[TriLUG] Dual-homed Internet?

Clay Stuckey cstuckey at govsg.com
Fri Oct 22 09:39:58 EDT 2010 

A few thoughts here... 
What you are building is a router. Your traffic will not go to disk so the hard drive will be of little importance. 

severely-hardened != webmin. 

If security is a concern, here are my real-world recommendations:
-Only expose the ports you need 
-Use an enterprise OS that patches to DoD standards on a regular basis such as RHEL
-only install what you need. Start with a base (no core) install then add from there
- if you are getting a T1, request 2 subnets so that you can stand up a firewall between the subnets that only serves as a firewall. Then stand up your other hosts behind it in a DMZ. This typically means a /28 and a /27 subnet.
-I personally prefer hand-built firewall/routing solutions as opposed to canned solutions. It helps you to better learn what you are doing.

Clay


-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf Of Paul Bennett
Sent: Friday, October 22, 2010 9:27 AM
To: TriLUG
Subject: [TriLUG] Dual-homed Internet?

Hi,

Any tips, tricks, suggestions, or gotchas regarding dual-homed setup?

At home, my wife and I currently run two DSL lines. For some time, I've been meaning to install a smart load-balancer to effectively share both lines between both our PCs. It's never been a priority because, well, DSL's DSL, and 2 * DSL / 2 == DSL.

However, because she works from home, we're going to be replacing one of the DSL lines with a T1, in order to get stability, guaranteed ping, and guaranteed uptime.

Therefore, setting up something clever has become a bigger priority. I want to get set up so that ping-sensitive traffic goes to the T1 line, and bandwidth-hungry traffic goes to the DSL line, among other things. Also, since we'll have several static external IPs, I'm thinking some 1:1 NAT would be good for our SIP devices and a web server.

I'm thinking a severerly-hardened Gentoo box running Shorewall, with Webmin, Nagios & MRTG, on a low-end Core2 Duo with 4GB of RAM and a 10Krpm hard drive and/or cheap SSD.

Anything I should know (especially about Shorewall) before I start RTFM?



Thanks,



--
Paul
--
This message was sent to: Clay Stuckey <cstuckey at govsg.com> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	: http://www.trilug.org/mailman/options/trilug/cstuckey%40govsg.com
TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list