[TriLUG] why is it slow?

Greg Cox glcox at pobox.com
Fri Sep 15 03:23:34 EDT 2006


> The typical way to handle this problem is at the name space level.

Not the original poster, but...

One reason I don't like handling this via DNS is that I don't have a
static IP, and I like living with one dyndns name on the outside
interface.  And I don't get to manage views with them.  And to me it's
kinda cool to have one name that always works, whether I'm home or away.

> that this is dramatically easier to do on an honest-to-god router.

I think it's not the Linux tools, so much as the network layout.  It
becomes easier when you segment up the network to where you use the
gateway box like a router.  Most of the problems I'm hearing are from
trying to do this magic routing all on one internal network, which is
going to kill you ded.


My setup: cablemodem to liveCD linux router.  Router with 4 internal VLAN
interfaces (DMZ, wired desktop network, WPA2 trusted wireless, WEP
untrusted wireless (for the NintendoDS)) to VLAN-aware switch, with a
bastion server on the DMZ VLAN.

Currently I have a rule on the router:
-A PREROUTING ! -i vlan2 -p tcp -m tcp --dport 22 -j DNAT --to
192.168.2.20

Now, actually, that rule stinks since it means I can't ssh out from my
lappy to the world, but, I never do that from not-the-DMZ anyway, so, it's
kinda ok.  I should really do something like (untested!):

-A PREROUTING ! -i vlan2 -m addrtype --dst-type LOCAL -p tcp -m tcp
--dport 22 -j DNAT --to 192.168.2.20

But the cdrouter I'm using, its iptables version is too old to use addrtype
and I'm too lazy to roll my own CD.


VLAN'ing your home is probably more than most people want to monkey
with, but it's pretty cool once it's all set.  The Dell 27(08|16|24)
PowerConnects are cheap gigabits and don't do badly for a core switch
for home/SOHO.  Interface is terrible, but, you probably won't touch it
often.



More information about the TriLUG mailing list