Discussion:
[CP-LUG] Newbie questions
(too old to reply)
Greg Spangler
2002-11-04 17:31:50 UTC
Permalink
1. Which distribution should I use? (Debian, FreeBSD, Mandrake, RedHat, SuSE or other)

2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM, 10Gb HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as a web server, firewall, post office (for 6 - 12 users) and VPN gateway for (1 - 4 users) and if not how many boxes (and how much horsepower) will I need to accomplish this?

3. Regarding web server setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

4. Regarding firewall setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

5. Regarding post office setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

6. Regarding VPN gateway setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

7. Assuming all this can be setup on one (or two) boxes, can I remotely administrate (and experiment with additional applications) from a Linux partition on my personal Windows XP (NTFS) laptop?

8. Looking at all the various packages that are included with any of the Linux distributions, I'd like to only install the packages that I would need (plus a some applications like Star Office & Gimp on the laptop.) Which do I want to install to accomplish my goals without overloading my HD with things I'll never use? (Please note I'm not a programmer and I've already got more than enough Windows games.)

9. Are there any utilities I will need (other than Partition Magic?)

10. What are some of the other issues I haven't thought of but should address? (Sorry I know this one is especially vague.)
Chuck Vohs
2002-11-04 17:53:58 UTC
Permalink
I am way new at this stuff, but will give you my answers inline:
-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of Greg
Spangler
Sent: Monday, November 04, 2002 12:32 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: [CP-LUG] Newbie questions


1. Which distribution should I use? (Debian, FreeBSD, Mandrake, RedHat, SuSE
or other)

I use RedHat 7.3

2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM, 10Gb HD,
Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as a web server,
firewall, post office (for 6 - 12 users) and VPN gateway for (1 - 4 users) and
if not how many boxes (and how much horsepower) will I need to accomplish this?

I use one box such as this as my firewall and gateway.

I use another box, PIII 512mb 40gb, for my services, www, ftp, mail, dns, etc.

3. Regarding web server setup and administration, can this only be done from
the command line or can this be accomplished using either the KDE or GNOME GUI
interfaces?

I used cpanel.net for this initially, but it is too costly...so now I am using
webmin (free).

4. Regarding firewall setup and administration, can this only be done from the
command line or can this be accomplished using either the KDE or GNOME GUI
interfaces?

Easy text file, I use http://www.shadowweb.org/fwscript/



5. Regarding post office setup and administration, can this only be done from
the command line or can this be accomplished using either the KDE or GNOME GUI
interfaces?

Again, cpanel handle this.

6. Regarding VPN gateway setup and administration, can this only be done from
the command line or can this be accomplished using either the KDE or GNOME GUI
interfaces?

webmin works for this.

7. Assuming all this can be setup on one (or two) boxes, can I remotely
administrate (and experiment with additional applications) from a Linux
partition on my personal Windows XP (NTFS) laptop?

I do! Works great.

8. Looking at all the various packages that are included with any of the Linux
distributions, I'd like to only install the packages that I would need (plus a
some applications like Star Office & Gimp on the laptop.) Which do I want to
install to accomplish my goals without overloading my HD with things I'll never
use? (Please note I'm not a programmer and I've already got more than enough
Windows games.)

I installed the bare minimum in text format, then used cpanel.net to do the
rest...it installs only what you need to do the server stuff.

9. Are there any utilities I will need (other than Partition Magic?)

Always...but I can't think of any right now.



10. What are some of the other issues I haven't thought of but should address?
(Sorry I know this one is especially vague.)

Who will win the Super Bowl this year?
alayne helmus
2002-11-04 18:17:24 UTC
Permalink
the Eagles, of course...............
Chuck Vohs <fuzzie-***@public.gmane.org> wrote:I am way new at this stuff, but will give you my answers inline: -----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of Greg Spangler
Sent: Monday, November 04, 2002 12:32 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: [CP-LUG] Newbie questions


1. Which distribution should I use? (Debian, FreeBSD, Mandrake, RedHat, SuSE or other)

I use RedHat 7.3

2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM, 10Gb HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as a web server, firewall, post office (for 6 - 12 users) and VPN gateway for (1 - 4 users) and if not how many boxes (and how much horsepower) will I need to accomplish this?

I use one box such as this as my firewall and gateway.

I use another box, PIII 512mb 40gb, for my services, www, ftp, mail, dns, etc.

3. Regarding web server setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

I used cpanel.net for this initially, but it is too costly...so now I am using webmin (free).

4. Regarding firewall setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

Easy text file, I use http://www.shadowweb.org/fwscript/



5. Regarding post office setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

Again, cpanel handle this.

6. Regarding VPN gateway setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

webmin works for this.

7. Assuming all this can be setup on one (or two) boxes, can I remotely administrate (and experiment with additional applications) from a Linux partition on my personal Windows XP (NTFS) laptop?

I do! Works great.

8. Looking at all the various packages that are included with any of the Linux distributions, I'd like to only install the packages that I would need (plus a some applications like Star Office & Gimp on the laptop.) Which do I want to install to accomplish my goals without overloading my HD with things I'll never use? (Please note I'm not a programmer and I've already got more than enough Windows games.)

I installed the bare minimum in text format, then used cpanel.net to do the rest...it installs only what you need to do the server stuff.

9. Are there any utilities I will need (other than Partition Magic?)

Always...but I can't think of any right now.



10. What are some of the other issues I haven't thought of but should address? (Sorry I know this one is especially vague.)

Who will win the Super Bowl this year?



---------------------------------
Do you Yahoo!?
HotJobs - Search new jobs daily now
MIS
2002-11-04 19:14:57 UTC
Permalink
On Monday 04 November 2002 12:53 pm, Chuck Vohs wrote:
> I am way new at this stuff, but will give you my answers inline:
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> Greg Spangler
> Sent: Monday, November 04, 2002 12:32 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: [CP-LUG] Newbie questions
>
>
> 1. Which distribution should I use? (Debian, FreeBSD, Mandrake, RedHat,
> SuSE or other)
>
> I use RedHat 7.3

I recommend Mandrake 9.0 for a newbie. It's great for regular users too.

>
> 2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM, 10Gb
> HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as a
> web server, firewall, post office (for 6 - 12 users) and VPN gateway for (1
> - 4 users) and if not how many boxes (and how much horsepower) will I need
> to accomplish this?
>
> I use one box such as this as my firewall and gateway.
>
> I use another box, PIII 512mb 40gb, for my services, www, ftp, mail, dns,
> etc.

I can run web, ftp, mail, and gateway/firewall w/ a pentium 133. I don't
notice any speed issues whatsoever. I would guess I could load DNS and VPN
endpoint and still be fine. My wife uses the machine as a KDE workstation
through VNC, and it runs like a dog. But if I removed that I'm certain DNS
and VPN would be fine. It has like 2GB of HD or so. It has maybe 64MB ram.
So the way I see it, it can handle any network services I want to put on it,
it's only a GUI that slows it down. (webmin would be included as a network
service).


>
> 3. Regarding web server setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> I used cpanel.net for this initially, but it is too costly...so now I am
> using webmin (free).
>
> 4. Regarding firewall setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> Easy text file, I use http://www.shadowweb.org/fwscript/
>
>
>
> 5. Regarding post office setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> Again, cpanel handle this.
>
> 6. Regarding VPN gateway setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> webmin works for this.
>
> 7. Assuming all this can be setup on one (or two) boxes, can I remotely
> administrate (and experiment with additional applications) from a Linux
> partition on my personal Windows XP (NTFS) laptop?
>
> I do! Works great.
>
> 8. Looking at all the various packages that are included with any of the
> Linux distributions, I'd like to only install the packages that I would
> need (plus a some applications like Star Office & Gimp on the laptop.)
> Which do I want to install to accomplish my goals without overloading my HD
> with things I'll never use? (Please note I'm not a programmer and I've
> already got more than enough Windows games.)
>
> I installed the bare minimum in text format, then used cpanel.net to do
> the rest...it installs only what you need to do the server stuff.
>
> 9. Are there any utilities I will need (other than Partition Magic?)
>
> Always...but I can't think of any right now.
>
>
>
> 10. What are some of the other issues I haven't thought of but should
> address? (Sorry I know this one is especially vague.)
>
> Who will win the Super Bowl this year?


Matt
Greg Spangler
2002-11-06 05:17:09 UTC
Permalink
Thanks for the reply Chuck, some of your answers I think will be very helpful. I'd looked at the latest RedHat but finally decided to spend some of my boss' money on the new Mandrake 9.0 Pro Suite distribution. >From everything I've read it's very similar to RedHat, the easiest to install and often recommended over other distributions for those with no Linux/Unix experience. I've thought of a couple more questions and was hoping you might help with those as well. First, I was wondering how large should I make the swap file? With Windows I've always used the rule of thumb that the swap file should be twice the size of physical RAM (assuming at least 128mb RAM.) Does that hold true for Linux as well? Also you said you've seperated the tasks I'm trying to accomplish between 2 boxes of comparable power. Yet another of you said they're accomplishing all these things with a single box of considerably less power. From the sound of that system I'd guess they're not using it for as many users nor in a business setting, but will I really need to use two boxes or can I possibly get by for awhile using the single box and say increase the amount of RAM to 512mb or more? Finally any ideas how difficult this will be to incorporate with our Windows based network? Any ideas that might make this incorporation less painful? I'm really starting to look forward to this project and have hopes that I might eventually convert our company to Linux using the Star Office Suite a put and end to the endless Microsoft Money Pit we're currently bogged down with.
----- Original Message -----
From: Chuck Vohs
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Sent: Monday, November 04, 2002 12:53 PM
Subject: RE: [CP-LUG] Newbie questions


I am way new at this stuff, but will give you my answers inline:
-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of Greg Spangler
Sent: Monday, November 04, 2002 12:32 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: [CP-LUG] Newbie questions


1. Which distribution should I use? (Debian, FreeBSD, Mandrake, RedHat, SuSE or other)

I use RedHat 7.3

2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM, 10Gb HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as a web server, firewall, post office (for 6 - 12 users) and VPN gateway for (1 - 4 users) and if not how many boxes (and how much horsepower) will I need to accomplish this?

I use one box such as this as my firewall and gateway.

I use another box, PIII 512mb 40gb, for my services, www, ftp, mail, dns, etc.

3. Regarding web server setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

I used cpanel.net for this initially, but it is too costly...so now I am using webmin (free).

4. Regarding firewall setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

Easy text file, I use http://www.shadowweb.org/fwscript/



5. Regarding post office setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

Again, cpanel handle this.

6. Regarding VPN gateway setup and administration, can this only be done from the command line or can this be accomplished using either the KDE or GNOME GUI interfaces?

webmin works for this.

7. Assuming all this can be setup on one (or two) boxes, can I remotely administrate (and experiment with additional applications) from a Linux partition on my personal Windows XP (NTFS) laptop?

I do! Works great.

8. Looking at all the various packages that are included with any of the Linux distributions, I'd like to only install the packages that I would need (plus a some applications like Star Office & Gimp on the laptop.) Which do I want to install to accomplish my goals without overloading my HD with things I'll never use? (Please note I'm not a programmer and I've already got more than enough Windows games.)

I installed the bare minimum in text format, then used cpanel.net to do the rest...it installs only what you need to do the server stuff.

9. Are there any utilities I will need (other than Partition Magic?)

Always...but I can't think of any right now.



10. What are some of the other issues I haven't thought of but should address? (Sorry I know this one is especially vague.)

Who will win the Super Bowl this year?
Matt Grab
2002-11-06 06:05:37 UTC
Permalink
Just to add more information, I am using another P133 at work as a gateway.
It does routing and firewalling for 30 users. It also hosts 1 dial-up modem
as a remote access modem. There are no performance issues. As per your #2,
I'd say without any doubt that my P133 could handle those 6-10 users without
breaking a sweat. Somebody jump in if they have any other ideas about
performance. If you had listed X as something you wanted to do, that would
make a huge difference. If you had listed fileserver, that would make a
difference also, but I'm not sure how much.
Matt


On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> Thanks for the reply Chuck, some of your answers I think will be very
> helpful. I'd looked at the latest RedHat but finally decided to spend some
> of my boss' money on the new Mandrake 9.0 Pro Suite distribution. From
> everything I've read it's very similar to RedHat, the easiest to install
> and often recommended over other distributions for those with no Linux/Unix
> experience. I've thought of a couple more questions and was hoping you
> might help with those as well. First, I was wondering how large should I
> make the swap file? With Windows I've always used the rule of thumb that
> the swap file should be twice the size of physical RAM (assuming at least
> 128mb RAM.) Does that hold true for Linux as well? Also you said you've
> seperated the tasks I'm trying to accomplish between 2 boxes of comparable
> power. Yet another of you said they're accomplishing all these things with
> a single box of considerably less power. From the sound of that system I'd
> guess they're not using it for as many users nor in a business setting, but
> will I really need to use two boxes or can I possibly get by for awhile
> using the single box and say increase the amount of RAM to 512mb or more?
> Finally any ideas how difficult this will be to incorporate with our
> Windows based network? Any ideas that might make this incorporation less
> painful? I'm really starting to look forward to this project and have hopes
> that I might eventually convert our company to Linux using the Star Office
> Suite a put and end to the endless Microsoft Money Pit we're currently
> bogged down with. ----- Original Message -----
> From: Chuck Vohs
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Sent: Monday, November 04, 2002 12:53 PM
> Subject: RE: [CP-LUG] Newbie questions
>
>
> I am way new at this stuff, but will give you my answers inline:
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf
> Of Greg Spangler Sent: Monday, November 04, 2002 12:32 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: [CP-LUG] Newbie questions
>
>
> 1. Which distribution should I use? (Debian, FreeBSD, Mandrake, RedHat,
> SuSE or other)
>
> I use RedHat 7.3
>
> 2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM,
> 10Gb HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as
> a web server, firewall, post office (for 6 - 12 users) and VPN gateway for
> (1 - 4 users) and if not how many boxes (and how much horsepower) will I
> need to accomplish this?
>
> I use one box such as this as my firewall and gateway.
>
> I use another box, PIII 512mb 40gb, for my services, www, ftp, mail,
> dns, etc.
>
> 3. Regarding web server setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> I used cpanel.net for this initially, but it is too costly...so now I
> am using webmin (free).
>
> 4. Regarding firewall setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> Easy text file, I use http://www.shadowweb.org/fwscript/
>
>
>
> 5. Regarding post office setup and administration, can this only be
> done from the command line or can this be accomplished using either the KDE
> or GNOME GUI interfaces?
>
> Again, cpanel handle this.
>
> 6. Regarding VPN gateway setup and administration, can this only be
> done from the command line or can this be accomplished using either the KDE
> or GNOME GUI interfaces?
>
> webmin works for this.
>
> 7. Assuming all this can be setup on one (or two) boxes, can I remotely
> administrate (and experiment with additional applications) from a Linux
> partition on my personal Windows XP (NTFS) laptop?
>
> I do! Works great.
>
> 8. Looking at all the various packages that are included with any of
> the Linux distributions, I'd like to only install the packages that I would
> need (plus a some applications like Star Office & Gimp on the laptop.)
> Which do I want to install to accomplish my goals without overloading my HD
> with things I'll never use? (Please note I'm not a programmer and I've
> already got more than enough Windows games.)
>
> I installed the bare minimum in text format, then used cpanel.net to do
> the rest...it installs only what you need to do the server stuff.
>
> 9. Are there any utilities I will need (other than Partition Magic?)
>
> Always...but I can't think of any right now.
>
>
>
> 10. What are some of the other issues I haven't thought of but should
> address? (Sorry I know this one is especially vague.)
>
> Who will win the Super Bowl this year?
Chris Carbaugh
2002-11-06 14:41:43 UTC
Permalink
It has always been recommended to have as few services running on a
machine acting as a firewall. To me, this always meant a dedicated box
for firewall/gateway services. For this role, check out
leaf.sourceforge.net. This is an embedded type distro, built
specifically for firewalls.

I used to run an old version of this on my 512kb/s cable modem, running
on a 486 at 33Mhz, 16MB RAM. The box had no problems running
firewall/NAT/DNS services. And as far as I know, the number of boxes
behind the firewall doesn't really matter. It's the bandwidth of the
pipe your securing. I believe reading on the LEAF mailing list that a
old 486 can handle a full T (1.5Mbps) with no problems.

Once you get a secure firewall in place, you can relax a little on the
box that's actually serving content. You can close ports you don't need
at the firewall. You just need to be sure you keep your daemons up to
date that are public.

Check out LEAF, there's lots of great info there.

Chris



On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> Just to add more information, I am using another P133 at work as a gateway.
> It does routing and firewalling for 30 users. It also hosts 1 dial-up modem
> as a remote access modem. There are no performance issues. As per your #2,
> I'd say without any doubt that my P133 could handle those 6-10 users without
> breaking a sweat. Somebody jump in if they have any other ideas about
> performance. If you had listed X as something you wanted to do, that would
> make a huge difference. If you had listed fileserver, that would make a
> difference also, but I'm not sure how much.
> Matt
>
>
> On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
<snip>
Greg Spangler
2002-11-06 21:17:37 UTC
Permalink
Thanks Chris, that's some good advice. I've been rethinking the firewall
issue anyway and believe I'm going to use a hardware firewall rather than
devote one of our machines and your suggestion seems to confirm this
thought. Thanks.


