LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-02-2002, 06:43 AM   #1
Norel
Member
 
Registered: Apr 2002
Location: Italy
Distribution: RockLinux
Posts: 35

Rep: Reputation: 15
Lightbulb Halted packet filtering+routing+shaping router or bridge?


This is my "just to be done" situation:
LAN: 10.228.0.0/19
RouterA: LanIP 10.228.0.254
RouterB: LanIP 10.228.0.253
RouterA is a Cisco 1720 (good router) connected with 256Kbits up/downstream to 10.0.0.0/8 WAN, some well known public IPs, internet (not first choise internet connection).
RouterB is horrible very low price ADSL router connected to internet with 640Kbits downstream 128Kbits upstream (first choice internet connection).
RouterA is not configurable by me, but I can ask for a specific (not too strange) configuration.
RouterB is configurable by me but filtering and routing is very basic.

Basic setup:
RouterA and RouterB connected to LAN switchs.
RouterA routing tables set to 10.228.0.253 (RouterB) for internet traffic different from some well known IPs (see above).
LanPC has IP 10.228.x.x/19 and default route 10.228.0.254 (RouterA)

Problem:
I'd like to add a pc (PcC) with 3 NIC to mess things up :
Eth0 connected to LAN, Eth1 connected to RouterA, Eth2 connected to RouterB.
PcC basically has to filter packets (expecially to and from RouterB) and perform trafic shaping to keep routers buffers empty and perform a correct QoS (ex. first interactive packets (defined by me), then www/ftp ACK, then bulk).
I have a MUST: in case of PcC problem I (or someone else) need only to move and/or change some cables to reach "Basic Setup" (see above) without any additional configuration.

After reading "Linux 2.4 - Advanced routing HOWTO" http://www.linuxguruz.org/iptables/h....4routing.html and with my prev. knowleadge I think to realize a one floppy (1.7Mb) based mini linux system with kernel 2.4.x patched for full QoS support and firewalling bridge support (if needed). I want setup to start (by init) only an rc script that setup /proc; packet filtering (by iptables); interfaces, links, ips, routing (by ip); packet shaping (by tc); if needed bridgeing (by brctl); then halt system (without powering down hardware) so kernel is already configured and can work without problems and there's no active process to crack (see halted firewall for info).

I've think 2 possible configuration to solve my problem (just ideas not solution so RFC):

Router:
Setup Eth0 to ip 10.228.0.254 (RouterA ip and LanPcs default route) but route packets to 10.228.0.254 to Eth1.
default route gw 10.228.0.253 Eth2
10.228.0.0/19 Eth0
10.0.0.0/8 gw 10.228.0.254 Eth1
some well known public ips gw 10.228.0.254 Eth1
Setup packet shaping and filtering as I want.
Some routing problem? (just ask)

Bridge
Build a firewalling bridge Eth0-Eth1 but routing packets dest. to internet to Eth2 not Eth1 and packets from Eth2 to Eth0 (no Eth2 Eth1 cominucation, just what I want).
Setup packet shaping and filtering as I want.
LanPc sending packets to internet to default route 10.228.0.254 have some problem? Anwer from internet works as well? (just ask)

Have you find in this some problem? Have you some opinion, different idea, suggestion? Which solution you think is best?

Sorry for long post and thanks for your time

Last edited by Norel; 05-02-2002 at 06:57 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
packet filtering majeztik Linux - Security 2 04-09-2005 01:34 AM
Filtering Bridge with VLANs whirlpool78 Linux - Networking 6 02-22-2005 07:51 AM
Traffic Shaping (by type of packet) snufferz Linux - Networking 1 06-07-2004 11:40 AM
Traffic Shaping (by type of packet) snufferz Linux - Software 0 06-07-2004 10:46 AM
Packet Filtering simmid Linux - Networking 0 09-18-2001 02:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration