[WBEL-users] Layer 3 Routing

[Alon]

Hi Terry,

The reason I indicated the hardware that is apparently by-far an overkill is 
due to the fact that I simply happen to have
6 systems with that configuration (I purchased 8 identical hw config). So 
the money is already out of pocket and it is
just a matter of putting the hardware to good use.
I'll use IDE instead of SATA if that is preferred work settings (I have few 
configurations with IDE and few with SATA
so again it is immaterial for me to use one or the other).
YES!  part of the reasons I want to go with the linux box option is due to 
the fact that THIS IS MY GATEWAY!
If that breaks,. I'm dead in the water with 30 servers disconnected and 
probably hundreds of calls of angry customers
complaining about this.
So,. having a generic box that I can replicate and keep as a spare is 
exactly how I want to approach this.
If all it would take to switch between the systems is just moving the 
physical wires from one machine to the next,. then I'm
very happy with such a solution.
And yes.. labeling with colors of To-NOC  / To-Cabinet is easy to to do.

Focusing specifically on the Network Layer 3 Routing setup steps (taken from 
Vic's reply):

1) Install WBEL
Version 3 or 4 does it matter?
Desktop? Server? GUI? Non GUI?
Up until today I've only used WBEL for webhosting and used DirectAdmin with 
a Server shell command only.

2) Install Webmin
Webmin - is that part of the WBEL or is this a diff software that I need to 
install?

3) Go to Webmin->Networking->Network Configuration->Routing and Gateways
4) Add routes to your heart's content :-)
Is there any indication there for a Layer 3 Routing or is this transparent?

Thanks,

- Alon
js at wsco.com


From: "Terry Henderson"
To: "Alon" <js at wsco.com>
Sent: Saturday, June 03, 2006 4:34 PM
Subject: Re: [WBEL-users] Layer 3 Routing


> On 6/2/06, Alon <js at wsco.com> wrote:
>>
>>
>> Hi All,
>>
>> This is not a WBEL specific question, but I thought perhaps you could 
>> throw
>> some pointers on how to address this:
>>
>> I want to move to a new NOC that has all the bells and whistles that I 
>> want
>> including a better pricing per server (if I take a full cabinet).
>> However, the NOC requires me to manage my own gateway and as a 
>> requirement I
>> need to have a Layer 3 Routing box.
>>
>> They love to offer various ready-out of the box solutions which are very
>> nice and of course are very costly:
>>
>> Fortigate 200A is a solution they propose. This solution offers not just
>> Layer 3 Routing, but also adds a Firewall, SpamChild and Anti-Virus and
>> DDoS protection.
>>
>> While all the additives are great,.. except the Firewall, there is really 
>> no
>> added value to my specific needs.
>>
>> So,. I am looking to 'build' my own Layer 3 Router with Firewall and it
>> seems that Linux is the perfect suite for this device.
>>
>> With that said,. I'm a newbie when it all comes down to Routing and IP 
>> mgmt.
>> Until today all my IP mgmt were basically narrowed to:  Setup --> Network
>> Mgmt --> set IP, DNS and Gateway values.  And occionly
>> add few more IPs to the server, and even that was done via DirectAdmin
>> control panel.
>>
>> So,. I'm looking to learn a bit more about how to create my 'own Layer 3
>> Routing Gateway'.
>>
>> The hardware that will be used as a dedicated box is:  Pentium 4 3.0Ghz 
>> with
>> 2MB Cache, 1GB of RAM and 80GB SATA HD.
>> I'll add 2 Gbit network PCI cards to the onboard 10/100 NIC.
>> I was told this will probably be even an Overkill with regards of Layer 3
>> Routing Gateway needs.
>> My regular total MRTG traffic stands at about 30MB with peeks of 70MB at
>> times.
>>
>
> That is somewhat of an overkill. You would do just fine with a LOT
> less. Like a 500M or 1G processor with 256-512M ram and a 5-10G HD.
> And I use IDE or SCSI drives not SATA.  It's best to customize the
> hardware to fit application needs.
>
> What I like is a par of [low end] machines all set up and ready,
> sitting there side by side, but only one is plugged into the network.
> (Preferably identical.)
> I label the NICs with a black magic marker so that there's no
> confusion, and I also label the cables  (mine are labeled, RED GREEN
> ORANGE & BLUE).
> Although it only takes 15 minutes to re-install and load up the
> back-up config files to re-create your firewall should  you ever have
> some sort of hardware failure, you would first have to go out and get
> the broken part, and besides that, if you're not around, someone else
> can just swap the cables over and power up the backup machine and your
> back in business.
>
> The back-up configuration file takes care of all network address
> assignments and all other special configurations to that point, such
> as opening ports for particular users, special configurations for your
> various servers, etc.. ALL of it is backed up on a single file that
> will be automatically uncompressed and it's files dispersed to proper
> locations.
>
> Having two identical machines sitting there side by side is best
> though [IMO].  Although I've yet to have a one fail, it's nice to know
> it's there and ready to go, and that there's plenty of time to fix the
> problem.  And besides,  if you ever need to take the machine down for
> some sort of service ... bearings go out in a fan or ... well you can
> see what I mean, it's just nice to have.
>
> The backup feature is nice to use.  With a click of a mouse, IPCop
> will create a complete set of backup config files that you save on a
> separate machine that you can load on another machine after the
> re-install process, and you can do it with or without hardware config,
> (you only use hardware configuration if the machines are identical) -
> and in the end, you've built a new firewall in only 15 minutes and
> it's ready to use.
>
> It will also create backup on floppy and you use the floppy during the
> re-install process but it does hardware configuration and it either
> has to be the same machine or one with identical hardware, (and that
> means identical NICs too).
>
>> I do want to have the active firewall present with packet stateful
>> inspection and whatever I throw in to better protect my network.
>>
>> But other than that,. I don't have any more demands.
>>
>> Can you suggest of a ready made solution or give me pointers of how to
>> approach this?
>>
>> For firewall solutions I was told about:  http://ipcop.org    Has anyone 
>> had
>> experience with this?
>>
>> Thanks,
>>
>> -Alon.
>>
>> _______________________________________________
>> Whitebox-users mailing list
>> Whitebox-users at beau.org
>> http://beau.org/mailman/listinfo/whitebox-users
>>
>>
>>
>
>
> -- 
> Registered Linux User 188099
>                  <><
>