----- Original Message -----
From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Wednesday, November 06, 2002 9:41 AM
Subject: Re: [CP-LUG] Newbie questions


> It has always been recommended to have as few services running on a
> machine acting as a firewall. To me, this always meant a dedicated box
> for firewall/gateway services. For this role, check out
> leaf.sourceforge.net. This is an embedded type distro, built
> specifically for firewalls.
>
> I used to run an old version of this on my 512kb/s cable modem, running
> on a 486 at 33Mhz, 16MB RAM. The box had no problems running
> firewall/NAT/DNS services. And as far as I know, the number of boxes
> behind the firewall doesn't really matter. It's the bandwidth of the
> pipe your securing. I believe reading on the LEAF mailing list that a
> old 486 can handle a full T (1.5Mbps) with no problems.
>
> Once you get a secure firewall in place, you can relax a little on the
> box that's actually serving content. You can close ports you don't need
> at the firewall. You just need to be sure you keep your daemons up to
> date that are public.
>
> Check out LEAF, there's lots of great info there.
>
> Chris
>
>
>
> On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> > Just to add more information, I am using another P133 at work as a
gateway.
> > It does routing and firewalling for 30 users. It also hosts 1 dial-up
modem
> > as a remote access modem. There are no performance issues. As per your
#2,
> > I'd say without any doubt that my P133 could handle those 6-10 users
without
> > breaking a sweat. Somebody jump in if they have any other ideas about
> > performance. If you had listed X as something you wanted to do, that
would
> > make a huge difference. If you had listed fileserver, that would make a
> > difference also, but I'm not sure how much.
> > Matt
> >
> >
> > On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> <snip>
>
>
>
>
Chris Carbaugh
2002-11-06 22:05:27 UTC
Permalink
I would suggest spending money on a dedicated box for a firewall or even
using an existing one instead of a firewall appliance. It's been a
while since I researched them, but a PC with linux and a few NICs will
beat any sub ~$2000 firewall product. Some with additional per user
licenses.

Many firewall devices are either very limited, or very expensive.

Here's a scenario:

You start now with a dedicated box running LEAF. It's just a simple box
with two NICs that provides firewall services, NAT (Network Address
Translation) for your clients, and forwards ports 80/110/25 etc to a
dedicated Web/mail server. ~20 minutes and your up and running, on a
486 that most of us have 3 of in the basement (or that can be had very
cheaply).

As your abilities with linux grow, as do the needs of your business, you
expand what you have, with nothing more than an additional NIC and some
configuration. We're talking setting up a DMZ zone (a private subnet
for all your publicly accessible boxes) round robin DNS for multiple
laod balancing web servers, VPN across the web from subnet to subnet,
single PC to subnet, IDS (Intrusion Detection System), etc.

These are just a few possibilities of the top of my head. The power and
flexibility that linux on the perimeter of your LAN can give you are
amazing.

O.K. rants over. I'm getting cable hooked up at my new place tomorrow,
and so will be setting up the latest version of LEAF, if your
interested, I'll let you know how it goes.

Anybody else interested in this?

Chris




On Wed, 2002-11-06 at 16:17, Greg Spangler wrote:
> Thanks Chris, that's some good advice. I've been rethinking the firewall
> issue anyway and believe I'm going to use a hardware firewall rather than
> devote one of our machines and your suggestion seems to confirm this
> thought. Thanks.
>
>
> ----- Original Message -----
> From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> Sent: Wednesday, November 06, 2002 9:41 AM
> Subject: Re: [CP-LUG] Newbie questions
>
>
> > It has always been recommended to have as few services running on a
> > machine acting as a firewall. To me, this always meant a dedicated box
> > for firewall/gateway services. For this role, check out
> > leaf.sourceforge.net. This is an embedded type distro, built
> > specifically for firewalls.
> >
> > I used to run an old version of this on my 512kb/s cable modem, running
> > on a 486 at 33Mhz, 16MB RAM. The box had no problems running
> > firewall/NAT/DNS services. And as far as I know, the number of boxes
> > behind the firewall doesn't really matter. It's the bandwidth of the
> > pipe your securing. I believe reading on the LEAF mailing list that a
> > old 486 can handle a full T (1.5Mbps) with no problems.
> >
> > Once you get a secure firewall in place, you can relax a little on the
> > box that's actually serving content. You can close ports you don't need
> > at the firewall. You just need to be sure you keep your daemons up to
> > date that are public.
> >
> > Check out LEAF, there's lots of great info there.
> >
> > Chris
> >
> >
> >
> > On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> > > Just to add more information, I am using another P133 at work as a
> gateway.
> > > It does routing and firewalling for 30 users. It also hosts 1 dial-up
> modem
> > > as a remote access modem. There are no performance issues. As per your
> #2,
> > > I'd say without any doubt that my P133 could handle those 6-10 users
> without
> > > breaking a sweat. Somebody jump in if they have any other ideas about
> > > performance. If you had listed X as something you wanted to do, that
> would
> > > make a huge difference. If you had listed fileserver, that would make a
> > > difference also, but I'm not sure how much.
> > > Matt
> > >
> > >
> > > On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> > <snip>
> >
> >
> >
> >
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Greg Spangler
2002-11-07 00:18:31 UTC
Permalink
Thanks again Chris, I think I can come up with an old 486 or AMD 586 if I
look around although I'll have to find a different version of Linux cause
the Mandrake 9.0 I've got coming requires at least a Pentium. I did think of
another question regarding the swap file I was wondering if you could
answer. When I set up my laptop I plan to have 3 different operating with 3
different kinds of file systems; Windows ME on FAT 32, Windows XP on NTFS
and Mandrake 9.0 on whatever it uses (I don't know but figured it would be
different than FAT 32 or NTFS.) Anyway if I make a 1024mb swap file (512mb
RAM x2) is it possible for all 3 OS's to share the same swap file and, if
so, how do I get them to all use the same swap partition?


----- Original Message -----
From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Wednesday, November 06, 2002 5:05 PM
Subject: Re: [CP-LUG] Newbie questions


> I would suggest spending money on a dedicated box for a firewall or even
> using an existing one instead of a firewall appliance. It's been a
> while since I researched them, but a PC with linux and a few NICs will
> beat any sub ~$2000 firewall product. Some with additional per user
> licenses.
>
> Many firewall devices are either very limited, or very expensive.
>
> Here's a scenario:
>
> You start now with a dedicated box running LEAF. It's just a simple box
> with two NICs that provides firewall services, NAT (Network Address
> Translation) for your clients, and forwards ports 80/110/25 etc to a
> dedicated Web/mail server. ~20 minutes and your up and running, on a
> 486 that most of us have 3 of in the basement (or that can be had very
> cheaply).
>
> As your abilities with linux grow, as do the needs of your business, you
> expand what you have, with nothing more than an additional NIC and some
> configuration. We're talking setting up a DMZ zone (a private subnet
> for all your publicly accessible boxes) round robin DNS for multiple
> laod balancing web servers, VPN across the web from subnet to subnet,
> single PC to subnet, IDS (Intrusion Detection System), etc.
>
> These are just a few possibilities of the top of my head. The power and
> flexibility that linux on the perimeter of your LAN can give you are
> amazing.
>
> O.K. rants over. I'm getting cable hooked up at my new place tomorrow,
> and so will be setting up the latest version of LEAF, if your
> interested, I'll let you know how it goes.
>
> Anybody else interested in this?
>
> Chris
>
>
>
>
> On Wed, 2002-11-06 at 16:17, Greg Spangler wrote:
> > Thanks Chris, that's some good advice. I've been rethinking the firewall
> > issue anyway and believe I'm going to use a hardware firewall rather
than
> > devote one of our machines and your suggestion seems to confirm this
> > thought. Thanks.
> >
> >
> > ----- Original Message -----
> > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > Sent: Wednesday, November 06, 2002 9:41 AM
> > Subject: Re: [CP-LUG] Newbie questions
> >
> >
> > > It has always been recommended to have as few services running on a
> > > machine acting as a firewall. To me, this always meant a dedicated
box
> > > for firewall/gateway services. For this role, check out
> > > leaf.sourceforge.net. This is an embedded type distro, built
> > > specifically for firewalls.
> > >
> > > I used to run an old version of this on my 512kb/s cable modem,
running
> > > on a 486 at 33Mhz, 16MB RAM. The box had no problems running
> > > firewall/NAT/DNS services. And as far as I know, the number of boxes
> > > behind the firewall doesn't really matter. It's the bandwidth of the
> > > pipe your securing. I believe reading on the LEAF mailing list that a
> > > old 486 can handle a full T (1.5Mbps) with no problems.
> > >
> > > Once you get a secure firewall in place, you can relax a little on the
> > > box that's actually serving content. You can close ports you don't
need
> > > at the firewall. You just need to be sure you keep your daemons up to
> > > date that are public.
> > >
> > > Check out LEAF, there's lots of great info there.
> > >
> > > Chris
> > >
> > >
> > >
> > > On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> > > > Just to add more information, I am using another P133 at work as a
> > gateway.
> > > > It does routing and firewalling for 30 users. It also hosts 1
dial-up
> > modem
> > > > as a remote access modem. There are no performance issues. As per
your
> > #2,
> > > > I'd say without any doubt that my P133 could handle those 6-10 users
> > without
> > > > breaking a sweat. Somebody jump in if they have any other ideas
about
> > > > performance. If you had listed X as something you wanted to do,
that
> > would
> > > > make a huge difference. If you had listed fileserver, that would
make a
> > > > difference also, but I'm not sure how much.
> > > > Matt
> > > >
> > > >
> > > > On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> > > <snip>
> > >
> > >
> > >
> > >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
Matt Grab
2002-11-07 02:25:06 UTC
Permalink
Maybe some old hat's on the list can answer this. But I think if you've got
512MB of RAM, you could turn off the swap file. It's not like you need it.
I have 512MB of RAM, but I don't have a 3D video card, so I can never use all
of it up.
On a related but separate note, I read somewhere that too much RAM can
actually slow down linux...

Matt


On Wednesday 06 November 2002 07:18 pm, Greg Spangler wrote:
> Thanks again Chris, I think I can come up with an old 486 or AMD 586 if I
> look around although I'll have to find a different version of Linux cause
> the Mandrake 9.0 I've got coming requires at least a Pentium. I did think
> of another question regarding the swap file I was wondering if you could
> answer. When I set up my laptop I plan to have 3 different operating with 3
> different kinds of file systems; Windows ME on FAT 32, Windows XP on NTFS
> and Mandrake 9.0 on whatever it uses (I don't know but figured it would be
> different than FAT 32 or NTFS.) Anyway if I make a 1024mb swap file (512mb
> RAM x2) is it possible for all 3 OS's to share the same swap file and, if
> so, how do I get them to all use the same swap partition?
>
>
> ----- Original Message -----
> From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> Sent: Wednesday, November 06, 2002 5:05 PM
> Subject: Re: [CP-LUG] Newbie questions
>
> > I would suggest spending money on a dedicated box for a firewall or even
> > using an existing one instead of a firewall appliance. It's been a
> > while since I researched them, but a PC with linux and a few NICs will
> > beat any sub ~$2000 firewall product. Some with additional per user
> > licenses.
> >
> > Many firewall devices are either very limited, or very expensive.
> >
> > Here's a scenario:
> >
> > You start now with a dedicated box running LEAF. It's just a simple box
> > with two NICs that provides firewall services, NAT (Network Address
> > Translation) for your clients, and forwards ports 80/110/25 etc to a
> > dedicated Web/mail server. ~20 minutes and your up and running, on a
> > 486 that most of us have 3 of in the basement (or that can be had very
> > cheaply).
> >
> > As your abilities with linux grow, as do the needs of your business, you
> > expand what you have, with nothing more than an additional NIC and some
> > configuration. We're talking setting up a DMZ zone (a private subnet
> > for all your publicly accessible boxes) round robin DNS for multiple
> > laod balancing web servers, VPN across the web from subnet to subnet,
> > single PC to subnet, IDS (Intrusion Detection System), etc.
> >
> > These are just a few possibilities of the top of my head. The power and
> > flexibility that linux on the perimeter of your LAN can give you are
> > amazing.
> >
> > O.K. rants over. I'm getting cable hooked up at my new place tomorrow,
> > and so will be setting up the latest version of LEAF, if your
> > interested, I'll let you know how it goes.
> >
> > Anybody else interested in this?
> >
> > Chris
> >
> > On Wed, 2002-11-06 at 16:17, Greg Spangler wrote:
> > > Thanks Chris, that's some good advice. I've been rethinking the
> > > firewall issue anyway and believe I'm going to use a hardware firewall
> > > rather
>
> than
>
> > > devote one of our machines and your suggestion seems to confirm this
> > > thought. Thanks.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > > Sent: Wednesday, November 06, 2002 9:41 AM
> > > Subject: Re: [CP-LUG] Newbie questions
> > >
> > > > It has always been recommended to have as few services running on a
> > > > machine acting as a firewall. To me, this always meant a dedicated
>
> box
>
> > > > for firewall/gateway services. For this role, check out
> > > > leaf.sourceforge.net. This is an embedded type distro, built
> > > > specifically for firewalls.
> > > >
> > > > I used to run an old version of this on my 512kb/s cable modem,
>
> running
>
> > > > on a 486 at 33Mhz, 16MB RAM. The box had no problems running
> > > > firewall/NAT/DNS services. And as far as I know, the number of boxes
> > > > behind the firewall doesn't really matter. It's the bandwidth of the
> > > > pipe your securing. I believe reading on the LEAF mailing list that
> > > > a old 486 can handle a full T (1.5Mbps) with no problems.
> > > >
> > > > Once you get a secure firewall in place, you can relax a little on
> > > > the box that's actually serving content. You can close ports you
> > > > don't
>
> need
>
> > > > at the firewall. You just need to be sure you keep your daemons up
> > > > to date that are public.
> > > >
> > > > Check out LEAF, there's lots of great info there.
> > > >
> > > > Chris
> > > >
> > > > On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> > > > > Just to add more information, I am using another P133 at work as a
> > >
> > > gateway.
> > >
> > > > > It does routing and firewalling for 30 users. It also hosts 1
>
> dial-up
>
> > > modem
> > >
> > > > > as a remote access modem. There are no performance issues. As per
>
> your
>
> > > #2,
> > >
> > > > > I'd say without any doubt that my P133 could handle those 6-10
> > > > > users
> > >
> > > without
> > >
> > > > > breaking a sweat. Somebody jump in if they have any other ideas
>
> about
>
> > > > > performance. If you had listed X as something you wanted to do,
>
> that
>
> > > would
> > >
> > > > > make a huge difference. If you had listed fileserver, that would
>
> make a
>
> > > > > difference also, but I'm not sure how much.
> > > > > Matt
> > > > >
> > > > >
> > > > > On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> > > >
> > > > <snip>
> > >
> > > _______________________________________________
> > > CPLUG mailing list
> > > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > http://lists.talos4.net/mailman/listinfo/cplug
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Greg Spangler
2002-11-07 03:05:40 UTC
Permalink
Ok, so you think I won't need a swap file to run linux w/512mb ram but you
mentioned something about a 3d video card. My laptop has a S3 Twister video
chip which does do 3d although I don't anticipate doing needing 3d much when
I've got the linux partiton active. I'll mostly use the 3d when I'm playing
games on the windows partitions. Also regarding the windows partitions I
think I'll still need a swap file for these so if possible I'd still like to
share 1 swap partition between the 2 versions of windows on 2 different file
partitions, 1 FAT 32 and 1 NTFS. Can anybody help with this dilemma even
though it involves that other vile OS? I'd also like to know for sure that I
won't need any swap file for the linux partition. If someone could explain
it to me I'd really appreciate it.


----- Original Message -----
From: "Matt Grab" <matt-blToVW09YxFWk0Htik3J/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Wednesday, November 06, 2002 9:25 PM
Subject: Re: [CP-LUG] Newbie questions


Maybe some old hat's on the list can answer this. But I think if you've got
512MB of RAM, you could turn off the swap file. It's not like you need it.
I have 512MB of RAM, but I don't have a 3D video card, so I can never use
all
of it up.
On a related but separate note, I read somewhere that too much RAM can
actually slow down linux...

