I just got the last part for a media server that I'm going to be building. It will have a celey 2.15GHZ 1gig ram on a gigabyte board. I plan on using it as a file server that will also running azureus, VPN, and music streaming. Last night I was reading on another forum about building a proxy server. I found web cacheing very interesting, and their seems to ba alot of benifits to it. While I was looking up info on proxy servers I found a article on Linux box routers. It had some interesting info about how a faster processor made for better performance. It made me think that maybe a Linux router would be faster than my D-link gaming router. When I was planing my media server a lot of people said that I sould also use it as my router. I didn't see why since I already had a router, but if its alot faster using a linux box then I would. So can I do all this stuff on one box and have it run fast? Or should I split it up between 2 machines? Can anyone tell me if a Linux box router is faster than a regular router? Any sujestion, links, or help at all would be greatly appreciated.

I've found that my linux router has lower latency that most commercially available 'home' routers.

If your server is just doing file distribution, routing, etc., you easily have plenty of processing power for that. My current router/file server runs off a PIII-667 with 256MB of RAM. My previous (router only) was a 300MHz PII with 128 RAM, and before that, I ran a firewall/router on a P1/133 MHz/96 MB RAM and it worked fine.

Routing takes very little CPU, unless you have quite complicated rules.

I'll second that. My current home router is a Pentium 100Mhz machine running Debian. It also operates as a proxy server and a firewall. The speed is not a problem on it, the only disturbing thing is its loudness.

Or vast numbers of machines with several high-speed connections :}

For a home-network with a 10MBit-link and 5 computers for
example a 486/66 with 16 MB will do just fine.


Cheers,
Tink

Well, yes, I suppose I should've mentioned that part. But I think even a Pentium 1 can handle any home-grade broadband connection (10MB or smaller).

So have you noticed an increase in performance from the upgrades?




The reason that I am building such a powerful machine for file serving is because I'm going to have it running azureus to free up resources on my main rig, and from what I was told on the azureus forum I would need around 512mb of ram to run it and access large files at the same time. Though routing doesn't take much it seems to me that doing so many things at once will be too much. Azureus, VPN, large file serving, routing, and proxy serving seems like a lot of things for one machine to take care of at once, and in order to run azureus I was told that I have to have X enabled. I wouldn't mind buying an old P3 system, or even another celey to split the load if it will run better. I was also talking to the guy that started the thread where I learned about proxy serving, and he said that I should put my proxy behind my router so that the router's firewll would protect it. I thought it was kind of odd since a Linux box can be used as a router. So is it a good idea to put a Linux router behind a hardware firewall? And if I need to split the load between 2 machines what is the best combination. Will haveing my media server as a router allow for faster tranfers of files located on it?

Realistically, I have not seen any routing performance boosts from the upgrades. The upgrades have been for other reasons (failed hardware, upgrades for non-routing performance, etc.) This has all been over a near-decade period or so.

Do you have your router behind a hardware firewall?

There are two types of firewalls. One that netfilter employs that works on the ip headers. The other type is an application proxy server that filters traffic based on the contents of the payload, such as using squid and dan's guardian and even examining the contents of web pages and blocking obscene material based on the contents.

The second type is more cpu intensive. You mentioned that the server is a media server. If it is serving up streams of video, you don't want to have to much running on it because of latency errors that could result. A small delay may be acceptable when serving up a webpage, but not when you are broadcasting streams.

Application firewalls are deployed for large or highspeed networks using an array of blade servers, to reduce the delay and add redunancy.

That helps, thank you. So I'll won't run everything on one server, and I'll split the load between 2. But I still don't understand if I sould put a hardware firewall in front of the router/proxy server or not. And what if it was just a proxy server, would that be different? Because that was my original idea, to put a proxy server between my modem and router. But someone on another forum said that I sould put the proxy server behind the router to protect it.

And will I be able to setup a VPN if I am using a proxy server? I tried to find info on it, but it was mostly outdated or for college campuses.

I was suggesting using a proxy server separate from the media server. If it is a dedicated firewall, then you don't need a hardware router. NAT routers are convenient however. You must be certain that you don't have an error in your firewall configuration. If you google for "squid fail safe proxy" you will probably get a number of howto's on sharing the load, or having a standby unit. If this was for a medium sized office than this would be a must. For home use or soho, it wouldn't be as important. You could always buy a linksys NAT router if your computer blew up.

I am under the impression that your media server is for use on the LAN. If instead you are running something like an icecast server, then it should go in the DMZ and be separated from the LAN by a firewall or NAT router.

As I understand it, a proxy server is used mostly to regulate what computers on the LAN are allowed to do on the internet. A NAT router, or a Linux Firewall using iptable rules, is designed primarily to protect the LAN from the internet.

I would recommend picking up a book on securing a Linux bastion host. Servers should do one thing well, and shouldn't offer a bunch of services. On your desktop computer you may have a ton of programs installed. You may have just two or three partitions. For a server, very little is installed. Ideally, you don't even install X windows, and uninstall gcc before connecting to the internet.
Here is a link to a book on tldp.org on Securing and Optimizing Linux: http://www.tldp.org/LDP/solrhe/Secur...ution-v2.0.pdf

Servers also tend to have most system directories mounted on it's own partition. See the Filesystem Hierarchy Standard http://www.tldp.org/LDP/Linux-Filesy...-Hierarchy.pdf
for information on that. The bin, usr, sbin and others can be mounted read only. The temp directory should be mounted with the "noexec", and "nodev" options.

Servers and Workstations are totally different beasts.

My media server should be that compicated. It has to have x enabled because it will be running azureus. basicly the music will be accessed through the file system, along with the video. The thing is I'm really into anime, and lots of storage, but I don't want to put it into my main rig. Plus azureus uses alot of RAM, and if I can run that on a seperate computer then it frees up those resources on my work stations. I'm also planning on setting up a VPN for a secure connection with my laptop away from home, and either through VPN, FTP, or something like that, I would like to be able to access my files remotly. So basicly it will be a file server with azuruees running on it part of the time, and a remote connection. The reason that I was thinking of building a proxy server is for some extra security, and faster internet. But this guy on another forum swears that I need to put it behind a router. I wouldn't mind that much, but I'm not sure why I would need to.

Honestly I don't think I'm going to build a Linux box router since I alread have a comercial one. If the difference was huge I would, but it doesn't sound like it is. It might be something I'll consider in the future.

You don't need X if you run things remotely.

Really I was told that I did have to enable it by someone on this forum a while back. Because I am planning on running it remotley.

that person doesn't understand how X works; the only case you would need to run an X server is if you physically sit in front of it