Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to do two things on my network and I need to know how they're called so I can start researching.
Here's what I want to do.
I've got a 100/10 (down/up) mbit line and I want to slice it into two parts: 80/9 and 20/1. Each part will go to a different switch and several machines will be behind each switch. So it will effectively become two separate networks.
There will be people doing gaming, VoIP, streaming, browsing, BitTorrent, etc, in each network and as I understand it gaming and VoIP need prioritization so as not to lag, so I need that too.
Additionally, it would be really nice if I could add a WiFi SSID to the first network and abide by the limits of the first network.
So, how are these two things called?
As a bonus, if you feel like it, you can give me some iptables rules I can start playing with.
No, I'll be buying some dedicated equipment for this task. It'll either be an off-the-shelf solution --some VDSL routers can do this and some can run OpenWRT-- or an ARM board that runs Linux or OpenBSD (I really liked pf in FreeBSD but it's lagging in comparison to OpenBSD's). There are pros and cons in both solutions.
Almost every soho device has QOS. There are other ways to "network shape" too.
If one has to have speed then a dedicated hardware device tends to have the most options down to how to route the traffic based on the first packet even. That tends to be commercial devices. Running a high quality home router with or without Openwrt/tomato/merlin sort of firmware may be OK for your needs.
Software solutions tend to be a bit slower but you'd need to know your needs.
Sometimes it a bit difficult to manage tcp/ip protocols if they don't use dedicated ports. There may be some solutions to that based on traffic inspection.
I'd suggest pfSense. Minimal hardware requirements and relatively flat learning curve with lots of support available online. I've been running it both at home and set up multiple clients with pfSense based solutions for their small offices and it is super stable and great to work with.
If one has to have speed then a dedicated hardware device tends to have the most options down to how to route the traffic based on the first packet even. That tends to be commercial devices. Running a high quality home router with or without Openwrt/tomato/merlin sort of firmware may be OK for your needs.
Software solutions tend to be a bit slower but you'd need to know your needs.
Hardware device means doing networking calculations on the CPU, which a cheap ARM board doesn't do?
A software solution is a firewall running without, lets say, CPU acceleration?
And 100mbits is borderline where a software solution would be okay?
Is this what you mean?
Quote:
Originally Posted by jefro
Sometimes it a bit difficult to manage tcp/ip protocols if they don't use dedicated ports. There may be some solutions to that based on traffic inspection.
Today, almost all traffic is encrypted. I was betting that I would find the port of each service, or just simply prioritize anything UDP -- games and VoIP use UDP, right?
Quote:
Originally Posted by designator
I'd suggest pfSense. Minimal hardware requirements and relatively flat learning curve with lots of support available online. I've been running it both at home and set up multiple clients with pfSense based solutions for their small offices and it is super stable and great to work with.
pfSense was my first thought but they did change the UI at some point and it became very complex for my taste, and they might do it again in the future. From a little searching I see that what I want to do is really simple, like 30 lines of iptables or pf commands, and it's going to stay like this. So a machine that runs *nix and loads 30 rules of firewall seems more robust. Another idea is to load pfSense, do the configurations I need and grab the pf lines it generates.
"Hardware device means doing networking calculations on the CPU, which a"
No, I mean a commercial product that has discrete components to perform tasks. Any home type computer is mostly software defined. However the nic and other encryption chips may make one system much better for some network tasks.
The amount and method to encrypt data can allow most routers to manage data unless the encryption goes too high. In fact the most secure encryption can't easily be routed.
I'd recommend pfSense. Insignificant equipment prerequisites and generally level expectations to absorb information with loads of help accessible on the web.
I've been running it both at home and set up numerous customers with pfSense based answers for their little workplaces and it is too steady and extraordinary to work with.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.