CentOS - Jul 2007 - Multiple WAN link -- CentOS Suitability

My situation:

I have a cable modem (COMCAST 6Mbit d/l) and am about to also have DSL
(Verizon 3 Mbit d/l).  I was thinking of using CentOS (4.4, 4.5, or 5??) as
a router/dhcp server/firewall for my home network consisting of 3 to 6
computers at any given time.  I seek the wisdom of the members of this list
on the following issues:

 

--  Is CENTOS a good direction to go?  I do not mind manually configuring
things or installing lots of packages, and am doing this as both a learning
experience for myself and proof of concept for a customer.

--  Is it possible/hard/easy/trivial to share the load between the two
connections?  Have either link fail and things still work correctly?

--  I plan to build a box for this job - looking for general recommendations
of how much horsepower (mem/disk space, etc) is required

--  What are the implications of two pipes for incoming connections such as
DynDNS based  remote desktop or VNC, or web server, FTP, etc

 

The basic hardware layout I see is 3 nics, 1 GB RAM, 60 GB disk space.  1
NIC for each WAN port, 1 NIC for my local net, some recent CPU.

 

I have been browsing through the "Linux Advanced Routing & Traffic
Control
HOWTO," but am still not on top of how to get done what I'm looking
for.  I
understand that there are probably products that I could buy to do this, but
my preference is to do it myself.

 

Sorry if my questions are too basic.  Please feel free to tell me off if so.
Thanks.

 

rsubasic

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20070719/ef41184d/attachment.html>

Consider an extra NIC or two for a server DMZ and other stuff as well too

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20070718/f3fb35b4/attachment.html>

Raymond M. Subasic wrote:
>
> My situation:
>
> I have a cable modem (COMCAST 6Mbit d/l) and am about to also have DSL 
> (Verizon 3 Mbit d/l). I was thinking of using CentOS (4.4, 4.5, or 
> 5??) as a router/dhcp server/firewall for my home network consisting 
> of 3 to 6 computers at any given time. I seek the wisdom of the 
> members of this list on the following issues:
>
> -- Is CENTOS a good direction to go? I do not mind manually 
> configuring things or installing lots of packages, and am doing this 
> as both a learning experience for myself and proof of concept for a 
> customer.
>
Its reasonable. not optimized particularlly as a firewall/routing 
system, its more of a general purpose server but its certainly capable 
of doing firewalling
> -- Is it possible/hard/easy/trivial to share the load between the two 
> connections? Have either link fail and things still work correctly?
>
possible? yes. hard, definately. easy/trivial, nope. reliably detecting 
a 'failed' link is also tricky as most failures will be upstream from 
you. routing outbound traffic and load balancing two seperate ISPs is 
also tricky.

> -- I plan to build a box for this job ? looking for general 
> recommendations of how much horsepower (mem/disk space, etc) is required
>
a router/firewall can run off a 512MB flashcard, and a 450MHz CPU with 
256MB ram is way more than adequate.
> -- What are the implications of two pipes for incoming connections 
> such as DynDNS based remote desktop or VNC, or web server, FTP, etc
>
the two connections have two differnet IPs on different networks. you'll 
need to run two DynDNS clients and sort all that out, you'll have two 
seperate possible hostnames to connect to from outside.

webserver, ftp server, etc would typically serve the content to either IP.

> The basic hardware layout I see is 3 nics, 1 GB RAM, 60 GB disk space. 
> 1 NIC for each WAN port, 1 NIC for my local net, some recent CPU.
>
> I have been browsing through the ?Linux Advanced Routing & Traffic 
> Control HOWTO,? but am still not on top of how to get done what I?m 
> looking for. I understand that there are probably products that I 
> could buy to do this, but my preference is to do it myself.
>
thats the document you need to understand, along with the rest of the 
stuff on http://netfilter.org

> --  Is it possible/hard/easy/trivial to share the load between the two 
> connections?  Have either link fail and things still work correctly?
http://en.wikipedia.org/wiki/Autonomous_system_(Internet)

Two connections from two different ISPs? You need a ASN. (not for load 
sharing...this is primarily to handle link failures)
> 
> --  What are the implications of two pipes for incoming connections such 
> as DynDNS based  remote desktop or VNC, or web server, FTP, etc
Incoming connections will hit either IP and use that IP for the duration 
of the connection provided that you have a DNS entry that round robins...
> 
>  
> 
> The basic hardware layout I see is 3 nics, 1 GB RAM, 60 GB disk space.  
> 1 NIC for each WAN port, 1 NIC for my local net, some recent CPU.
> 
>  
> 
> I have been browsing through the ?Linux Advanced Routing & Traffic 
> Control HOWTO,? but am still not on top of how to get done what I?m 
> looking for.  I understand that there are probably products that I could 
> buy to do this, but my preference is to do it myself.
I do have a box that has two connections from two different ips. I 
basically forget about load sharing. I setup multiple routing tables, 
some ip rules and basically assigned one link for vpn and server 
activity while the other link is used for office Internet connectivity 
and a few small things are shared like DNS. Nothing fancy...

If you are open to not using CentOS (which is wonderful), I would suggest
something like pfsense.  http://www.pfsense.com/
 
Based on M0n0wall and I think it will do what you are looking for.   This
would mean you would need a seperate set of hardware however.  As for
hardware, if you have an old machine around, it would probably work.  We use
WRAP boards from PC Engines and they do a great job.
http://www.pcengines.ch/wrap.htm
 
The WRAP board is being discontinued, but the new versions will be out
shortly.  You can still get them at Wisp-Router
(http://www.wisp-router.com/itemdesc.asp?ic=WRAP%2E1E23%2F1)
 
Hope that helps!
 
Andrew



________________________________

	From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]
On Behalf Of Raymond M. Subasic
	Sent: Thursday, July 19, 2007 1:03 AM
	To: 'CentOS mailing list'
	Subject: [CentOS] Multiple WAN link -- CentOS Suitability
	
	
	--> 

	My situation:

	I have a cable modem (COMCAST 6Mbit d/l) and am about to also have
DSL (Verizon 3 Mbit d/l).  I was thinking of using CentOS (4.4, 4.5, or 5??)
as a router/dhcp server/firewall for my home network consisting of 3 to 6
computers at any given time.  I seek the wisdom of the members of this list
on the following issues:

	 

	--  Is CENTOS a good direction to go?  I do not mind manually
configuring things or installing lots of packages, and am doing this as both
a learning experience for myself and proof of concept for a customer.

	--  Is it possible/hard/easy/trivial to share the load between the
two connections?  Have either link fail and things still work correctly?

	--  I plan to build a box for this job - looking for general
recommendations of how much horsepower (mem/disk space, etc) is required

	--  What are the implications of two pipes for incoming connections
such as DynDNS based  remote desktop or VNC, or web server, FTP, etc

	 

	The basic hardware layout I see is 3 nics, 1 GB RAM, 60 GB disk
space.  1 NIC for each WAN port, 1 NIC for my local net, some recent CPU.

	 

	I have been browsing through the "Linux Advanced Routing & Traffic
Control HOWTO," but am still not on top of how to get done what I'm
looking
for.  I understand that there are probably products that I could buy to do
this, but my preference is to do it myself.

	 

	Sorry if my questions are too basic.  Please feel free to tell me
off if so.  Thanks.

	 

	rsubasic