Matt


On Wednesday 06 November 2002 07:18 pm, Greg Spangler wrote:
> Thanks again Chris, I think I can come up with an old 486 or AMD 586 if I
> look around although I'll have to find a different version of Linux cause
> the Mandrake 9.0 I've got coming requires at least a Pentium. I did think
> of another question regarding the swap file I was wondering if you could
> answer. When I set up my laptop I plan to have 3 different operating with
3
> different kinds of file systems; Windows ME on FAT 32, Windows XP on NTFS
> and Mandrake 9.0 on whatever it uses (I don't know but figured it would be
> different than FAT 32 or NTFS.) Anyway if I make a 1024mb swap file
(512mb
> RAM x2) is it possible for all 3 OS's to share the same swap file and, if
> so, how do I get them to all use the same swap partition?
>
>
> ----- Original Message -----
> From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> Sent: Wednesday, November 06, 2002 5:05 PM
> Subject: Re: [CP-LUG] Newbie questions
>
> > I would suggest spending money on a dedicated box for a firewall or even
> > using an existing one instead of a firewall appliance. It's been a
> > while since I researched them, but a PC with linux and a few NICs will
> > beat any sub ~$2000 firewall product. Some with additional per user
> > licenses.
> >
> > Many firewall devices are either very limited, or very expensive.
> >
> > Here's a scenario:
> >
> > You start now with a dedicated box running LEAF. It's just a simple box
> > with two NICs that provides firewall services, NAT (Network Address
> > Translation) for your clients, and forwards ports 80/110/25 etc to a
> > dedicated Web/mail server. ~20 minutes and your up and running, on a
> > 486 that most of us have 3 of in the basement (or that can be had very
> > cheaply).
> >
> > As your abilities with linux grow, as do the needs of your business, you
> > expand what you have, with nothing more than an additional NIC and some
> > configuration. We're talking setting up a DMZ zone (a private subnet
> > for all your publicly accessible boxes) round robin DNS for multiple
> > laod balancing web servers, VPN across the web from subnet to subnet,
> > single PC to subnet, IDS (Intrusion Detection System), etc.
> >
> > These are just a few possibilities of the top of my head. The power and
> > flexibility that linux on the perimeter of your LAN can give you are
> > amazing.
> >
> > O.K. rants over. I'm getting cable hooked up at my new place tomorrow,
> > and so will be setting up the latest version of LEAF, if your
> > interested, I'll let you know how it goes.
> >
> > Anybody else interested in this?
> >
> > Chris
> >
> > On Wed, 2002-11-06 at 16:17, Greg Spangler wrote:
> > > Thanks Chris, that's some good advice. I've been rethinking the
> > > firewall issue anyway and believe I'm going to use a hardware firewall
> > > rather
>
> than
>
> > > devote one of our machines and your suggestion seems to confirm this
> > > thought. Thanks.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > > Sent: Wednesday, November 06, 2002 9:41 AM
> > > Subject: Re: [CP-LUG] Newbie questions
> > >
> > > > It has always been recommended to have as few services running on a
> > > > machine acting as a firewall. To me, this always meant a dedicated
>
> box
>
> > > > for firewall/gateway services. For this role, check out
> > > > leaf.sourceforge.net. This is an embedded type distro, built
> > > > specifically for firewalls.
> > > >
> > > > I used to run an old version of this on my 512kb/s cable modem,
>
> running
>
> > > > on a 486 at 33Mhz, 16MB RAM. The box had no problems running
> > > > firewall/NAT/DNS services. And as far as I know, the number of
boxes
> > > > behind the firewall doesn't really matter. It's the bandwidth of
the
> > > > pipe your securing. I believe reading on the LEAF mailing list that
> > > > a old 486 can handle a full T (1.5Mbps) with no problems.
> > > >
> > > > Once you get a secure firewall in place, you can relax a little on
> > > > the box that's actually serving content. You can close ports you
> > > > don't
>
> need
>
> > > > at the firewall. You just need to be sure you keep your daemons up
> > > > to date that are public.
> > > >
> > > > Check out LEAF, there's lots of great info there.
> > > >
> > > > Chris
> > > >
> > > > On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> > > > > Just to add more information, I am using another P133 at work as a
> > >
> > > gateway.
> > >
> > > > > It does routing and firewalling for 30 users. It also hosts 1
>
> dial-up
>
> > > modem
> > >
> > > > > as a remote access modem. There are no performance issues. As
per
>
> your
>
> > > #2,
> > >
> > > > > I'd say without any doubt that my P133 could handle those 6-10
> > > > > users
> > >
> > > without
> > >
> > > > > breaking a sweat. Somebody jump in if they have any other ideas
>
> about
>
> > > > > performance. If you had listed X as something you wanted to do,
>
> that
>
> > > would
> > >
> > > > > make a huge difference. If you had listed fileserver, that would
>
> make a
>
> > > > > difference also, but I'm not sure how much.
> > > > > Matt
> > > > >
> > > > >
> > > > > On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> > > >
> > > > <snip>
> > >
> > > _______________________________________________
> > > CPLUG mailing list
> > > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > http://lists.talos4.net/mailman/listinfo/cplug
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Patrick Haller
2002-11-07 13:52:56 UTC
Permalink
On Wednesday 06 November 2002 21:25, Matt Grab wrote:
> Maybe some old hat's on the list can answer this.  But I think if you've
> got 512MB of RAM, you could turn off the swap file.  It's not like you need
> it. I have 512MB of RAM, but I don't have a 3D video card, so I can never
> use all of it up.
> On a related but separate note, I read somewhere that too much RAM can
> actually slow down linux...

I would recommend setting up a swap partition 2 times the size of RAM. The
reason is that it's easy to set up a swap partition ahead of time, but it can
be quite annoying to set it up when you need it.

As your RAM usage increases over time (bloat is a problem for linux, too),
you'll have more items in memory. At some point, you'll either have to
upgrade RAM or use swap on your disk. For protection, you should have 2 times
RAM allocated for swap, so you can easily swap your entire RAM out to disk,
in case a memory-leaking program goes ape.


Patrick.
- --
Patrick Haller
patrick-WzOFVOSLzJiEK/***@public.gmane.org Network Administrator +1 717 975 9000
http://dc.net http://md.net http://nj.net http://oh.net http://pa.net
Chris Carbaugh
2002-11-07 15:12:34 UTC
Permalink
While I too have always be told your swap should be 2X RAM, in this case
it's overkill, it would be eating 3 gig of your drive.

Here's a few points to keep in mind:

Linux uses a swap partition. Once this partition is created, that space
is gone. This of course can be changed, but it's a pain.

Windows uses swap files, these are simple to change the size of, or even
the partition they're on.

Windows can also dynamically size it's swap file, and you can set
min/max values for it.

Now that I think about, don't even worry about Windows swap files. The
default install will do exactly what you want.

Now, you didn't mention the size of your drive, or how you intend to
partition it, but what I would do is give linux some swap space, say
256MB up to the suggested 1gig if you can afford it. As for windows,
leave plenty of space on their partitions, and put the swap file at the
root of that file system.

I would also suggest to create a FAT16 partition. FAT16 is easily
accessible by all 3 OS's, and you'll eventually want to swap something
back and forth between them.

Also, when it comes to installing apps under Windows, if you install the
same app, say MS Office, install it in the some folder under both OS's.
Any OS specific files get put either in \program files\ or \system32.
With huge apps like office, this can save you alot of space.

And the finally deciding factor on the size of swap files depends on
exactly what you run, and how you run it.

I'm currently on RH7.2 with Gnome, Evolution, Galeon, some terminals,
and VMWare running. Under VMWare I have NT4.0, AutoCAD, MS Word, and
Excel running (hey, I do have to work :)

Here's my stats:

10:08am up 8 days, 23:34, 1 user, load average: 0.04, 0.05, 0.01
104 processes: 103 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 4.9% user, 4.3% system, 0.0% nice, 90.7% idle
Mem: 384468K av, 379960K used, 4508K free, 6236K shrd, 38392K buff
Swap: 1052216K av, 94924K used, 957292K free 205848K cached

Chris


On Wed, 2002-11-06 at 21:25, Matt Grab wrote:
> Maybe some old hat's on the list can answer this. But I think if you've got
> 512MB of RAM, you could turn off the swap file. It's not like you need it.
> I have 512MB of RAM, but I don't have a 3D video card, so I can never use all
> of it up.
> On a related but separate note, I read somewhere that too much RAM can
> actually slow down linux...
>
> Matt
>
>
> On Wednesday 06 November 2002 07:18 pm, Greg Spangler wrote:
> > Thanks again Chris, I think I can come up with an old 486 or AMD 586 if I
> > look around although I'll have to find a different version of Linux cause
> > the Mandrake 9.0 I've got coming requires at least a Pentium. I did think
> > of another question regarding the swap file I was wondering if you could
> > answer. When I set up my laptop I plan to have 3 different operating with 3
> > different kinds of file systems; Windows ME on FAT 32, Windows XP on NTFS
> > and Mandrake 9.0 on whatever it uses (I don't know but figured it would be
> > different than FAT 32 or NTFS.) Anyway if I make a 1024mb swap file (512mb
> > RAM x2) is it possible for all 3 OS's to share the same swap file and, if
> > so, how do I get them to all use the same swap partition?
> >
> >
> > ----- Original Message -----
> > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > Sent: Wednesday, November 06, 2002 5:05 PM
> > Subject: Re: [CP-LUG] Newbie questions
Daniel E. Markle
2002-11-07 16:11:06 UTC
Permalink
Quoting Chris Carbaugh <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>:
> Linux uses a swap partition. Once this partition is created, that space
> is gone. This of course can be changed, but it's a pain.

Linux can actually use swap files as well. Here's documentation on creating a
swap file with RH 8, the second half of the document covers the procedure for
doing this.

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/custom-guide/s1-swap-adding.html

--
------------------------
Daniel E. Markle
syntax-***@public.gmane.org
http://ashtech.net/~syntax/
------------------------
Greg Spangler
2002-11-07 00:58:39 UTC
Permalink
Oops! Please excuse my little faux pas as I should have read your reply a
little more carefuly. I now see that "leaf" you recommended is a distro all
by its lonesome. I'm heading ther now to check it out. Again thanks and I
still could use an answer regarding the multiple os's using the same swap
partition.


----- Original Message -----
From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Wednesday, November 06, 2002 5:05 PM
Subject: Re: [CP-LUG] Newbie questions


> I would suggest spending money on a dedicated box for a firewall or even
> using an existing one instead of a firewall appliance. It's been a
> while since I researched them, but a PC with linux and a few NICs will
> beat any sub ~$2000 firewall product. Some with additional per user
> licenses.
>
> Many firewall devices are either very limited, or very expensive.
>
> Here's a scenario:
>
> You start now with a dedicated box running LEAF. It's just a simple box
> with two NICs that provides firewall services, NAT (Network Address
> Translation) for your clients, and forwards ports 80/110/25 etc to a
> dedicated Web/mail server. ~20 minutes and your up and running, on a
> 486 that most of us have 3 of in the basement (or that can be had very
> cheaply).
>
> As your abilities with linux grow, as do the needs of your business, you
> expand what you have, with nothing more than an additional NIC and some
> configuration. We're talking setting up a DMZ zone (a private subnet
> for all your publicly accessible boxes) round robin DNS for multiple
> laod balancing web servers, VPN across the web from subnet to subnet,
> single PC to subnet, IDS (Intrusion Detection System), etc.
>
> These are just a few possibilities of the top of my head. The power and
> flexibility that linux on the perimeter of your LAN can give you are
> amazing.
>
> O.K. rants over. I'm getting cable hooked up at my new place tomorrow,
> and so will be setting up the latest version of LEAF, if your
> interested, I'll let you know how it goes.
>
> Anybody else interested in this?
>
> Chris
>
>
>
>
> On Wed, 2002-11-06 at 16:17, Greg Spangler wrote:
> > Thanks Chris, that's some good advice. I've been rethinking the firewall
> > issue anyway and believe I'm going to use a hardware firewall rather
than
> > devote one of our machines and your suggestion seems to confirm this
> > thought. Thanks.
> >
> >
> > ----- Original Message -----
> > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > Sent: Wednesday, November 06, 2002 9:41 AM
> > Subject: Re: [CP-LUG] Newbie questions
> >
> >
> > > It has always been recommended to have as few services running on a
> > > machine acting as a firewall. To me, this always meant a dedicated
box
> > > for firewall/gateway services. For this role, check out
> > > leaf.sourceforge.net. This is an embedded type distro, built
> > > specifically for firewalls.
> > >
> > > I used to run an old version of this on my 512kb/s cable modem,
running
> > > on a 486 at 33Mhz, 16MB RAM. The box had no problems running
> > > firewall/NAT/DNS services. And as far as I know, the number of boxes
> > > behind the firewall doesn't really matter. It's the bandwidth of the
> > > pipe your securing. I believe reading on the LEAF mailing list that a
> > > old 486 can handle a full T (1.5Mbps) with no problems.
> > >
> > > Once you get a secure firewall in place, you can relax a little on the
> > > box that's actually serving content. You can close ports you don't
need
> > > at the firewall. You just need to be sure you keep your daemons up to
> > > date that are public.
> > >
> > > Check out LEAF, there's lots of great info there.
> > >
> > > Chris
> > >
> > >
> > >
> > > On Wed, 2002-11-06 at 01:05, Matt Grab wrote:
> > > > Just to add more information, I am using another P133 at work as a
> > gateway.
> > > > It does routing and firewalling for 30 users. It also hosts 1
dial-up
> > modem
> > > > as a remote access modem. There are no performance issues. As per
your
> > #2,
> > > > I'd say without any doubt that my P133 could handle those 6-10 users
> > without
> > > > breaking a sweat. Somebody jump in if they have any other ideas
about
> > > > performance. If you had listed X as something you wanted to do,
that
> > would
> > > > make a huge difference. If you had listed fileserver, that would
make a
> > > > difference also, but I'm not sure how much.
> > > > Matt
> > > >
> > > >
> > > > On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> > > <snip>
> > >
> > >
> > >
> > >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
Greg Spangler
2002-11-06 21:12:04 UTC
Permalink
Thanks for your reply as well, Matt and Wow! I would've never guessed you
could do that with a P133. A friend and I set up a Windows 2k server doing
web hosting, mail boxes, a file server and remote administration on a
machine w/ 2 466Mhz Celerons and 384 mb RAM and w/ just 2 or 3 users it ran
like a dog. For now this machine won't be a file server, that will still be
handled by a dual processor Windows box, just a host for our web site, mail
and a modem or two for vpn dial up so our technicians can get their service
slips whitout having to drive in to the office and also so I can administer
everything remotely if things should happen to go down. As for using a GUI
with it, I sure I could manage basic maintenance from the command interface
(if I have to) but was really hoping to be able to use KDE or GNOME at least
to administrate. What could I do to improve performance to use a GUI on this
box? Any suggestions?


----- Original Message -----
From: "Matt Grab" <matt-blToVW09YxFWk0Htik3J/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Wednesday, November 06, 2002 1:05 AM
Subject: Re: [CP-LUG] Newbie questions


Just to add more information, I am using another P133 at work as a gateway.
It does routing and firewalling for 30 users. It also hosts 1 dial-up modem
as a remote access modem. There are no performance issues. As per your #2,
I'd say without any doubt that my P133 could handle those 6-10 users without
breaking a sweat. Somebody jump in if they have any other ideas about
performance. If you had listed X as something you wanted to do, that would
make a huge difference. If you had listed fileserver, that would make a
difference also, but I'm not sure how much.
Matt


On Wednesday 06 November 2002 12:17 am, Greg Spangler wrote:
> Thanks for the reply Chuck, some of your answers I think will be very
> helpful. I'd looked at the latest RedHat but finally decided to spend some
> of my boss' money on the new Mandrake 9.0 Pro Suite distribution. From
> everything I've read it's very similar to RedHat, the easiest to install
> and often recommended over other distributions for those with no
Linux/Unix
> experience. I've thought of a couple more questions and was hoping you
> might help with those as well. First, I was wondering how large should I
> make the swap file? With Windows I've always used the rule of thumb that
> the swap file should be twice the size of physical RAM (assuming at least
> 128mb RAM.) Does that hold true for Linux as well? Also you said you've
> seperated the tasks I'm trying to accomplish between 2 boxes of comparable
> power. Yet another of you said they're accomplishing all these things with
> a single box of considerably less power. From the sound of that system I'd
> guess they're not using it for as many users nor in a business setting,
but
> will I really need to use two boxes or can I possibly get by for awhile
> using the single box and say increase the amount of RAM to 512mb or more?
> Finally any ideas how difficult this will be to incorporate with our
> Windows based network? Any ideas that might make this incorporation less
> painful? I'm really starting to look forward to this project and have
hopes
> that I might eventually convert our company to Linux using the Star Office
> Suite a put and end to the endless Microsoft Money Pit we're currently
> bogged down with. ----- Original Message -----
> From: Chuck Vohs
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Sent: Monday, November 04, 2002 12:53 PM
> Subject: RE: [CP-LUG] Newbie questions
>
>
> I am way new at this stuff, but will give you my answers inline:
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf
> Of Greg Spangler Sent: Monday, November 04, 2002 12:32 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: [CP-LUG] Newbie questions
>
>
> 1. Which distribution should I use? (Debian, FreeBSD, Mandrake,
RedHat,
> SuSE or other)
>
> I use RedHat 7.3
>
> 2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM,
> 10Gb HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP)
as
> a web server, firewall, post office (for 6 - 12 users) and VPN gateway for
> (1 - 4 users) and if not how many boxes (and how much horsepower) will I
> need to accomplish this?
>
> I use one box such as this as my firewall and gateway.
>
> I use another box, PIII 512mb 40gb, for my services, www, ftp, mail,
> dns, etc.
>
> 3. Regarding web server setup and administration, can this only be
done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> I used cpanel.net for this initially, but it is too costly...so now I
> am using webmin (free).
>
> 4. Regarding firewall setup and administration, can this only be done
> from the command line or can this be accomplished using either the KDE or
> GNOME GUI interfaces?
>
> Easy text file, I use http://www.shadowweb.org/fwscript/
>
>
>
> 5. Regarding post office setup and administration, can this only be
> done from the command line or can this be accomplished using either the
KDE
> or GNOME GUI interfaces?
>
> Again, cpanel handle this.
>
> 6. Regarding VPN gateway setup and administration, can this only be
> done from the command line or can this be accomplished using either the
KDE
> or GNOME GUI interfaces?
>
> webmin works for this.
>
> 7. Assuming all this can be setup on one (or two) boxes, can I
remotely
> administrate (and experiment with additional applications) from a Linux
> partition on my personal Windows XP (NTFS) laptop?
>
> I do! Works great.
>
> 8. Looking at all the various packages that are included with any of
> the Linux distributions, I'd like to only install the packages that I
would
> need (plus a some applications like Star Office & Gimp on the laptop.)
> Which do I want to install to accomplish my goals without overloading my
HD
> with things I'll never use? (Please note I'm not a programmer and I've
> already got more than enough Windows games.)
>
> I installed the bare minimum in text format, then used cpanel.net to
do
> the rest...it installs only what you need to do the server stuff.
>
> 9. Are there any utilities I will need (other than Partition Magic?)
>
> Always...but I can't think of any right now.
>
>
>
> 10. What are some of the other issues I haven't thought of but should
> address? (Sorry I know this one is especially vague.)
>
> Who will win the Super Bowl this year?
Joseph Sites
2002-11-06 21:25:44 UTC
Permalink
hey,
i may be better off asking this during a meeting, so i can talk face to
face, but i'm not sure if some of the stuff that's been discussed lately on
the mailer pertains to what i want to know.
i'm interested in possibly getting a relativly cheap computer, setting it up
with linux, and use it as a hosting server for a personal website that i am
making to use as a portfolio for my freelance web design work.
i have cable internet at home, i just have a small seimens 2 port router
with a built in firewall, a motorolla surfboard cable modem, as well as a
desktop and a laptop computer. i use both of these for other things, so i
would not want to use either of them as a hosting server.
i would like to know if it is possible using what i already have (although i
will probably need a new router in order to have a third port on it) to
create a server to host a website on. i would not be opposed to buying very
cheap new hardware and building a computer, installing linux on it, and use
it as a server, i just need to know if there are certain hardware
requirements, and software requirements besides linux OS.
if anyone knows what kind of stuff i would need for a basic reliable web
server, please let me know. in advance, i must warn you, that i will
probably have many more questions once i have the hardware and the computer
is built as to how to set up a computer to be a web server. in order to
maybe cut down some of the questions, does anyone know of a good book to use
for beginner linux users that would help explain setting up a web server.

