............V...............V
.................................................clients.........clients.........clients

Would a server be faster?

Each of the switches is on a floor of the building. I have a questionable internet connection (Chinese DSL). The ISP give us a static IP. This apparently works fine for regular internet connections. We had a Win2k DHCP server where the router was, but I took that down and replaced it with the router, so I could play with the server a little bit.
Trying Win2k AD (since it was on the box first) and then going to try building a DHCP server with Linux FDC2.

I don't know if it's conincidence or not, but it SEEMS that sometimes the connection is really slow since I put the router in place of the server. I haven't had any complaints, but i've personally been having trouble w/ some downloads.

Nobody seems to care what I do about the network(as long as they can surf the web and chat)...I could leave it as it is and go about my business, but i want to learn more.

I would like to expand the capabilities of the network to include file and print sharing. Would it be advisable to run a NAT/DHCP/DNS/Firewall all on one machine connected to the internet? That just seems a bit dangerous.


Shouldn't it go:

(outside internet) ---> (linux firewall) --> (DHCP/DNS server)--->(switch)-->clients

or are we incuding NAT as part of the linux firewall, thus eliminating the need for a seperate DHCP server?




Once again, I thank you for your replies. You have been most helpful.


Thanks,

>How much traffic can a normal off-the-shelf soho router (such as a Linksys 4port) handle?

It varies considerably. Despite many firmware revisions netgear routers still crash
ocasionally when handling lots of connections. The throughput will be determined
by the link speed. You can expect to be able to handle a couple of hundred
simultaneous TCP connections with an average router.

>When using the router as a DHCP server the default settings are to allow around 50 clients. Can it really handle that much traffic?
There is no correlation between the amount of traffic an the number of client machines.
One machine running emule can have more connections open than 50 machines that are just use for light websurfing
now and again.

For general web and email use I'd use the ISP's DNS servers for anything up to a few hundred machines.
DNS packets are small. I would not consider a windows machine as a reslving DNS server, I'v heard too many
storys about strange behaviour.

>a seperate DNS server/Domain controller

Internet DNS and windows domains are completly different things.

>and get my workstations to connect to the internet using DHCP and RRAS.

You don't use RRAS, you just tell the client machines to use the NAT
box as the gateway or to use internal proxys.

>Would it be advisable to run a NAT/DHCP/DNS/Firewall all on one machine connected to the internet? That just seems a bit dangerous.

You don't want to leave you DNS server open to querys from the internet but other than
that there is nothing dangerous about it.

I have seen a significant slow down in connection speed using the router. AIM and similar Messaging services frequently disconnect, and d/l speeds are slower. Even the box that was there before (win2k running ICS) was much faster.



You said that I don't want to leave my DNS server open to queries from the internet. I am plan on running a private DNS server/domain controller. If my IP assigns me a static IP for an internet connection, then I use NAT on my DNS server (same machine) is it still open to queries? I assume that it's not, b/c the DNS server is running on the NAT'd side, not on the public side correct?

Thanks for putting up with my ignorance.