Forum,

I am new to Linux and so far have managed to get my Ubuntu Box (10.04 server distro) to host 2 simple things for me, and FTP and Mumble server.

I have 2 internet connections in my home. I have 1 "test" business class account that is 80 mbpx x 10 mbps (with a static IP), and then I have a residential class 20 mbps x 4 mbps.

I have my Linux server running behind a router doing port forwarding and NAT on the business connection.

My home pc's are on my residential network.

I want to be able to FTP to my linux box internally without having to route traffic outside of the network.
The reasons for wanting to do this are obvious, I am not limited to the constraints of the upload/download limitation of each connection when trying to put things on the server.


I am trying to brainstorm on how to direct traffic out of my my network. I am wondering if this would work.

I have not bought an additional NIC for the Linux server, and before I go and do so, I was curious to know if this is a good idea or not.
In theory, on paper, it should work. The Linux box would always use the business connection for any outgoing traffic for the server, and would never use its other interface unless it was for some kind of a failover. Yet it would be addressable by the 192.168.100.X network internally only.

Now, some of you are probably scratching your head, wondering why I just dont put everything on the business connection and scrap the residential connection?

Well, the short answer is, I want all leisure traffic to go out of a connection that isn't running a server.


Thoughts? The routers I have are nothing fancy, so they are not capable of doing any lan interface IP configuration, or any fancy things a cisco router could do. So, given what I have, before I spend my time doing something that wont work, I was curious for the communities input.

Thanks in advance!

Attached Thumbnails

 

Hello,

If I am reading your diagram correctly, then by connecting one of the lan ports on the right hand router to an extra ethernet card on the linux server ought to work just fine: just make sure the linux server has only one gateway: 192.168.1.1.

If you wish to have some sort of automated failover routing, you will have a different problem. For that kind of thing, you might be better off with a more advanced router. I am a personal fan of pfsense.

I would choose Debian over Ubuntu. Both maintained by the same people, but Debian is a bit more conservative and therefore more stable. Ubuntu is a desktop distro, Debian is a server distro.
At home I got rid of my ISP-provided router and connect my Debian box directly to the cable modem. When I first did this 3 years ago I got almost double increase in speed. (I was on a 10Mb connection from Virgin, using their small netgear router and cable modem.) Of course, your linux machine will need iptables with a good set of rules. Im sure as you are already thinking of running a public service on it you have that in place.

If you are accessing your FTP server by its private IP, it should never attempt to go out through your ISP. Just make sure you ftpd is listening on all interfaces. If you go by domain, then you will need to set up you own DNS server with split views - so it presents one IP when asked from inside and another to external clients.

With your current setup as shown in the diagram, if you don't have ip_forwarding enabled on the server your laptop and PC will always go out the dynamic link. On your server you should create a primary default route pointing at the business class ISP, and a secondary (with higher metric) pointing at the residential link. This will provide backup and non-stateful failover, no loadbalancing.

If this sounds complicated, I feel I should say that it is also worth the effort. There is very little you can not do with a Linux box as your gateway, and its all free

P.S.
If mumble is the service you are thinking of providing, it might be cheaper to go with some virtual hosting solution. I have mumble running on a KVM server, it has 2 static IPs, 1 Tb of bandwith per month and sufficient for now RAM/disc/CPU - all for £14.40 p/m. This should be several times cheaper than your business line rental... I have not load tested the bandwith on the KVM hosting though, not sure how it will handle a few dosens of mumble clients. The overall limit per month is plenty, but idk about the throughput per second. I am however monitoring the link delay and jitter with smokeping, and it is more than decent.

Well, funny you mention price. I work for an ISP , so I get both connections for free. Because I work in the Business Department , I get an business class connection in conjunction with a comped residential connection. I received the computer for free, so this is costing me nothing but my time invested . I am getting another PC for free that is better than what I am running now, so I may go with Debian on that recommendation. I do not need a desktop solution. I am taking on learning Linux for my own self satisfaction, but also to learn about how the kernel and CLI works. I want it also to have a practical application for it, (IE, Mumble for Gaming, FTP for uploading, and hopefully soon to be hosting some kind of rinky-dink web blog)

I know a thing or 2 about networking (CCENT certified, soon to be CCNA), I just have never seen a network connected in this manner. I have considered many different set-ups, but I have decided on this vs a load balancing firewalling linux box.

Thanks for your help, and when I get my new PC I will try Debain out on your recommendation. Does it react the same way with apt ? (Forgive me, I am a total noob when it comes to Linux)

I have dabbled in CentOS, but found myself back with the familiarity of Ubuntu.

Thanks in advance

-Trent

I was initialy writing some kind of rant cause a certified person was having problem with such thing. I myself have LPI 1 & 2 and had problems getting the two sites of an ipsec tunnel to ping each other cause of missing nat'ting. They don't teach you real world problems while doing the preparations despite during the exams. Mind over matter or practice over theory.

Just get your self a second nic for your *nix box and you'll be fine.

Stick with debian for your server. Ubtunu is "just" a "fork" of debian just with more up2date version of the packages provided. (apt works). But it's not as sorely tested as debian is.
Don't go the CentOS road. It's a nice distribution but yeah... (don't say anything if you don't have nice things to say).

If you want to dig into linux go the good way, get your self slackware or at least read the book

Some rant at the end. It's your network isn't it. Messed it up till your satisfied.

Ye there is some intense geeky pleasure in that I host my own DNS zones, mail, web and mumble servers. Biggest of all, home telephony runs over asterisk and a SIP provider, and gives me features you can't ever hope to get from a telco (unless you buy a corporate grade solution) and a price drop at the same time.

Well well now, no need to be hostile. I haven't had a problem yet..... and was thinking in my head that it SHOULD work.... but hey, I JUST got my CCENT, and like you said, they dont teach you real world problems. All the training in the world couldn't have prepared me for the kinds of things that I see working at a HFC ISP. Working with CMTS's that are only implemented 1 place in the world (where I work), is a challenge because even though it all works in theory, problems pop up with rf frequency load balancing, and upstream bandwidth utilization causing intermittent connectivity with highcap accounts are things that are real world problems. No book can teach you that. :-)

/end tangent

Plus, all the CCNA/CCENT stuff is for small to med size networks that I never touch or troubleshoot (we dont TS customer equipment at my job), and (so far) I have not completed a lab that has 2 different /24 networks connected to 1 device without any kind of routing protocol running on said device to allow a "back door" to it.

It never hurts to ask before trying right?

-Trent

I apologize if I offended you. It was more that you're post just too much resembled the day I had yesterday and that let to such a unfriendly words. It's also that things can be done in such numerous ways that you can't learn them all.

You are totaly right that asking never hurts, beside me having a bad day and throwing shit in all directions. I hope at least the second half of my post was kind of heelpfull. Let's put my bad mood aside and get you going.

You could just setup two IP's on the NIC you have installed.
Then make sure ip forwarding is turned off.
And have the ftp server only listen on the 192.168.100.4 address.

This should get you somewhere. maybe throw in an iptables to block 192.168.100.0/24 from leaving to 0.0.0.0/0. Maybe I'll find some more things for the mix.

Kind Regards Zhjim