thanks in advance (as i have been learning alot so far just from reading the
questions everyone has, and i look forward to learning all i can about
linux),

Joseph Sites
graphic designer
trc interactive
Chris Carbaugh
2002-11-06 22:14:48 UTC
Permalink
I think we all have a lot to talk about at a meeting :)

First of all, you need to check your seimens router, and see if you can
do port forwarding with it, or if you can at least open port 80 to your
web server.

Also something to check is the TOS of your ISP. Most cable company do
not allow any servers of any kind unless you have one of there business
accounts (which are exactly the same as the resi accounts, just more
$$).

That said, the kind of traffic you are expecting initially will be quite
low, and I bet a P200 w/64MB RAM will handle enough load to saturate
your link before the machine bogs down. That machine would be quite
slow running KDE or Gnome, but you would only need either of those while
you admin the box. When done, simply log out and all resources go to
apache.

Chris

On Wed, 2002-11-06 at 16:25, Joseph Sites wrote:
> hey,
> i may be better off asking this during a meeting, so i can talk face to
> face, but i'm not sure if some of the stuff that's been discussed lately on
> the mailer pertains to what i want to know.
> i'm interested in possibly getting a relativly cheap computer, setting it up
> with linux, and use it as a hosting server for a personal website that i am
> making to use as a portfolio for my freelance web design work.
> i have cable internet at home, i just have a small seimens 2 port router
> with a built in firewall, a motorolla surfboard cable modem, as well as a
> desktop and a laptop computer. i use both of these for other things, so i
> would not want to use either of them as a hosting server.
> i would like to know if it is possible using what i already have (although i
> will probably need a new router in order to have a third port on it) to
> create a server to host a website on. i would not be opposed to buying very
> cheap new hardware and building a computer, installing linux on it, and use
> it as a server, i just need to know if there are certain hardware
> requirements, and software requirements besides linux OS.
> if anyone knows what kind of stuff i would need for a basic reliable web
> server, please let me know. in advance, i must warn you, that i will
> probably have many more questions once i have the hardware and the computer
> is built as to how to set up a computer to be a web server. in order to
> maybe cut down some of the questions, does anyone know of a good book to use
> for beginner linux users that would help explain setting up a web server.
>
> thanks in advance (as i have been learning alot so far just from reading the
> questions everyone has, and i look forward to learning all i can about
> linux),
>
> Joseph Sites
> graphic designer
> trc interactive
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Matt Grab
2002-11-06 22:44:21 UTC
Permalink
$199
via 833mhz
10gb hd
128mb ram
nic card
cdrom

My friend just bought one of these. It has tons of horsepower for serving
websites. You can't beat it. Just load Mandrake 9.0 on it, fire up webmin,
and you have a killer box. In fact that's exactly what he's doing with it.
Add a second nic card, and you have your firewall appliance.

If you want to go the "appliance" route, here's what I'm working on.
$200 800mhz via c3 w/ 128mb ram
$20 compact flash - ide adapter
$50 - 128mb compact flash card to act as ide hard drive

Matt
alayne helmus
2002-11-06 23:37:53 UTC
Permalink
is it too 'newbie' or 'lengthy' to explain how adding 2nd nic card can act as firewall? i guess i always saw this function as being resident on a separate box.
Matt Grab <matt-blToVW09YxFWk0Htik3J/***@public.gmane.org> wrote:$199
via 833mhz
10gb hd
128mb ram
nic card
cdrom

My friend just bought one of these. It has tons of horsepower for serving
websites. You can't beat it. Just load Mandrake 9.0 on it, fire up webmin,
and you have a killer box. In fact that's exactly what he's doing with it.
Add a second nic card, and you have your firewall appliance.

If you want to go the "appliance" route, here's what I'm working on.
$200 800mhz via c3 w/ 128mb ram
$20 compact flash - ide adapter
$50 - 128mb compact flash card to act as ide hard drive

Matt
_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug


---------------------------------
Do you Yahoo!?
HotJobs - Search new jobs daily now
Chuck Vohs
2002-11-06 23:51:11 UTC
Permalink
not too newbie for me...
I added a second nic card...eth1.
eth0 is connected to router or DSL modem. It does not activate on boot.
eth1 is connected to internal LAN, with privagte IP 192.168.X.X and is
active on boot.

When the ppp connection is made, the eth0 gets the IP from the provider and
the connection is shared across the internal LAN, all the NAT, firewall and
DNS is on that machine.

At least that is what I do...don't know if it's right, but it sure is cool.
Chuck
-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
alayne helmus
Sent: Wednesday, November 06, 2002 6:38 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: Re: [CP-LUG] servers and appliances


is it too 'newbie' or 'lengthy' to explain how adding 2nd nic card can act
as firewall? i guess i always saw this function as being resident on a
separate box.

Matt Grab <matt-blToVW09YxFWk0Htik3J/***@public.gmane.org> wrote:

$199
via 833mhz
10gb hd
128mb ram
nic card
cdrom

My friend just bought one of these. It has tons of horsepower for
serving
websites. You can't beat it. Just load Mandrake 9.0 on it, fire up
webmin,
and you have a killer box. In fact that's exactly what he's doing with
it.
Add a second nic card, and you have your firewall appliance.

If you want to go the "appliance" route, here's what I'm working on.
$200 800mhz via c3 w/ 128mb ram
$20 compact flash - ide adapter
$50 - 128mb compact flash card to act as ide hard drive

Matt
_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug




----------------------------------------------------------------------------
--
Do you Yahoo!?
HotJobs - Search new jobs daily now
Matt Grab
2002-11-07 01:56:36 UTC
Permalink
Did I mention this box is sold at Walmart.com, and possibly at local
Wal-mart's? It's a microtel with lindows installed on it. - don't use the
lindows, it's good for a newbie, but bad for a webserver - very bad - it is
full of security holes.

As far as how adding a second nic can make a machine a firewall.
Linux's kernel (the very core piece of linux - ACTUALLY -the ONLY - piece of
linux) is software that has a portion of code that is router code, and a
portion of code that is firewall code. When you add 2 ethernet cards, you
can tell linux to activate the routing and firewalling code. You have to
design all your other network setup to use your linux box as the router. So
when your home pc contacts your firewall/router box that is connected to the
lan, and asks for epix.net, or any website, then linux passes that request on
to it's network card that is connected to the internet. It checks the packet
first to see if it is okay as far as the firewall is concerned. If the
packet is okay, then it get's sent out to the internet. The same process
happens in reverse when epix.net replies to your request.
The main issue when telling linux to act as a router and a firewall, is
telling linux which packets are okay, and which are not. That is a set of
rules that say if a packet looks like so and so, it is bad. The list is very
long, and pretty much you just download a pre-defined list and turn it on.

Matt

On Wednesday 06 November 2002 06:37 pm, alayne helmus wrote:
> is it too 'newbie' or 'lengthy' to explain how adding 2nd nic card can act
> as firewall? i guess i always saw this function as being resident on a
> separate box. Matt Grab <matt-blToVW09YxFWk0Htik3J/***@public.gmane.org> wrote:$199
> via 833mhz
> 10gb hd
> 128mb ram
> nic card
> cdrom
>
> My friend just bought one of these. It has tons of horsepower for serving
> websites. You can't beat it. Just load Mandrake 9.0 on it, fire up webmin,
> and you have a killer box. In fact that's exactly what he's doing with it.
> Add a second nic card, and you have your firewall appliance.
>
> If you want to go the "appliance" route, here's what I'm working on.
> $200 800mhz via c3 w/ 128mb ram
> $20 compact flash - ide adapter
> $50 - 128mb compact flash card to act as ide hard drive
>
> Matt
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
>
> ---------------------------------
> Do you Yahoo!?
> HotJobs - Search new jobs daily now
Joseph Sites
2002-11-06 23:45:36 UTC
Permalink
That sounds like a great way to set it up (the first one that is) I
already have a few of those parts sitting around here now. So what you
are saying though, is that if I add a second nic card, I can use it as
the firewall for my other computers at home? Not completely sure, but
where does the computer used as a firewall go in my set up, I would
guess it goes between the cable modem and the router, but if I would do
that, is it possible to just add a third nic card to the server, and
just not use the router at all, or would that bog down the server at
all.

Part of this is also in reply to Chris Carbaugh's response.
I know with my router I am able to set port forwarding, but not 100%
sure about everything it can do, I'll have to play around with that and
check on it. The thing about the cable internet, I would have thought
that there would be a difference, maybe allowing more bandwidth, but I
guess that that is a great way to make extra money. And you said about
the amount of traffic, I hope to get a lot of traffic, because more
traffic means more possible clients.

Well thank you all for the help, I was actually expecting much worse as
far as price, but this is great news.

Also, I know I asked before, but anyone that knows a good linux book to
use as a reference, send me your suggestions. Right now the only linux
book I have is redhat 8 for dummies, but that book spends about half of
the book preping you for instalation and guiding you through
instalation, even though the installer is a lot easier than the book
leads you to believe.

-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
Of Matt Grab
Sent: Wednesday, November 06, 2002 5:44 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: Re: [CP-LUG] servers and appliances


$199
via 833mhz
10gb hd
128mb ram
nic card
cdrom

My friend just bought one of these. It has tons of horsepower for
serving
websites. You can't beat it. Just load Mandrake 9.0 on it, fire up
webmin,
and you have a killer box. In fact that's exactly what he's doing with
it. Add a second nic card, and you have your firewall appliance.

If you want to go the "appliance" route, here's what I'm working on.
$200 800mhz via c3 w/ 128mb ram $20 compact flash - ide adapter $50 -
128mb compact flash card to act as ide hard drive

Matt
Matt Grab
2002-11-07 02:10:08 UTC
Permalink
If you added a second nic, then you could use it as a firewall. You could
also use it as a router, and your hardware router wouldn't be necessary. If
you opted to use the hardware router, you could probably insert it in either
order. See impressive ASCII art below.

As far as the cable modem and a server. 100% guaranteed that your Terms Of
Service won't let you run a server of ANY kind WHATSOEVER, unless you convert
to a business account. Here's the reason, with a simplistic example.
ISP A has 10 home users.
ISP A has a 10mbit link.
If each user only uses 1 mbit, then they are all happy.
But if 1 of the users puts up a server, then they start using 10mbit, and all
the other customers start to complain.
The only way to solve the problem is for ISP A to get more bandwidth to spread
around.
More bandwidth costs ISP A more.
So, ISP A buys more bandwidth, and groups the heavy users all together, and
charges them more.
Then ISP A has a 10mbit link shared between the 10 home users, and a 100mbit
link shared between their 10 business users.
It's the same thing for modems. The ISP has 400 modem lines, and 1000 users.
They don't allow you to stay connected all the time, because 600 of their
users could never get connected. You are all sharing the modem lines.
Sorry if I oversimplified it.
Patrick could explain more.

Later,
Matt

cable-modem
|
V
router
|
V
nic 1
|
V
(firewall code)
|
V
nic 2
|
V
Lan and all home boxes

--------------------or----------------------
cable
nic1
nic2
router
lan



On Wednesday 06 November 2002 06:45 pm, Joseph Sites wrote:
> That sounds like a great way to set it up (the first one that is) I
> already have a few of those parts sitting around here now. So what you
> are saying though, is that if I add a second nic card, I can use it as
> the firewall for my other computers at home? Not completely sure, but
> where does the computer used as a firewall go in my set up, I would
> guess it goes between the cable modem and the router, but if I would do
> that, is it possible to just add a third nic card to the server, and
> just not use the router at all, or would that bog down the server at
> all.
>
> Part of this is also in reply to Chris Carbaugh's response.
> I know with my router I am able to set port forwarding, but not 100%
> sure about everything it can do, I'll have to play around with that and
> check on it. The thing about the cable internet, I would have thought
> that there would be a difference, maybe allowing more bandwidth, but I
> guess that that is a great way to make extra money. And you said about
> the amount of traffic, I hope to get a lot of traffic, because more
> traffic means more possible clients.
>
> Well thank you all for the help, I was actually expecting much worse as
> far as price, but this is great news.
>
> Also, I know I asked before, but anyone that knows a good linux book to
> use as a reference, send me your suggestions. Right now the only linux
> book I have is redhat 8 for dummies, but that book spends about half of
> the book preping you for instalation and guiding you through
> instalation, even though the installer is a lot easier than the book
> leads you to believe.
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> Of Matt Grab
> Sent: Wednesday, November 06, 2002 5:44 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances
>
>
> $199
> via 833mhz
> 10gb hd
> 128mb ram
> nic card
> cdrom
>
> My friend just bought one of these. It has tons of horsepower for
> serving
> websites. You can't beat it. Just load Mandrake 9.0 on it, fire up
> webmin,
> and you have a killer box. In fact that's exactly what he's doing with
> it. Add a second nic card, and you have your firewall appliance.
>
> If you want to go the "appliance" route, here's what I'm working on.
> $200 800mhz via c3 w/ 128mb ram $20 compact flash - ide adapter $50 -
> 128mb compact flash card to act as ide hard drive
>
> Matt
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Joseph Sites
2002-11-07 03:11:46 UTC
Permalink
Ok, that all make sense, but the purpose of having a router in my setup
here at home is so that my current desktop, and laptop can share the
internet without swapping cables, and so they can both be onilne at the
same time. If the server has 2 nic cards, NIC 1 is the input (where the
server is connected to the outside world through the cable modem. Now
once connected to the server, the server is to serve it's primary
purpose of a webserver, but also serve two secondary purposes:
1. Firewall for itself as well as the other two computers
2. Router, so that the internet can be split to the other two computers
so that they can both be on, and connected at the same time, along with
the server.

So if I have NIC 2, this is the internet coming out of the server and
into desktop computer.

So do I need NIC 3 so that laptop is also connected? Or should I have
NIC 2 connected to my current 2 port router, then desktop and laptop

Or am I completely off the wall in either of these two solutions?


In keeping with the wonderful ascii drawing, here is what I have now,
and what I want to have


I have this now

Cable Modem
|
v
Router
/ \
v v
Desktop Laptop

What I want:

Cable modem
/ | \
V v v
Desktop server laptop

But somewhere in this crazy setup there needs to be something that will
split the internet (router) and a firewall for protection




-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
Of Matt Grab
Sent: Wednesday, November 06, 2002 9:10 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: Re: [CP-LUG] servers and appliances


If you added a second nic, then you could use it as a firewall. You
could
also use it as a router, and your hardware router wouldn't be necessary.
If
you opted to use the hardware router, you could probably insert it in
either
order. See impressive ASCII art below.

As far as the cable modem and a server. 100% guaranteed that your Terms
Of
Service won't let you run a server of ANY kind WHATSOEVER, unless you
convert
to a business account. Here's the reason, with a simplistic example.
ISP A has 10 home users. ISP A has a 10mbit link. If each user only uses
1 mbit, then they are all happy. But if 1 of the users puts up a server,
then they start using 10mbit, and all
the other customers start to complain.
The only way to solve the problem is for ISP A to get more bandwidth to
spread
around.
More bandwidth costs ISP A more.
So, ISP A buys more bandwidth, and groups the heavy users all together,
and
charges them more.
Then ISP A has a 10mbit link shared between the 10 home users, and a
100mbit
link shared between their 10 business users.
It's the same thing for modems. The ISP has 400 modem lines, and 1000
users.
They don't allow you to stay connected all the time, because 600 of
their
users could never get connected. You are all sharing the modem lines.
Sorry if I oversimplified it. Patrick could explain more.

