dear users group- i have been reading the letters and posts for a while now...but things have changed. i had a simple firewall going with snort listening on an external port and i was getting things going...i have since moved and have access to two wireless aps- i plan on adding a dsl line or broadband in january and i want to make use of the bandwidth. i have thought about bridging and rebuilt to kernel 2.6.12 - 2.6.8 was a no go with xconfig and menuconfig (*I am running debian) My main goals are to serve pages using lamp stack. i have plenty of switches- should i just keep my bi quads/wrt54gs (running dd-wrt v23) on seperate subnets and run rsync over ssh and round robin dns? i am thinking that maybe keeping it simple is the best thing right now- I have not even gotten into the shell on the routers since i may be able to implement some load balancing there but i have heard that your protocol is going to work on only one connection anyways from a packet perspective. i need redundancy. I may tunnel to the office and serve from there (I don''t really expect to serve much over the wireless) i may do some spidering and crawling on any available bandwidth however. i have been fooling around with phpodp but need to cache the links in a ram drive- this is down the road. adding google ads to this script yeilds some good targeted ads but it is not really good enough when all you do is outsource- phpadsnew allows prop text based ads. sorry for disjointed blather but i hope you get the drift- any advice welcome- any chance that there is a web page with text from group that has been indexed? is making it searchable? this is perhaps outside scope but would be a nice hack- shuffles papers and sontinues to read old posts.....highlander.com there can only be one! talk to us about 3ware+iram+passive backplanes -- Best Regards, Shep Husted opensourceservers.com opensourcenetworks.com engineeredcomputer.com 1-207-409-4038 809 congress st. #7 portland, maine 04102
On Saturday 10 December 2005 22:51, shep husted wrote:> dear users group- i have been reading the letters and posts for a while > now...but things have changed. i had a simple firewall going with snort > listening on an external port and i was getting things going...i have since > moved and have access to two wireless aps- i plan on adding a dsl line or > broadband in january and i want to make use of the bandwidth. i have > thought about bridging and rebuilt to kernel 2.6.12 - 2.6.8 was a no go > with xconfig and menuconfig (*I am running debian) My main goals are to > serve pages using lamp stack. i have plenty of switches- should i just keep > my bi > quads/wrt54gs (running dd-wrt v23) on seperate subnets and run rsync over > ssh and round robin dns? i am thinking that maybe keeping it simple is the > best thing right now- I have not even gotten into the shell on the routers > since i may be able to implement some load balancing there but i have heard > that your protocol is going to work on only one connection anyways from a > packet perspective. i need redundancy. I may tunnel to the office and serve > from there (I don''t really expect to serve much over the wireless) i may do > some spidering and crawling on any available bandwidth however. i have been > fooling around with phpodp but need to cache the links in a ram drive- this > is down the road. adding google ads to this script yeilds some good > targeted ads but it is not really good enough when all you do is outsource- > phpadsnew allows prop text based ads. sorry for disjointed blather but i > hope you get the drift- any advice welcome- any chance that there is a web > page with text from group that has been indexed? is making it searchable? > this is perhaps outside scope but would be a nice hack- shuffles papers and > sontinues to read old posts.....highlander.com there can only be one! talk > to us about 3ware+iram+passive backplanes >Did you really intend to sent this to the Shorewall list? If so, I can''t make heads or tails out of what you are asking from us. There *are* searchable indexes of the Mailing List Archives -- one is linked from the top of the Shorewall home page; the other is at http://lists.shorewall.net (old mailing list before it moved to Sourceforge this past summer). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
shep husted wrote:> dear users group- i have been reading the letters and posts for a while > now...but things have changed. i had a simple firewall going with snort > listening on an external port and i was getting things going...[SNIP]shep: take a rest , drink some coffee, and then explain us what the .. are you trying to say ..
