Linux router

Dallas Helquist plug-discuss@lists.plug.phoenix.az.us
Thu, 8 Aug 2002 13:09:36 -0600 

If your goal is to just have two private internal networks and one public
network, use the 3 interfaces.  If you want to experiment, use two
interfaces per internal network (run in bridged mode).  I would avoid
running two broadcast domains off the same interface.  It can be done..and
is fairly common - but if you've got the hardware,use it.  This will give
you the chance to test the throughput of your linux box, play with bandwidth
shaping, rate limiting, even some failover using the spare nics as backup.

IPtables/IPchains will both allow you to do NAT and firewalling.  It depends
on your kernel as to which you should use (2.4 == iptables, 2.2 ==
ipchains).  If you only want to allow the different networks to "see" each
other, simply do the following (as root): "echo '1' >
/proc/sys/net/ipv4/ip_forward", this will enable ip forwarding (routing..)
on the box.

Now, if you have some decent switching hardware, you could use 1 interface
for everything and just use .1q  trunking..but thats a whole nother story.

-dallas

----- Original Message -----
From: "der.hans" <PLUGd@LuftHans.com>
To: <plug-discuss@lists.plug.phoenix.az.us>
Sent: Thursday, August 08, 2002 12:42 PM
Subject: Re: Linux router


> Am 08. Aug, 2002 schwätzte Alaric Fox so:
>
> >        +-------+
> >    E1--|       |--E3
> >        |gateway|
> >    E2--|       |--E4
> >        +-------+
> >            |
> >            |
> >           E0
> >
> > E0 will be the "real" network, E1 and E2 will be on one private
> > network, and E3 and E4 will be on another private network.
>
> I would use two switches, one for each of the two internal networks. In
> fact, that *is* what I do :).
>
> You'd only need 3 interfaces and networking config will be much easier.
>
> ciao,
>
> der.hans
> --
> #  https://www.LuftHans.com/
> #  If you're not learning, you're not living. - der.hans
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>