Later,
Matt

cable-modem
|
V
router
|
V
nic 1
|
V
(firewall code)
|
V
nic 2
|
V
Lan and all home boxes

--------------------or----------------------
cable
nic1
nic2
router
lan



On Wednesday 06 November 2002 06:45 pm, Joseph Sites wrote:
> That sounds like a great way to set it up (the first one that is) I
> already have a few of those parts sitting around here now. So what you

> are saying though, is that if I add a second nic card, I can use it as

> the firewall for my other computers at home? Not completely sure, but
> where does the computer used as a firewall go in my set up, I would
> guess it goes between the cable modem and the router, but if I would
> do that, is it possible to just add a third nic card to the server,
> and just not use the router at all, or would that bog down the server
> at all.
>
> Part of this is also in reply to Chris Carbaugh's response.
> I know with my router I am able to set port forwarding, but not 100%
> sure about everything it can do, I'll have to play around with that
> and check on it. The thing about the cable internet, I would have
> thought that there would be a difference, maybe allowing more
> bandwidth, but I guess that that is a great way to make extra money.
> And you said about the amount of traffic, I hope to get a lot of
> traffic, because more traffic means more possible clients.
>
> Well thank you all for the help, I was actually expecting much worse
> as far as price, but this is great news.
>
> Also, I know I asked before, but anyone that knows a good linux book
> to use as a reference, send me your suggestions. Right now the only
> linux book I have is redhat 8 for dummies, but that book spends about
> half of the book preping you for instalation and guiding you through
> instalation, even though the installer is a lot easier than the book
> leads you to believe.
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf

> Of Matt Grab
> Sent: Wednesday, November 06, 2002 5:44 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances
>
>
> $199
> via 833mhz
> 10gb hd
> 128mb ram
> nic card
> cdrom
>
> My friend just bought one of these. It has tons of horsepower for
> serving websites. You can't beat it. Just load Mandrake 9.0 on it,
> fire up webmin,
> and you have a killer box. In fact that's exactly what he's doing
with
> it. Add a second nic card, and you have your firewall appliance.
>
> If you want to go the "appliance" route, here's what I'm working on.
> $200 800mhz via c3 w/ 128mb ram $20 compact flash - ide adapter $50 -
> 128mb compact flash card to act as ide hard drive
>
> Matt
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Chris Carbaugh
2002-11-07 14:47:31 UTC
Permalink
Comments within:


On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> Ok, that all make sense, but the purpose of having a router in my setup
> here at home is so that my current desktop, and laptop can share the
> internet without swapping cables, and so they can both be onilne at the
> same time.

I'm assuming you only have a single IP addy from your ISP, which leads
me to believe your current router can do NAT. If it can port forward as
well, at the very least all you need to add is a hub.

> If the server has 2 nic cards, NIC 1 is the input (where the
> server is connected to the outside world through the cable modem. Now
> once connected to the server, the server is to serve it's primary
> purpose of a webserver, but also serve two secondary purposes:
> 1. Firewall for itself as well as the other two computers
> 2. Router, so that the internet can be split to the other two computers
> so that they can both be on, and connected at the same time, along with
> the server.

I strongly discourage having anything additional on the box that acts as
a firewall. IMHO, the whole point of a firewall is a dedicated
box/device to protect the other boxes on the LAN. In the event the
firewall is compromised, you don't want anything else on that box to be
tampered with, and you want as few utilities on the box available to the
cracker to further compromise your LAN.

FIREWALL == MINIMAL AS POSSIBLE


Here's what you can do with your current hardware, just add a hub:

CABLE
xxx.xxx.xxx.xxx
|
|
xxx.xxx.xxx.xxx
ROUTER
192.168.x.254
|
|
------------HUB------------
| | |
| | |
192.168.x.1 | 192.168.x.2
DESKTOP | SERVER
|
192.168.x.3
LAPTOP

In this instance, the router is just passing traffic doing NAT, and
forwarding ports to your server. From the outside, you only have one IP
addy, and appear as a single device.

> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> Of Matt Grab
> Sent: Wednesday, November 06, 2002 9:10 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances

<snip>
Joseph Sites
2002-11-07 15:03:23 UTC
Permalink
ok, all of that makes sense, just to clear up one question, if using a hub,
would all three computer be able to have internet/network traffic at the
same time? i'm not that knowledgeable on networking, i can set up a small 2
computer peer to peer, and set up the stuff i have now with one router and
two computers. i'm not familiar with some of the terms, so i don't know what
NAT is, but i'm guessing that is something in the router that would allow
several computers with different IPs to communicate to each other and the
outside world at the same time, while having their IPs hidden and the only
visible IP to the outside world is the router. now would the built in
firewall in the router be enough, or should i look into getting either a
software firewall for the machines, or a dedicated firewall.

laptop: running red hat 9
desktop: windows XP home
server: undecided yet, but it will definitly be a linux OS (someone
suggested mandrake, not sure if that's the way to go or not, just because of
my lack of knowlege on the subject)




-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
Chris Carbaugh
Sent: Thursday, November 07, 2002 9:48 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: RE: [CP-LUG] servers and appliances


Comments within:


On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> Ok, that all make sense, but the purpose of having a router in my setup
> here at home is so that my current desktop, and laptop can share the
> internet without swapping cables, and so they can both be onilne at the
> same time.

I'm assuming you only have a single IP addy from your ISP, which leads
me to believe your current router can do NAT. If it can port forward as
well, at the very least all you need to add is a hub.

> If the server has 2 nic cards, NIC 1 is the input (where the
> server is connected to the outside world through the cable modem. Now
> once connected to the server, the server is to serve it's primary
> purpose of a webserver, but also serve two secondary purposes:
> 1. Firewall for itself as well as the other two computers
> 2. Router, so that the internet can be split to the other two computers
> so that they can both be on, and connected at the same time, along with
> the server.

I strongly discourage having anything additional on the box that acts as
a firewall. IMHO, the whole point of a firewall is a dedicated
box/device to protect the other boxes on the LAN. In the event the
firewall is compromised, you don't want anything else on that box to be
tampered with, and you want as few utilities on the box available to the
cracker to further compromise your LAN.

FIREWALL == MINIMAL AS POSSIBLE


Here's what you can do with your current hardware, just add a hub:

CABLE
xxx.xxx.xxx.xxx
|
|
xxx.xxx.xxx.xxx
ROUTER
192.168.x.254
|
|
------------HUB------------
| | |
| | |
192.168.x.1 | 192.168.x.2
DESKTOP | SERVER
|
192.168.x.3
LAPTOP

In this instance, the router is just passing traffic doing NAT, and
forwarding ports to your server. From the outside, you only have one IP
addy, and appear as a single device.

> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> Of Matt Grab
> Sent: Wednesday, November 06, 2002 9:10 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances

<snip>
Chris Carbaugh
2002-11-07 15:29:41 UTC
Permalink
For not knowing what NAT is, you explained it quite well :)

Yes, assuming your router isn't limited to the number of IPs it will NAT
for (some devices are limited to force you to upgrade), all of your
machines will have full access all the time. I say full, but not all
protocols work thru NAT, but it seems you've been running the router
already, so you know that.

NAT is what makes it possible to masq multiple boxes behind a single
IP. The HUB will just simple take traffic on one port, and spit it out
the all the others. A switch (which Greg asked about in another email),
will basically learn where everything is, and take traffic in one port,
and send it out only where it's needed.

Now, the other point of concern, is whether this router can port
forward. What is port forwarding?

We've already established that with a NAT'ing router, the outside world
only sees one device, one IP.

With port forwading, the router will take port 80 (HTTP), and
transparently pass all requests it receives on that port to another
internal machine. It will than wait for the that machines response, and
send it back out over the net. The machine that originally requested
the data has no idea that it didn't come directly from the router (the
only external IP).


Chris




On Thu, 2002-11-07 at 10:03, Joseph Sites wrote:
> ok, all of that makes sense, just to clear up one question, if using a hub,
> would all three computer be able to have internet/network traffic at the
> same time? i'm not that knowledgeable on networking, i can set up a small 2
> computer peer to peer, and set up the stuff i have now with one router and
> two computers. i'm not familiar with some of the terms, so i don't know what
> NAT is, but i'm guessing that is something in the router that would allow
> several computers with different IPs to communicate to each other and the
> outside world at the same time, while having their IPs hidden and the only
> visible IP to the outside world is the router. now would the built in
> firewall in the router be enough, or should i look into getting either a
> software firewall for the machines, or a dedicated firewall.
>
> laptop: running red hat 9
> desktop: windows XP home
> server: undecided yet, but it will definitly be a linux OS (someone
> suggested mandrake, not sure if that's the way to go or not, just because of
> my lack of knowlege on the subject)
>
>
>
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> Chris Carbaugh
> Sent: Thursday, November 07, 2002 9:48 AM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: RE: [CP-LUG] servers and appliances
>
>
> Comments within:
>
>
> On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
> I'm assuming you only have a single IP addy from your ISP, which leads
> me to believe your current router can do NAT. If it can port forward as
> well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
> I strongly discourage having anything additional on the box that acts as
> a firewall. IMHO, the whole point of a firewall is a dedicated
> box/device to protect the other boxes on the LAN. In the event the
> firewall is compromised, you don't want anything else on that box to be
> tampered with, and you want as few utilities on the box available to the
> cracker to further compromise your LAN.
>
> FIREWALL == MINIMAL AS POSSIBLE
>
>
> Here's what you can do with your current hardware, just add a hub:
>
> CABLE
> xxx.xxx.xxx.xxx
> |
> |
> xxx.xxx.xxx.xxx
> ROUTER
> 192.168.x.254
> |
> |
> ------------HUB------------
> | | |
> | | |
> 192.168.x.1 | 192.168.x.2
> DESKTOP | SERVER
> |
> 192.168.x.3
> LAPTOP
>
> In this instance, the router is just passing traffic doing NAT, and
> forwarding ports to your server. From the outside, you only have one IP
> addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
> <snip>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Joseph Sites
2002-11-07 15:41:17 UTC
Permalink
ok, all that that makes alot of sense (boy in the last several days i've
learned alot more about networking that i could have hoped for). i will
check in the manual, as well as the control panel for my router and see what
it says about port forwarding.



-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
Chris Carbaugh
Sent: Thursday, November 07, 2002 10:30 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: RE: [CP-LUG] servers and appliances


For not knowing what NAT is, you explained it quite well :)

Yes, assuming your router isn't limited to the number of IPs it will NAT
for (some devices are limited to force you to upgrade), all of your
machines will have full access all the time. I say full, but not all
protocols work thru NAT, but it seems you've been running the router
already, so you know that.

NAT is what makes it possible to masq multiple boxes behind a single
IP. The HUB will just simple take traffic on one port, and spit it out
the all the others. A switch (which Greg asked about in another email),
will basically learn where everything is, and take traffic in one port,
and send it out only where it's needed.

Now, the other point of concern, is whether this router can port
forward. What is port forwarding?

We've already established that with a NAT'ing router, the outside world
only sees one device, one IP.

With port forwading, the router will take port 80 (HTTP), and
transparently pass all requests it receives on that port to another
internal machine. It will than wait for the that machines response, and
send it back out over the net. The machine that originally requested
the data has no idea that it didn't come directly from the router (the
only external IP).


Chris




On Thu, 2002-11-07 at 10:03, Joseph Sites wrote:
> ok, all of that makes sense, just to clear up one question, if using a
hub,
> would all three computer be able to have internet/network traffic at the
> same time? i'm not that knowledgeable on networking, i can set up a small
2
> computer peer to peer, and set up the stuff i have now with one router and
> two computers. i'm not familiar with some of the terms, so i don't know
what
> NAT is, but i'm guessing that is something in the router that would allow
> several computers with different IPs to communicate to each other and the
> outside world at the same time, while having their IPs hidden and the only
> visible IP to the outside world is the router. now would the built in
> firewall in the router be enough, or should i look into getting either a
> software firewall for the machines, or a dedicated firewall.
>
> laptop: running red hat 9
> desktop: windows XP home
> server: undecided yet, but it will definitly be a linux OS (someone
> suggested mandrake, not sure if that's the way to go or not, just because
of
> my lack of knowlege on the subject)
>
>
>
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> Chris Carbaugh
> Sent: Thursday, November 07, 2002 9:48 AM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: RE: [CP-LUG] servers and appliances
>
>
> Comments within:
>
>
> On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
> I'm assuming you only have a single IP addy from your ISP, which leads
> me to believe your current router can do NAT. If it can port forward as
> well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
> I strongly discourage having anything additional on the box that acts as
> a firewall. IMHO, the whole point of a firewall is a dedicated
> box/device to protect the other boxes on the LAN. In the event the
> firewall is compromised, you don't want anything else on that box to be
> tampered with, and you want as few utilities on the box available to the
> cracker to further compromise your LAN.
>
> FIREWALL == MINIMAL AS POSSIBLE
>
>
> Here's what you can do with your current hardware, just add a hub:
>
> CABLE
> xxx.xxx.xxx.xxx
> |
> |
> xxx.xxx.xxx.xxx
> ROUTER
> 192.168.x.254
> |
> |
> ------------HUB------------
> | | |
> | | |
> 192.168.x.1 | 192.168.x.2
> DESKTOP | SERVER
> |
> 192.168.x.3
> LAPTOP
>
> In this instance, the router is just passing traffic doing NAT, and
> forwarding ports to your server. From the outside, you only have one IP
> addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
> <snip>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Chris Carbaugh
2002-11-07 15:55:50 UTC
Permalink
Glad to help. If you have any more questions send them to the list.

Chris


On Thu, 2002-11-07 at 10:41, Joseph Sites wrote:
> ok, all that that makes alot of sense (boy in the last several days i've
> learned alot more about networking that i could have hoped for). i will
> check in the manual, as well as the control panel for my router and see what
> it says about port forwarding.
>
>
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> Chris Carbaugh
> Sent: Thursday, November 07, 2002 10:30 AM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: RE: [CP-LUG] servers and appliances
>
>
> For not knowing what NAT is, you explained it quite well :)
>
> Yes, assuming your router isn't limited to the number of IPs it will NAT
> for (some devices are limited to force you to upgrade), all of your
> machines will have full access all the time. I say full, but not all
> protocols work thru NAT, but it seems you've been running the router
> already, so you know that.
>
> NAT is what makes it possible to masq multiple boxes behind a single
> IP. The HUB will just simple take traffic on one port, and spit it out
> the all the others. A switch (which Greg asked about in another email),
> will basically learn where everything is, and take traffic in one port,
> and send it out only where it's needed.
>
> Now, the other point of concern, is whether this router can port
> forward. What is port forwarding?
>
> We've already established that with a NAT'ing router, the outside world
> only sees one device, one IP.
>
> With port forwading, the router will take port 80 (HTTP), and
> transparently pass all requests it receives on that port to another
> internal machine. It will than wait for the that machines response, and
> send it back out over the net. The machine that originally requested
> the data has no idea that it didn't come directly from the router (the
> only external IP).
>
>
> Chris
>
>
>
>
> On Thu, 2002-11-07 at 10:03, Joseph Sites wrote:
> > ok, all of that makes sense, just to clear up one question, if using a
> hub,
> > would all three computer be able to have internet/network traffic at the
> > same time? i'm not that knowledgeable on networking, i can set up a small
> 2
> > computer peer to peer, and set up the stuff i have now with one router and
> > two computers. i'm not familiar with some of the terms, so i don't know
> what
> > NAT is, but i'm guessing that is something in the router that would allow
> > several computers with different IPs to communicate to each other and the
> > outside world at the same time, while having their IPs hidden and the only
> > visible IP to the outside world is the router. now would the built in
> > firewall in the router be enough, or should i look into getting either a
> > software firewall for the machines, or a dedicated firewall.
> >
> > laptop: running red hat 9
> > desktop: windows XP home
> > server: undecided yet, but it will definitly be a linux OS (someone
> > suggested mandrake, not sure if that's the way to go or not, just because
> of
> > my lack of knowlege on the subject)
> >
> >
> >
> >
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> > Chris Carbaugh
> > Sent: Thursday, November 07, 2002 9:48 AM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: RE: [CP-LUG] servers and appliances
> >
> >
> > Comments within:
> >
> >
> > On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at the
> > > same time.
> >
> > I'm assuming you only have a single IP addy from your ISP, which leads
> > me to believe your current router can do NAT. If it can port forward as
> > well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem. Now
> > > once connected to the server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two computers
> > > so that they can both be on, and connected at the same time, along with
> > > the server.
> >
> > I strongly discourage having anything additional on the box that acts as
> > a firewall. IMHO, the whole point of a firewall is a dedicated
> > box/device to protect the other boxes on the LAN. In the event the
> > firewall is compromised, you don't want anything else on that box to be
> > tampered with, and you want as few utilities on the box available to the
> > cracker to further compromise your LAN.
> >
> > FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> > Here's what you can do with your current hardware, just add a hub:
> >
> > CABLE
> > xxx.xxx.xxx.xxx
> > |
> > |
> > xxx.xxx.xxx.xxx
> > ROUTER
> > 192.168.x.254
> > |
> > |
> > ------------HUB------------
> > | | |
> > | | |
> > 192.168.x.1 | 192.168.x.2
> > DESKTOP | SERVER
> > |
> > 192.168.x.3
> > LAPTOP
> >
> > In this instance, the router is just passing traffic doing NAT, and
> > forwarding ports to your server. From the outside, you only have one IP
> > addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> > <snip>
> >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
> >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Greg Spangler
2002-11-07 15:16:31 UTC
Permalink
Please allow me to jump into this conversation as well as it also concerns
some of the same things I've been working on. Am I correct to assume that I
could use a 16-port switch in place of the hub after the firewall/gateway
thus improving 2-way communication on the network or am I all wet?