ok I have two wireless links- i was thinking of using bridging to combine the wireless links but after reading a bit i found out that it is sort of a compromise in terms of absolute bandwidth...i think I would be better off (possibly) by just using the access points (I am in client mode with wrt54g running dd-wrt) in discrete fashion i.e. just running seperate boxes off of each one to do the routing etc I know i can open a shell on the routers but I have not gotten to that stage yet, still you can do a lot with just the gui like samba and such. I think the latest firmware may be a big step as they are going to integrate some sort of apt-get schema. I plan on adding a dsl line in january and i want to serve up some pages. My questions are- is there a certain configuration that will allow me to control the bandwidth optimally? for redundancy perposes should i use round robin dns and rsync( and avoid setting up bridged nics), I may have a dedicated machine to take snapshot images of the machines, I plan on using ssh extensively and exclusively on the wireless side of things. i have about 5 machines i think i am going to run 2 servers (debian and w32server), 2 router boxes and the backup/client machine i plan on serving all kinds of stuff (cms/forums/indexes/rss agregators) using lamp/wamp stack. I am going to serve indexes through the wired connection and spider and crawl through the wireless; I use phpodp and google ads but need to get static links in a ramdrive 3 million links take up around 200 meg. The sites are down right now. I want to enable businesses so whatever a small soho lan will run i will run and a bit more. I have not gotten into vlans or aliasing that much. I have read some things about the shaper and also a product online called the arbitrator. I know squat about cisco but know that bgp is a protocol that queries for best response- i suspect that this may be beyond my scope and semi off topic but there you have it- a semi coherent discription of my situation- any and all criticism appreciated. I have a couple of machines down the street at a friends office as well and plan on est tunnels to them- i may have to tunnel them out as well since road runner has draconian hosting policies (even with a biz account you can''t run a web server unless you go through them- (another upsell) and ingress filters. You can do it but i think they just shut down dns requests- they are authoritative on that block. ok so there you have it the general layout i may use samba to administer the windows domain and am only a beginner at setting up active directory and stuff (I am working on it) but plan to get a lpi in linux sys admin soon and then who knows? best regards, shep On 12/11/05, Cristian Rodriguez <judas_iscariote@shorewall.net> wrote:> > shep husted wrote: > > dear users group- i have been reading the letters and posts for a while > > now...but things have changed. i had a simple firewall going with snort > > listening on an external port and i was getting things going...[SNIP] > > shep: > > take a rest , drink some coffee, and then explain us what the .. are you > trying to say .. > > > > >-- Best Regards, Shep Husted opensourceservers.com opensourcenetworks.com engineeredcomputer.com 1-207-409-4038 809 congress st. #7 portland, maine 04102
On Sunday 11 December 2005 18:35, shep husted wrote:> ok I have two wireless links- i was thinking of using bridging to combine > the wireless links but after reading a bit i found out that it is sort of > a compromise in terms of absolute bandwidthShep: What specifically was your question again? Note: Paragraphs are your friend. They help you organize your thoughts. The prevent stream of consciousness rambling. -- John Andersen - NORCOM http://www.norcomsoftware.com/ ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
well i guess i am just going to build it and find out what works it is really that simple. geronimo On 12/12/05, John Andersen <jsa@norcomix.dyndns.org> wrote:> > On Sunday 11 December 2005 18:35, shep husted wrote: > > ok I have two wireless links- i was thinking of using bridging to > combine > > the wireless links but after reading a bit i found out that it is sort > of > > a compromise in terms of absolute bandwidth > > Shep: What specifically was your question again? > > Note: Paragraphs are your friend. They help you organize > your thoughts. The prevent stream of consciousness rambling. > > -- > John Andersen - NORCOM > http://www.norcomsoftware.com/ > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Best Regards, Shep Husted opensourceservers.com opensourcenetworks.com engineeredcomputer.com 1-207-409-4038 809 congress st. #7 portland, maine 04102
I''ve tried to respond to those parts of your post that I thought I understood. On Sunday 11 December 2005 19:35, shep husted wrote:> ok I have two wireless links- i was thinking of using bridging to combine > the wireless links but after reading a bit i found out that it is sort of a > compromise in terms of absolute bandwidth...i think I would be better off > (possibly) by just using the access points (I am in client mode with wrt54g > running dd-wrt) in discrete fashion i.e. just running seperate boxes off of > each one to do the routing etcOr you could use Shorewall MultiISP support (http://www.shorewall.net/MultiISP.html) off of a single box.> I know i can open a shell on the routers but > I have not gotten to that stage yet, still you can do a lot with just the > gui like samba and such.Samba on a wrt54g!!!???> I plan on adding a > dsl line in january and i want to serve up some pages. My questions are- is > there a certain configuration that will allow me to control the bandwidth > optimally? for redundancy perposes should i use round robin dns and rsync( > and avoid setting up bridged nics), I may have a dedicated machine to take > snapshot images of the machines, I plan on using ssh extensively and > exclusively on the wireless side of things.I personally prefer OpenVPN to SSH port forwarding (if that''s what you are talking about). I don''t have a good solution for you as far as server redundancy. A simple round-robin DNS will only provide good service if all of the links are up. I suppose you could set the TTL for the DNS entries to a low value and manipulate your zone definition in your monitoring script (see below). For outgoing bandwidth control, you can use the traffic shaping capability built into Shorewall. It is difficult to "use the bandwidth optimally" because each connection must be assigned statically to an uplink. Shorewall''s traffic shaping will only shape traffic to each link individually.> I know squat about cisco but know that bgp is a > protocol that queries for best response- i suspect that this may be beyond > my scope and semi off topic but there you have it- a semi coherent > discription of my situationThe choice of routing protocol is usually made by the ISP -- beware most consumer/SOHO DSL services don''t offer ANY routing protocol support. That''s why people resort to a shell scripts such as have been posted on the user''s list. These simple scripts monitor the links using ''ping'' and adjust the packet marking accordingly (which in turn determines which link is used for outgoing traffic). You can use the "balance=<weight>" feature in Shorewall''s provider file to give preference to faster links for new outgoing connections. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key