----- Original Message -----
From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Thursday, November 07, 2002 9:47 AM
Subject: RE: [CP-LUG] servers and appliances


> Comments within:
>
>
> On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
> I'm assuming you only have a single IP addy from your ISP, which leads
> me to believe your current router can do NAT. If it can port forward as
> well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
> I strongly discourage having anything additional on the box that acts as
> a firewall. IMHO, the whole point of a firewall is a dedicated
> box/device to protect the other boxes on the LAN. In the event the
> firewall is compromised, you don't want anything else on that box to be
> tampered with, and you want as few utilities on the box available to the
> cracker to further compromise your LAN.
>
> FIREWALL == MINIMAL AS POSSIBLE
>
>
> Here's what you can do with your current hardware, just add a hub:
>
> CABLE
> xxx.xxx.xxx.xxx
> |
> |
> xxx.xxx.xxx.xxx
> ROUTER
> 192.168.x.254
> |
> |
> ------------HUB------------
> | | |
> | | |
> 192.168.x.1 | 192.168.x.2
> DESKTOP | SERVER
> |
> 192.168.x.3
> LAPTOP
>
> In this instance, the router is just passing traffic doing NAT, and
> forwarding ports to your server. From the outside, you only have one IP
> addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
> <snip>
>
>
Chris Carbaugh
2002-11-07 15:19:23 UTC
Permalink
Yes a switch is just a souped up HUB :)

I prefer a switch myself, I just mentioned HUB and that is a more
general term.

Chris


On Thu, 2002-11-07 at 10:16, Greg Spangler wrote:
> Please allow me to jump into this conversation as well as it also concerns
> some of the same things I've been working on. Am I correct to assume that I
> could use a 16-port switch in place of the hub after the firewall/gateway
> thus improving 2-way communication on the network or am I all wet?
>
>
> ----- Original Message -----
> From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> Sent: Thursday, November 07, 2002 9:47 AM
> Subject: RE: [CP-LUG] servers and appliances
>
>
> > Comments within:
> >
> >
> > On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at the
> > > same time.
> >
> > I'm assuming you only have a single IP addy from your ISP, which leads
> > me to believe your current router can do NAT. If it can port forward as
> > well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem. Now
> > > once connected to the server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two computers
> > > so that they can both be on, and connected at the same time, along with
> > > the server.
> >
> > I strongly discourage having anything additional on the box that acts as
> > a firewall. IMHO, the whole point of a firewall is a dedicated
> > box/device to protect the other boxes on the LAN. In the event the
> > firewall is compromised, you don't want anything else on that box to be
> > tampered with, and you want as few utilities on the box available to the
> > cracker to further compromise your LAN.
> >
> > FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> > Here's what you can do with your current hardware, just add a hub:
> >
> > CABLE
> > xxx.xxx.xxx.xxx
> > |
> > |
> > xxx.xxx.xxx.xxx
> > ROUTER
> > 192.168.x.254
> > |
> > |
> > ------------HUB------------
> > | | |
> > | | |
> > 192.168.x.1 | 192.168.x.2
> > DESKTOP | SERVER
> > |
> > 192.168.x.3
> > LAPTOP
> >
> > In this instance, the router is just passing traffic doing NAT, and
> > forwarding ports to your server. From the outside, you only have one IP
> > addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> > <snip>
> >
> >
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Joseph Sites
2002-11-07 15:31:39 UTC
Permalink
so would i be ok just getting a small simple little 3 port hub, possibly 4 -
6 in order to have room to expand at a later date with more computers,
servers, etc.
is there any specific thing i would need to look for as far as specs, or
would a regular ordinary hub work. here is a dlink one that i found, would
something like this suffice, or is there something else i should look for:
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?sku=D70
0-1005




-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
Chris Carbaugh
Sent: Thursday, November 07, 2002 10:19 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: Re: [CP-LUG] servers and appliances


Yes a switch is just a souped up HUB :)

I prefer a switch myself, I just mentioned HUB and that is a more
general term.

Chris


On Thu, 2002-11-07 at 10:16, Greg Spangler wrote:
> Please allow me to jump into this conversation as well as it also concerns
> some of the same things I've been working on. Am I correct to assume that
I
> could use a 16-port switch in place of the hub after the firewall/gateway
> thus improving 2-way communication on the network or am I all wet?
>
>
> ----- Original Message -----
> From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> Sent: Thursday, November 07, 2002 9:47 AM
> Subject: RE: [CP-LUG] servers and appliances
>
>
> > Comments within:
> >
> >
> > On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my
setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at
the
> > > same time.
> >
> > I'm assuming you only have a single IP addy from your ISP, which leads
> > me to believe your current router can do NAT. If it can port forward as
> > well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem. Now
> > > once connected to the server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two
computers
> > > so that they can both be on, and connected at the same time, along
with
> > > the server.
> >
> > I strongly discourage having anything additional on the box that acts as
> > a firewall. IMHO, the whole point of a firewall is a dedicated
> > box/device to protect the other boxes on the LAN. In the event the
> > firewall is compromised, you don't want anything else on that box to be
> > tampered with, and you want as few utilities on the box available to the
> > cracker to further compromise your LAN.
> >
> > FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> > Here's what you can do with your current hardware, just add a hub:
> >
> > CABLE
> > xxx.xxx.xxx.xxx
> > |
> > |
> > xxx.xxx.xxx.xxx
> > ROUTER
> > 192.168.x.254
> > |
> > |
> > ------------HUB------------
> > | | |
> > | | |
> > 192.168.x.1 | 192.168.x.2
> > DESKTOP | SERVER
> > |
> > 192.168.x.3
> > LAPTOP
> >
> > In this instance, the router is just passing traffic doing NAT, and
> > forwarding ports to your server. From the outside, you only have one IP
> > addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> > <snip>
> >
> >
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Chris Carbaugh
2002-11-07 15:54:53 UTC
Permalink
TigerDirect wasn't accepting connections just now, but Dlink has a
decent line of products. I bought a 4 port Dlink switch about 2 years
ago and it still working reliably. It was about $80 then, I'm sure
there cheaper now.

Chris

On Thu, 2002-11-07 at 10:31, Joseph Sites wrote:
> so would i be ok just getting a small simple little 3 port hub, possibly 4 -
> 6 in order to have room to expand at a later date with more computers,
> servers, etc.
> is there any specific thing i would need to look for as far as specs, or
> would a regular ordinary hub work. here is a dlink one that i found, would
> something like this suffice, or is there something else i should look for:
> http://www.tigerdirect.com/applications/SearchTools/item-details.asp?sku=D70
> 0-1005
>
>
>
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> Chris Carbaugh
> Sent: Thursday, November 07, 2002 10:19 AM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances
>
>
> Yes a switch is just a souped up HUB :)
>
> I prefer a switch myself, I just mentioned HUB and that is a more
> general term.
>
> Chris
>
>
> On Thu, 2002-11-07 at 10:16, Greg Spangler wrote:
> > Please allow me to jump into this conversation as well as it also concerns
> > some of the same things I've been working on. Am I correct to assume that
> I
> > could use a 16-port switch in place of the hub after the firewall/gateway
> > thus improving 2-way communication on the network or am I all wet?
> >
> >
> > ----- Original Message -----
> > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > Sent: Thursday, November 07, 2002 9:47 AM
> > Subject: RE: [CP-LUG] servers and appliances
> >
> >
> > > Comments within:
> > >
> > >
> > > On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > > Ok, that all make sense, but the purpose of having a router in my
> setup
> > > > here at home is so that my current desktop, and laptop can share the
> > > > internet without swapping cables, and so they can both be onilne at
> the
> > > > same time.
> > >
> > > I'm assuming you only have a single IP addy from your ISP, which leads
> > > me to believe your current router can do NAT. If it can port forward as
> > > well, at the very least all you need to add is a hub.
> > >
> > > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > > server is connected to the outside world through the cable modem. Now
> > > > once connected to the server, the server is to serve it's primary
> > > > purpose of a webserver, but also serve two secondary purposes:
> > > > 1. Firewall for itself as well as the other two computers
> > > > 2. Router, so that the internet can be split to the other two
> computers
> > > > so that they can both be on, and connected at the same time, along
> with
> > > > the server.
> > >
> > > I strongly discourage having anything additional on the box that acts as
> > > a firewall. IMHO, the whole point of a firewall is a dedicated
> > > box/device to protect the other boxes on the LAN. In the event the
> > > firewall is compromised, you don't want anything else on that box to be
> > > tampered with, and you want as few utilities on the box available to the
> > > cracker to further compromise your LAN.
> > >
> > > FIREWALL == MINIMAL AS POSSIBLE
> > >
> > >
> > > Here's what you can do with your current hardware, just add a hub:
> > >
> > > CABLE
> > > xxx.xxx.xxx.xxx
> > > |
> > > |
> > > xxx.xxx.xxx.xxx
> > > ROUTER
> > > 192.168.x.254
> > > |
> > > |
> > > ------------HUB------------
> > > | | |
> > > | | |
> > > 192.168.x.1 | 192.168.x.2
> > > DESKTOP | SERVER
> > > |
> > > 192.168.x.3
> > > LAPTOP
> > >
> > > In this instance, the router is just passing traffic doing NAT, and
> > > forwarding ports to your server. From the outside, you only have one IP
> > > addy, and appear as a single device.
> > >
> > > > -----Original Message-----
> > > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > > Of Matt Grab
> > > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > > Subject: Re: [CP-LUG] servers and appliances
> > >
> > > <snip>
> > >
> > >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Joseph Sites
2002-11-07 16:06:34 UTC
Permalink
yeah, the one that i sent the link about was a 5 port 10/100 autoswitching
hub and runs about 40 dollars before rebate

-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
Chris Carbaugh
Sent: Thursday, November 07, 2002 10:55 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: RE: [CP-LUG] servers and appliances


TigerDirect wasn't accepting connections just now, but Dlink has a
decent line of products. I bought a 4 port Dlink switch about 2 years
ago and it still working reliably. It was about $80 then, I'm sure
there cheaper now.

Chris

On Thu, 2002-11-07 at 10:31, Joseph Sites wrote:
> so would i be ok just getting a small simple little 3 port hub, possibly
4 -
> 6 in order to have room to expand at a later date with more computers,
> servers, etc.
> is there any specific thing i would need to look for as far as specs, or
> would a regular ordinary hub work. here is a dlink one that i found, would
> something like this suffice, or is there something else i should look for:
>
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?sku=D70
> 0-1005
>
>
>
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
> Chris Carbaugh
> Sent: Thursday, November 07, 2002 10:19 AM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances
>
>
> Yes a switch is just a souped up HUB :)
>
> I prefer a switch myself, I just mentioned HUB and that is a more
> general term.
>
> Chris
>
>
> On Thu, 2002-11-07 at 10:16, Greg Spangler wrote:
> > Please allow me to jump into this conversation as well as it also
concerns
> > some of the same things I've been working on. Am I correct to assume
that
> I
> > could use a 16-port switch in place of the hub after the
firewall/gateway
> > thus improving 2-way communication on the network or am I all wet?
> >
> >
> > ----- Original Message -----
> > From: "Chris Carbaugh" <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org>
> > To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
> > Sent: Thursday, November 07, 2002 9:47 AM
> > Subject: RE: [CP-LUG] servers and appliances
> >
> >
> > > Comments within:
> > >
> > >
> > > On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > > Ok, that all make sense, but the purpose of having a router in my
> setup
> > > > here at home is so that my current desktop, and laptop can share the
> > > > internet without swapping cables, and so they can both be onilne at
> the
> > > > same time.
> > >
> > > I'm assuming you only have a single IP addy from your ISP, which leads
> > > me to believe your current router can do NAT. If it can port forward
as
> > > well, at the very least all you need to add is a hub.
> > >
> > > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > > server is connected to the outside world through the cable modem.
Now
> > > > once connected to the server, the server is to serve it's primary
> > > > purpose of a webserver, but also serve two secondary purposes:
> > > > 1. Firewall for itself as well as the other two computers
> > > > 2. Router, so that the internet can be split to the other two
> computers
> > > > so that they can both be on, and connected at the same time, along
> with
> > > > the server.
> > >
> > > I strongly discourage having anything additional on the box that acts
as
> > > a firewall. IMHO, the whole point of a firewall is a dedicated
> > > box/device to protect the other boxes on the LAN. In the event the
> > > firewall is compromised, you don't want anything else on that box to
be
> > > tampered with, and you want as few utilities on the box available to
the
> > > cracker to further compromise your LAN.
> > >
> > > FIREWALL == MINIMAL AS POSSIBLE
> > >
> > >
> > > Here's what you can do with your current hardware, just add a hub:
> > >
> > > CABLE
> > > xxx.xxx.xxx.xxx
> > > |
> > > |
> > > xxx.xxx.xxx.xxx
> > > ROUTER
> > > 192.168.x.254
> > > |
> > > |
> > > ------------HUB------------
> > > | | |
> > > | | |
> > > 192.168.x.1 | 192.168.x.2
> > > DESKTOP | SERVER
> > > |
> > > 192.168.x.3
> > > LAPTOP
> > >
> > > In this instance, the router is just passing traffic doing NAT, and
> > > forwarding ports to your server. From the outside, you only have one
IP
> > > addy, and appear as a single device.
> > >
> > > > -----Original Message-----
> > > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On
Behalf
> > > > Of Matt Grab
> > > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > > Subject: Re: [CP-LUG] servers and appliances
> > >
> > > <snip>
> > >
> > >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Scott Witmer
2002-11-07 16:05:01 UTC
Permalink
Hi ,

As far as I know the difference between a switch and a hub is that the
switch has separate collision domains. Each port on a switch is it's own
network segment vs. one shared segment on a hub. Can someone speak to
this, correcting and clarifying if necessary.

-Scott
Chris Carbaugh
2002-11-07 16:19:33 UTC
Permalink
It's been a while since I read up on this, but that seems about right.

I also distinguished them by saying a hub is just a repeater, it has no
intelligents. Where as a switch will actually read the packets it's
passing through, study them, define a table, and route them in the most
efficient manner.

Some good reading on this can be found in 3Com's docs, which are
available on their site.

Chris


On Thu, 2002-11-07 at 11:05, Scott Witmer wrote:
>
> Hi ,
>
> As far as I know the difference between a switch and a hub is that the
> switch has separate collision domains. Each port on a switch is it's own
> network segment vs. one shared segment on a hub. Can someone speak to
> this, correcting and clarifying if necessary.
>
> -Scott
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
alayne helmus
2002-11-07 16:32:53 UTC
Permalink
hhhmmmmm..........good definition, thanks.
Chris Carbaugh <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org> wrote:It's been a while since I read up on this, but that seems about right.

I also distinguished them by saying a hub is just a repeater, it has no
intelligents. Where as a switch will actually read the packets it's
passing through, study them, define a table, and route them in the most
efficient manner.

Some good reading on this can be found in 3Com's docs, which are
available on their site.

Chris


On Thu, 2002-11-07 at 11:05, Scott Witmer wrote:
>
> Hi ,
>
> As far as I know the difference between a switch and a hub is that the
> switch has separate collision domains. Each port on a switch is it's own
> network segment vs. one shared segment on a hub. Can someone speak to
> this, correcting and clarifying if necessary.
>
> -Scott
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug


_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Scott Witmer
2002-11-07 16:47:42 UTC
Permalink
At 11:19 AM 11/7/2002 -0500, you wrote:
>It's been a while since I read up on this, but that seems about right.
>
>I also distinguished them by saying a hub is just a repeater, it has no
>intelligents. Where as a switch will actually read the packets it's
>passing through, study them, define a table, and route them in the most
>efficient manner.



is the above true? sounds like the description of a router. i didn't
think a switch would do all that but i am certainly not an expert and am
speaking off the tip of my tongue.




>Some good reading on this can be found in 3Com's docs, which are
>available on their site.
>
>Chris
>
>
>On Thu, 2002-11-07 at 11:05, Scott Witmer wrote:
> >
> > Hi ,
> >
> > As far as I know the difference between a switch and a hub is that the
> > switch has separate collision domains. Each port on a switch is it's own
> > network segment vs. one shared segment on a hub. Can someone speak to
> > this, correcting and clarifying if necessary.
> >
> > -Scott
> >
> > _______________________________________________
> > CPLUG mailing list
> > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > http://lists.talos4.net/mailman/listinfo/cplug
>
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
Matt Grab
2002-11-07 16:58:01 UTC
Permalink
Yes a switch sounds like a router. But switches only route ethernet packets.
Routers can route IP packets and more. I think a router is often called a
layer3 switch. It's based on the OSI model.
Matt


On Thursday 07 November 2002 11:47 am, Scott Witmer wrote:
> At 11:19 AM 11/7/2002 -0500, you wrote:
> >It's been a while since I read up on this, but that seems about right.
> >
> >I also distinguished them by saying a hub is just a repeater, it has no
> >intelligents. Where as a switch will actually read the packets it's
> >passing through, study them, define a table, and route them in the most
> >efficient manner.
>
> is the above true? sounds like the description of a router. i didn't
> think a switch would do all that but i am certainly not an expert and am
> speaking off the tip of my tongue.
>
> >Some good reading on this can be found in 3Com's docs, which are
> >available on their site.
> >
> >Chris
> >
> >On Thu, 2002-11-07 at 11:05, Scott Witmer wrote:
> > > Hi ,
> > >
> > > As far as I know the difference between a switch and a hub is that the
> > > switch has separate collision domains. Each port on a switch is it's
> > > own network segment vs. one shared segment on a hub. Can someone speak
> > > to this, correcting and clarifying if necessary.
> > >
> > > -Scott
> > >
> > > _______________________________________________
> > > CPLUG mailing list
> > > CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > http://lists.talos4.net/mailman/listinfo/cplug
> >
> >_______________________________________________
> >CPLUG mailing list
> >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >http://lists.talos4.net/mailman/listinfo/cplug
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Todd Gearhart
2002-11-07 16:23:49 UTC
Permalink
Scott is correct when stating that each port on a switch has separate
collision domains, in other words, there is a "virtual circuit" made
between two ports as they are transmitting. The virtual circuits are
switched very frequently and quickly, hence the name switch :-).

You will get faster speeds because the switch prevents collisions, but
only if there is a decent amount of network traffic. Besides the
coolness factor, a home network probably (YMMV) wouldn't need a switch,
but I would definitely get one for a work environment with more than 2
computers (and more frequent file transfers)

Todd

-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
Of Scott Witmer
Sent: Thursday, November 07, 2002 11:05 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: [CP-LUG] switch vs. hub


Hi ,

As far as I know the difference between a switch and a hub is that the
switch has separate collision domains. Each port on a switch is it's
own
network segment vs. one shared segment on a hub. Can someone speak to
this, correcting and clarifying if necessary.

-Scott
alayne helmus
2002-11-07 16:35:36 UTC
Permalink
also very clear, thanks,.
Todd Gearhart <tebbs-NTXU5EFYMyg4d9/***@public.gmane.org> wrote:Scott is correct when stating that each port on a switch has separate
collision domains, in other words, there is a "virtual circuit" made
between two ports as they are transmitting. The virtual circuits are
switched very frequently and quickly, hence the name switch :-).

You will get faster speeds because the switch prevents collisions, but
only if there is a decent amount of network traffic. Besides the
coolness factor, a home network probably (YMMV) wouldn't need a switch,
but I would definitely get one for a work environment with more than 2
computers (and more frequent file transfers)

Todd

-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
Of Scott Witmer
Sent: Thursday, November 07, 2002 11:05 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: [CP-LUG] switch vs. hub


Hi ,

As far as I know the difference between a switch and a hub is that the
switch has separate collision domains. Each port on a switch is it's
own
network segment vs. one shared segment on a hub. Can someone speak to
this, correcting and clarifying if necessary.

-Scott

_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug

_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
alayne helmus
2002-11-07 16:05:23 UTC
Permalink
newbie here: so where's the firewall on your setup at the bottom. i understand the setup because that is what i have configured at home (albeit windows). does the router have the 'intelligence capabilities' to act as a firewall? sorry if dumb question. also, providing i have enough ports on my router, do you think i will have any 'issues' adding a 4th computer but as a linux box? i think the answer is no, but sort of want to head off any problems.
Chris Carbaugh <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org> wrote:Comments within:


On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> Ok, that all make sense, but the purpose of having a router in my setup
> here at home is so that my current desktop, and laptop can share the
> internet without swapping cables, and so they can both be onilne at the
> same time.

I'm assuming you only have a single IP addy from your ISP, which leads
me to believe your current router can do NAT. If it can port forward as
well, at the very least all you need to add is a hub.

> If the server has 2 nic cards, NIC 1 is the input (where the
> server is connected to the outside world through the cable modem. Now
> once connected to the server, the server is to serve it's primary
> purpose of a webserver, but also serve two secondary purposes:
> 1. Firewall for itself as well as the other two computers
> 2. Router, so that the internet can be split to the other two computers
> so that they can both be on, and connected at the same time, along with
> the server.

I strongly discourage having anything additional on the box that acts as
a firewall. IMHO, the whole point of a firewall is a dedicated
box/device to protect the other boxes on the LAN. In the event the
firewall is compromised, you don't want anything else on that box to be
tampered with, and you want as few utilities on the box available to the
cracker to further compromise your LAN.

FIREWALL == MINIMAL AS POSSIBLE


Here's what you can do with your current hardware, just add a hub:

CABLE
xxx.xxx.xxx.xxx
|
|
xxx.xxx.xxx.xxx
ROUTER
192.168.x.254
|
|
------------HUB------------
| | |
| | |
192.168.x.1 | 192.168.x.2
DESKTOP | SERVER
|
192.168.x.3
LAPTOP

In this instance, the router is just passing traffic doing NAT, and
forwarding ports to your server. From the outside, you only have one IP
addy, and appear as a single device.

> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> Of Matt Grab
> Sent: Wednesday, November 06, 2002 9:10 PM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: Re: [CP-LUG] servers and appliances



_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Scott Witmer
2002-11-07 16:11:32 UTC
Permalink
good question. i think some terminologies need cleared up. the "little
black box" routers are actually switches with a built in gateway. the
gateway does the NAT and includes the firewall. you can also setup the
linux box to act as either a router (doing the NAT and traffic) or a
firewall or both. not a dumb question at all. you shouldn't have any
problem adding as many machines as you want and your hub or switch can
support. and as usual please correct me if necessary.

-Scott



At 08:05 AM 11/7/2002 -0800, you wrote:

>newbie here: so where's the firewall on your setup at the bottom. i
>understand the setup because that is what i have configured at home
>(albeit windows). does the router have the 'intelligence capabilities' to
>act as a firewall? sorry if dumb question. also, providing i have enough
>ports on my router, do you think i will have any 'issues' adding a 4th
>computer but as a linux box? i think the answer is no, but sort of want to
>head off any problems.
>
> Chris Carbaugh <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org> wrote:
>Comments within:
>
>
>
>On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
>I'm assuming you only have a single IP addy from your ISP, which leads
>me to believe your current router can do NAT. If it can port forward as
>well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
>I strongly discourage having anything additional on the box that acts as
>a firewall. IMHO, the whole point of a firewall is a dedicated
>box/device to protect the other boxes on the LAN. In the event the
>firewall is compromised, you don't want anything else on that box to be
>tampered with, and you want as few utilities on the box available to the
>cracker to further compromise your LAN.
>
>FIREWALL == MINIMAL AS POSSIBLE
>
>
>
>Here's what you can do with your current hardware, just add a hub:
>
>CABLE
>xxx.xxx.xxx.xxx
>|
>|
>xxx.xxx.xxx.xxx
>ROUTER
>192.168.x.254
>|
>|
>------------HUB------------
>| | |
>| | |
>192.168.x.1 | 192.168.x.2
>DESKTOP | SERVER
>|
>192.168.x.3
>LAPTOP
>
>In this instance, the router is just passing traffic doing NAT, and
>forwarding ports to your server. From the ou tside, you only have one IP
>addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
>
>
>
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
><http://rd.yahoo.com/launch/mailsig/*http://launch.yahoo.com/u2>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD
alayne helmus
2002-11-07 16:27:05 UTC
Permalink
so as long as my machines have nics then it shouldn't matter that i mix OSs (linux, windows 98v2, windows 2000) and connect to my router. thanks.
Scott Witmer <witmers-J/***@public.gmane.org> wrote:


good question. i think some terminologies need cleared up. the "little
black box" routers are actually switches with a built in gateway. the
gateway does the NAT and includes the firewall. you can also setup the
linux box to act as either a router (doing the NAT and traffic) or a
firewall or both. not a dumb question at all. you shouldn't have any
problem adding as many machines as you want and your hub or switch can
support. and as usual please correct me if necessary.

-Scott



At 08:05 AM 11/7/2002 -0800, you wrote:

>newbie here: so where's the firewall on your setup at the bottom. i
>understand the setup because that is what i have configured at home
>(albeit windows). does the router have the 'intelligence capabilities' to
>act as a firewall? sorry if dumb question. also, providing i have enough
>ports on my router, do you think i will have any 'issues' adding a 4th
>computer but as a linux box? i think the answer is no, but sort of want to
>head off any problems.
>
> Chris Carbaugh wrote:
>Comments within:
>
>
>
>On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
>I'm assuming you only have a single IP addy from your ISP, which leads
>me to believe your current router can do NAT. If it can port forward as
>well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
>I strongly discourage having anything additional on the box that acts as
>a firewall. IMHO, the whole point of a firewall is a dedicated
>box/device to protect the other boxes on the LAN. In the event the
>firewall is compromised, you don't want anything else on that box to be
>tampered with, and you want as few utilities on the box available to the
>cracker to further compromise your LAN.
>
>FIREWALL == MINIMAL AS POSSIBLE
>
>
>
>Here's what you can do with your current hardware, just add a hub:
>
>CABLE
>xxx.xxx.xxx.xxx
>|
>|
>xxx.xxx.xxx.xxx
>ROUTER
>192.168.x.254
>|
>|
>------------HUB------------
>| | |
>| | |
>192.168.x.1 | 192.168.x.2
>DESKTOP | SERVER
>|
>192.168.x.3
>LAPTOP
>
>In this instance, the router is just passing traffic doing NAT, and
>forwarding ports to your server. From the ou tside, you only have one IP
>addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
>
>
>
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD

_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Scott Witmer
2002-11-07 16:46:09 UTC
Permalink
Nope, shouldn't matter one bit as long as they are all using TCP/IP


At 08:27 AM 11/7/2002 -0800, you wrote:

>so as long as my machines have nics then it shouldn't matter that i mix
>OSs (linux, windows 98v2, windows 2000) and connect to my router. thanks.
>
> Scott Witmer <witmers-J/***@public.gmane.org> wrote:
>
>
>
>good question. i think some terminologies need cleared up. the "little
>black box" routers are actually switches with a built in gateway. the
>gateway does the NAT and includes the firewall. you can also setup the
>linux box to act as either a router (doing the NAT and traffic) or a
>firewall or both. not a dumb question at all. you shouldn't have any
>problem adding as many machines as you want and your hub or switch can
>support. and as usual please correct me if necessary.
>
>-Scott
>
>
>
>
>
>At 08:05 AM 11/7/2002 -0800, you wrote:
>
> >newbie here: so where's the firewall on your setup at the bottom. i
> >understand the setup because that is what i have configured at home
> >(albeit windows). does the router have the 'intelligence capabilities' to
> >act as a firewall? sorry if dumb question. also, providing i have enough
> >ports on my router, do you think i will have any 'issues' adding a 4th
> >computer but as a linux box? i think the answer is no, but sort of want to
> >head off any problems.
> >
> > Chris Carbaugh wrote:
> >Comments within:
> >
> >
> >
> >On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at the
> > > same time.
> >
> >I'm assuming you only have a single IP addy from your ISP, which leads
> >me to believe your current router can do NAT. If it can port forward as
> >well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem. Now
> > > once connected to t he server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two computers
> > > so that they can both be on, and connected at the same time, along with
> > > the server.
> >
> >I strongly discourage having anything additional on the box that acts as
> >a firewall. IMHO, the whole point of a firewall is a dedicated
> >box/device to protect the other boxes on the LAN. In the event the
> >firewall is compromised, you don't want anything else on that box to be
> >tampered with, and you want as few utilities on the box available to the
> >cracker to further compromise your LAN.
> >
> >FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> >
> >Here's what you can do with your current hardware, just add a hub:
> >
> >CABLE
> >xxx.xxx.xxx.xxx
> >|
> >|
> >xxx.xxx.xxx.xxx
> >ROUTER
> >192.168.x.254
> >|
> >|
> >------------HUB------------
> >| | |
> >| | |
> >192.168.x.1 | 192.168.x.2
> >DESKTOP | SERVER
> >|
> >192.168.x.3
> >LAPTOP
> >
> >In this instance, the router is just passing traffic doing NAT, and
> >forwarding ports to your server. From the ou tside, you only have one IP
> >addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> >
> >
> >
> >
> >_______________________________________________
> >CPLUG mailing list
> >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >http://lists.talos4.net/mailman/listinfo/cplug
> >
> >
> >
> >Do you Yahoo!?
> >U2 on
> >LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
><http://rd.yahoo.com/launch/mailsig/*http://launch.yahoo.com/u2>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD
alayne helmus
2002-11-07 16:29:30 UTC
Permalink
is NAT an acronym?
Scott Witmer <witmers-J/***@public.gmane.org> wrote:


good question. i think some terminologies need cleared up. the "little
black box" routers are actually switches with a built in gateway. the
gateway does the NAT and includes the firewall. you can also setup the
linux box to act as either a router (doing the NAT and traffic) or a
firewall or both. not a dumb question at all. you shouldn't have any
problem adding as many machines as you want and your hub or switch can
support. and as usual please correct me if necessary.

-Scott



At 08:05 AM 11/7/2002 -0800, you wrote:

>newbie here: so where's the firewall on your setup at the bottom. i
>understand the setup because that is what i have configured at home
>(albeit windows). does the router have the 'intelligence capabilities' to
>act as a firewall? sorry if dumb question. also, providing i have enough
>ports on my router, do you think i will have any 'issues' adding a 4th
>computer but as a linux box? i think the answer is no, but sort of want to
>head off any problems.
>
> Chris Carbaugh wrote:
>Comments within:
>
>
>
>On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
>I'm assuming you only have a single IP addy from your ISP, which leads
>me to believe your current router can do NAT. If it can port forward as
>well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
>I strongly discourage having anything additional on the box that acts as
>a firewall. IMHO, the whole point of a firewall is a dedicated
>box/device to protect the other boxes on the LAN. In the event the
>firewall is compromised, you don't want anything else on that box to be
>tampered with, and you want as few utilities on the box available to the
>cracker to further compromise your LAN.
>
>FIREWALL == MINIMAL AS POSSIBLE
>
>
>
>Here's what you can do with your current hardware, just add a hub:
>
>CABLE
>xxx.xxx.xxx.xxx
>|
>|
>xxx.xxx.xxx.xxx
>ROUTER
>192.168.x.254
>|
>|
>------------HUB------------
>| | |
>| | |
>192.168.x.1 | 192.168.x.2
>DESKTOP | SERVER
>|
>192.168.x.3
>LAPTOP
>
>In this instance, the router is just passing traffic doing NAT, and
>forwarding ports to your server. From the ou tside, you only have one IP
>addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
>
>
>
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD

_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Todd Gearhart
2002-11-07 16:45:19 UTC
Permalink
is NAT an acronym?

Yes.

NAT stands for Network Address Translation

If I understand it correctly, to the outside world, your entire internal
network appears as one ip address. NAT is great if you have a bunch of
computers that just need internet access but will not have computers
connecting from the Internet (i.e. a server). NAT also allows you to
"pick your own" ip address space for the your internal network.

Basically, if you are not running any type of server, NAT is a simple
way to gain more security from outside attacks, and is transparent to
the client computers within the network.

Hopefully that helps you!

Todd

-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
Of alayne helmus
Sent: Thursday, November 07, 2002 11:30 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: RE: [CP-LUG] servers and appliances

is NAT an acronym?
Scott Witmer <witmers-J/***@public.gmane.org> wrote:



good question. i think some terminologies need cleared up. the "little
black box" routers are actually switches with a built in gateway. the
gateway does the NAT and includes the firewall. you can also setup the
linux box to act as either a router (doing the NAT and traffic) or a
firewall or both. not a dumb question at all. you shouldn't have any
problem adding as many machines as you want and your hub or switch can
support. and as usual please correct me if necessary.

-Scott



At 08:05 AM 11/7/2002 -0800, you wrote:

>newbie here: so where's the firewall on your setup at the bottom. i
>understand the setup because that is what i have configured at home
>(albeit windows). does the router have the 'intelligence capabilities'
to
>act as a firewall? sorry if dumb question. also, providing i have
enough
>ports on my router, do you think i will have any 'issues' adding a 4th
>computer but as a linux box? i think the answer is no, but sort of want
to
>head off any problems.
>
> Chris Carbaugh wrote:
>Comments within:
>
>
>
>On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my
setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at
the
> > same time.
>
>I'm assuming you only have a single IP addy from your ISP, which leads
>me to believe your current router can do NAT. If it can port forward as
>well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem.
Now
> > once connected to t he server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two
computers
> > so that they can both be on, and connected at the same time, along
with
> > the server.
>
>I strongly discourage having anything additional on the box that acts
as
>a firewall. IMHO, the whole point of a firewall is a dedicated
>box/device to protect the other boxes on the LAN. In the event the
>firewall is compromised, you don't want anything else on that box to be
>tampered with, and you want as few utilities on the box available to
the
>cracker to further compromise your LAN.
>
>FIREWALL == MINIMAL AS POSSIBLE
>
>
>
>Here's what you can do with your current hardware, just add a hub:
>
>CABLE
>xxx.xxx.xxx.xxx
>|
>|
>xxx.xxx.xxx.xxx
>ROUTER
>192.168.x.254
>|
>|
>------------HUB------------
>| | |
>| | |
>192.168.x.1 | 192.168.x.2
>DESKTOP | SERVER
>|
>192.168.x.3
>LAPTOP
>
>In this instance, the router is just passing traffic doing NAT, and
>forwarding ports to your server. From the ou tside, you only have one
IP
>addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On
Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
>
>
>
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD

_______________________________________________
CPLUG mailing list
CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
http://lists.talos4.net/mailman/listinfo/cplug

_____

Do you Yahoo!?
U2 on <http://rd.yahoo.com/launch/mailsig/*http:/launch.yahoo.com/u2>
LAUNCH - Exclusive medley & videos from Greatest Hits CD
Greg Spangler
2002-11-08 02:32:50 UTC
Permalink
Now I have a question. You say if you're not running any kind of server but
what if you are. I'm now trying to plan a system where the dsl modem feeds a
firewall/gateway/router/vpn box running leaf off a cd into a 16 port switch
feeding a web server/mail server running mandrake 9.0 pro and a file
server/print server running windows .net server and currently 5 user boxes
accessing the database on the file server. Will this model work or do I need
to quick make some radical changes? Help!


----- Original Message -----
From: "Todd Gearhart" <tebbs-NTXU5EFYMyg4d9/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Thursday, November 07, 2002 11:45 AM
Subject: RE: [CP-LUG] servers and appliances


> is NAT an acronym?
>
> Yes.
>
> NAT stands for Network Address Translation
>
> If I understand it correctly, to the outside world, your entire internal
> network appears as one ip address. NAT is great if you have a bunch of
> computers that just need internet access but will not have computers
> connecting from the Internet (i.e. a server). NAT also allows you to
> "pick your own" ip address space for the your internal network.
>
> Basically, if you are not running any type of server, NAT is a simple
> way to gain more security from outside attacks, and is transparent to
> the client computers within the network.
>
> Hopefully that helps you!
>
> Todd
>
> -----Original Message-----
> From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> Of alayne helmus
> Sent: Thursday, November 07, 2002 11:30 AM
> To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> Subject: RE: [CP-LUG] servers and appliances
>
> is NAT an acronym?
> Scott Witmer <witmers-J/***@public.gmane.org> wrote:
>
>
>
> good question. i think some terminologies need cleared up. the "little
> black box" routers are actually switches with a built in gateway. the
> gateway does the NAT and includes the firewall. you can also setup the
> linux box to act as either a router (doing the NAT and traffic) or a
> firewall or both. not a dumb question at all. you shouldn't have any
> problem adding as many machines as you want and your hub or switch can
> support. and as usual please correct me if necessary.
>
> -Scott
>
>
>
> At 08:05 AM 11/7/2002 -0800, you wrote:
>
> >newbie here: so where's the firewall on your setup at the bottom. i
> >understand the setup because that is what i have configured at home
> >(albeit windows). does the router have the 'intelligence capabilities'
> to
> >act as a firewall? sorry if dumb question. also, providing i have
> enough
> >ports on my router, do you think i will have any 'issues' adding a 4th
> >computer but as a linux box? i think the answer is no, but sort of want
> to
> >head off any problems.
> >
> > Chris Carbaugh wrote:
> >Comments within:
> >
> >
> >
> >On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my
> setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at
> the
> > > same time.
> >
> >I'm assuming you only have a single IP addy from your ISP, which leads
> >me to believe your current router can do NAT. If it can port forward as
> >well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem.
> Now
> > > once connected to t he server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two
> computers
> > > so that they can both be on, and connected at the same time, along
> with
> > > the server.
> >
> >I strongly discourage having anything additional on the box that acts
> as
> >a firewall. IMHO, the whole point of a firewall is a dedicated
> >box/device to protect the other boxes on the LAN. In the event the
> >firewall is compromised, you don't want anything else on that box to be
> >tampered with, and you want as few utilities on the box available to
> the
> >cracker to further compromise your LAN.
> >
> >FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> >
> >Here's what you can do with your current hardware, just add a hub:
> >
> >CABLE
> >xxx.xxx.xxx.xxx
> >|
> >|
> >xxx.xxx.xxx.xxx
> >ROUTER
> >192.168.x.254
> >|
> >|
> >------------HUB------------
> >| | |
> >| | |
> >192.168.x.1 | 192.168.x.2
> >DESKTOP | SERVER
> >|
> >192.168.x.3
> >LAPTOP
> >
> >In this instance, the router is just passing traffic doing NAT, and
> >forwarding ports to your server. From the ou tside, you only have one
> IP
> >addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On
> Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> >
> >
> >
> >
> >_______________________________________________
> >CPLUG mailing list
> >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >http://lists.talos4.net/mailman/listinfo/cplug
> >
> >
> >
> >Do you Yahoo!?
> >U2 on
> >LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
> _____
>
> Do you Yahoo!?
> U2 on <http://rd.yahoo.com/launch/mailsig/*http:/launch.yahoo.com/u2>
> LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
Mike Hancock
2002-11-08 05:48:54 UTC
Permalink
--- Greg Spangler <gspangler_mckenzie-***@public.gmane.org> wrote:
> Now I have a question. You say if you're not running
> any kind of server but
> what if you are. I'm now trying to plan a system
> where the dsl modem feeds a
> firewall/gateway/router/vpn box running leaf off a
> cd into a 16 port switch
> feeding a web server/mail server running mandrake
> 9.0 pro and a file
> server/print server running windows .net server and
> currently 5 user boxes
> accessing the database on the file server. Will this
> model work or do I need
> to quick make some radical changes? Help!
>

Yes as long as the firewall can port forward it will
work fine


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
Greg Spangler
2002-11-08 19:53:24 UTC
Permalink
The firewall box I'm looking to build will actually be a barebones computer:
VIA 650MHz CPU, 32MB RAM, CD-ROM, (2) NIC's and (2) Modems. I'm planning to
use LEAF wich some of the good folks here at this user's group recommended.
I haven't actually downloaded the OS yet but it sounds like it should do the
job. If you would like to check it out here's the URL for the site:
http://leaf.sourceforge.net/ Now I'm planning to burn the OS and something
like an autoexec.bat file (sorry, still just in the learning stage of linux
and don't know the terminology yet) to CD. I'd like to run this machine
without a monitor/video card or a keyboard/mouse, kind of like one of the
appliance devices on the market but capabilities more like a real router and
easily reconfigured (just burn a new CD.) I've also considered the
possibility of hooking up one of those little USB SD memory or Compact Flash
readers w/ a 16 - 64MB card in case I need to make additions or changes.
Please, you or anyone knowledgeable in the group feel free to make
suggestions, comments, etc. as I'm the guru at work for Windows but I'm
kinda feeling my way in the dark with the advanced networking and linux
stuff. After I get this all built, finish the database and get this all
working I do plan to really learn linux. I can already see where it's got a
lot more potential than Windows and shouldn't be the endless money pit
Microsoft software tends to be.


----- Original Message -----
From: "Mike Hancock" <oemgr-/***@public.gmane.org>
To: <cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org>
Sent: Friday, November 08, 2002 12:48 AM
Subject: Re: [CP-LUG] servers and appliances


>
> --- Greg Spangler <gspangler_mckenzie-***@public.gmane.org> wrote:
> > Now I have a question. You say if you're not running
> > any kind of server but
> > what if you are. I'm now trying to plan a system
> > where the dsl modem feeds a
> > firewall/gateway/router/vpn box running leaf off a
> > cd into a 16 port switch
> > feeding a web server/mail server running mandrake
> > 9.0 pro and a file
> > server/print server running windows .net server and
> > currently 5 user boxes
> > accessing the database on the file server. Will this
> > model work or do I need
> > to quick make some radical changes? Help!
> >
>
> Yes as long as the firewall can port forward it will
> work fine
>
>
> __________________________________________________
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive greatest hits videos
> http://launch.yahoo.com/u2
>
>
>
Scott Witmer
2002-11-07 16:44:30 UTC
Permalink
Network Address Translation

At 08:29 AM 11/7/2002 -0800, you wrote:

>is NAT an acronym?
>
> Scott Witmer <witmers-J/***@public.gmane.org> wrote:
>
>
>
>good question. i think some terminologies need cleared up. the "little
>black box" routers are actually switches with a built in gateway. the
>gateway does the NAT and includes the firewall. you can also setup the
>linux box to act as either a router (doing the NAT and traffic) or a
>firewall or both. not a dumb question at all. you shouldn't have any
>problem adding as many machines as you want and your hub or switch can
>support. and as usual please correct me if necessary.
>
>-Scott
>
>
>
>
>
>At 08:05 AM 11/7/2002 -0800, you wrote:
>
> >newbie here: so where's the firewall on your setup at the bottom. i
> >understand the setup because that is what i have configured at home
> >(albeit windows). does the router have the 'intelligence capabilities' to
> >act as a firewall? sorry if dumb question. also, providing i have enough
> >ports on my router, do you think i will have any 'issues' adding a 4th
> >computer but as a linux box? i think the answer is no, but sort of want to
> >head off any problems.
> >
> > Chris Carbaugh wrote:
> >Comments within:
> >
> >
> >
> >On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at the
> > > same time.
> >
> >I'm assuming you only have a single IP addy from your ISP, which leads
> >me to believe your current router can do NAT. If it can port forward as
> >well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem. Now
> > > once connected to t he server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two computers
> > > so that they can both be on, and connected at the same time, along with
> > > the server.
> >
> >I strongly discourage having anything additional on the box that acts as
> >a firewall. IMHO, the whole point of a firewall is a dedicated
> >box/device to protect the other boxes on the LAN. In the event the
> >firewall is compromised, you don't want anything else on that box to be
> >tampered with, and you want as few utilities on the box available to the
> >cracker to further compromise your LAN.
> >
> >FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> >
> >Here's what you can do with your current hardware, just add a hub:
> >
> >CABLE
> >xxx.xxx.xxx.xxx
> >|
> >|
> >xxx.xxx.xxx.xxx
> >ROUTER
> >192.168.x.254
> >|
> >|
> >------------HUB------------
> >| | |
> >| | |
> >192.168.x.1 | 192.168.x.2
> >DESKTOP | SERVER
> >|
> >192.168.x.3
> >LAPTOP
> >
> >In this instance, the router is just passing traffic doing NAT, and
> >forwarding ports to your server. From the ou tside, you only have one IP
> >addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> >
> >
> >
> >
> >_______________________________________________
> >CPLUG mailing list
> >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >http://lists.talos4.net/mailman/listinfo/cplug
> >
> >
> >
> >Do you Yahoo!?
> >U2 on
> >LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
><http://rd.yahoo.com/launch/mailsig/*http://launch.yahoo.com/u2>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD
Scott Witmer
2002-11-07 16:54:59 UTC
Permalink
This site used to be really great for definitions, acronyms etc. It looks
like it has changed since I used to check it out years ago but is probably
still useful. It had a reasonable definition of NAT.


http://www.whatis.com




At 08:29 AM 11/7/2002 -0800, you wrote:

>is NAT an acronym?
>
> Scott Witmer <witmers-J/***@public.gmane.org> wrote:
>
>
>
>good question. i think some terminologies need cleared up. the "little
>black box" routers are actually switches with a built in gateway. the
>gateway does the NAT and includes the firewall. you can also setup the
>linux box to act as either a router (doing the NAT and traffic) or a
>firewall or both. not a dumb question at all. you shouldn't have any
>problem adding as many machines as you want and your hub or switch can
>support. and as usual please correct me if necessary.
>
>-Scott
>
>
>
>
>
>At 08:05 AM 11/7/2002 -0800, you wrote:
>
> >newbie here: so where's the firewall on your setup at the bottom. i
> >understand the setup because that is what i have configured at home
> >(albeit windows). does the router have the 'intelligence capabilities' to
> >act as a firewall? sorry if dumb question. also, providing i have enough
> >ports on my router, do you think i will have any 'issues' adding a 4th
> >computer but as a linux box? i think the answer is no, but sort of want to
> >head off any problems.
> >
> > Chris Carbaugh wrote:
> >Comments within:
> >
> >
> >
> >On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > Ok, that all make sense, but the purpose of having a router in my setup
> > > here at home is so that my current desktop, and laptop can share the
> > > internet without swapping cables, and so they can both be onilne at the
> > > same time.
> >
> >I'm assuming you only have a single IP addy from your ISP, which leads
> >me to believe your current router can do NAT. If it can port forward as
> >well, at the very least all you need to add is a hub.
> >
> > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > server is connected to the outside world through the cable modem. Now
> > > once connected to t he server, the server is to serve it's primary
> > > purpose of a webserver, but also serve two secondary purposes:
> > > 1. Firewall for itself as well as the other two computers
> > > 2. Router, so that the internet can be split to the other two computers
> > > so that they can both be on, and connected at the same time, along with
> > > the server.
> >
> >I strongly discourage having anything additional on the box that acts as
> >a firewall. IMHO, the whole point of a firewall is a dedicated
> >box/device to protect the other boxes on the LAN. In the event the
> >firewall is compromised, you don't want anything else on that box to be
> >tampered with, and you want as few utilities on the box available to the
> >cracker to further compromise your LAN.
> >
> >FIREWALL == MINIMAL AS POSSIBLE
> >
> >
> >
> >Here's what you can do with your current hardware, just add a hub:
> >
> >CABLE
> >xxx.xxx.xxx.xxx
> >|
> >|
> >xxx.xxx.xxx.xxx
> >ROUTER
> >192.168.x.254
> >|
> >|
> >------------HUB------------
> >| | |
> >| | |
> >192.168.x.1 | 192.168.x.2
> >DESKTOP | SERVER
> >|
> >192.168.x.3
> >LAPTOP
> >
> >In this instance, the router is just passing traffic doing NAT, and
> >forwarding ports to your server. From the ou tside, you only have one IP
> >addy, and appear as a single device.
> >
> > > -----Original Message-----
> > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > Of Matt Grab
> > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > Subject: Re: [CP-LUG] servers and appliances
> >
> >
> >
> >
> >
> >_______________________________________________
> >CPLUG mailing list
> >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >http://lists.talos4.net/mailman/listinfo/cplug
> >
> >
> >
> >Do you Yahoo!?
> >U2 on
> >LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
>_______________________________________________
>CPLUG mailing list
>CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>http://lists.talos4.net/mailman/listinfo/cplug
>
>
>
>Do you Yahoo!?
><http://rd.yahoo.com/launch/mailsig/*http://launch.yahoo.com/u2>U2 on
>LAUNCH - Exclusive medley & videos from Greatest Hits CD
Chris Carbaugh
2002-11-07 17:08:44 UTC
Permalink
Two more cool sites:

howstuffworks.com
everything2.com

Chris

On Thu, 2002-11-07 at 11:54, Scott Witmer wrote:
>
> This site used to be really great for definitions, acronyms etc. It looks
> like it has changed since I used to check it out years ago but is probably
> still useful. It had a reasonable definition of NAT.
>
>
> http://www.whatis.com
>
>
>
>
> At 08:29 AM 11/7/2002 -0800, you wrote:
>
> >is NAT an acronym?
> >
> > Scott Witmer <witmers-J/***@public.gmane.org> wrote:
> >
> >
> >
> >good question. i think some terminologies need cleared up. the "little
> >black box" routers are actually switches with a built in gateway. the
> >gateway does the NAT and includes the firewall. you can also setup the
> >linux box to act as either a router (doing the NAT and traffic) or a
> >firewall or both. not a dumb question at all. you shouldn't have any
> >problem adding as many machines as you want and your hub or switch can
> >support. and as usual please correct me if necessary.
> >
> >-Scott
> >
> >
> >
> >
> >
> >At 08:05 AM 11/7/2002 -0800, you wrote:
> >
> > >newbie here: so where's the firewall on your setup at the bottom. i
> > >understand the setup because that is what i have configured at home
> > >(albeit windows). does the router have the 'intelligence capabilities' to
> > >act as a firewall? sorry if dumb question. also, providing i have enough
> > >ports on my router, do you think i will have any 'issues' adding a 4th
> > >computer but as a linux box? i think the answer is no, but sort of want to
> > >head off any problems.
> > >
> > > Chris Carbaugh wrote:
> > >Comments within:
> > >
> > >
> > >
> > >On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > > > Ok, that all make sense, but the purpose of having a router in my setup
> > > > here at home is so that my current desktop, and laptop can share the
> > > > internet without swapping cables, and so they can both be onilne at the
> > > > same time.
> > >
> > >I'm assuming you only have a single IP addy from your ISP, which leads
> > >me to believe your current router can do NAT. If it can port forward as
> > >well, at the very least all you need to add is a hub.
> > >
> > > > If the server has 2 nic cards, NIC 1 is the input (where the
> > > > server is connected to the outside world through the cable modem. Now
> > > > once connected to t he server, the server is to serve it's primary
> > > > purpose of a webserver, but also serve two secondary purposes:
> > > > 1. Firewall for itself as well as the other two computers
> > > > 2. Router, so that the internet can be split to the other two computers
> > > > so that they can both be on, and connected at the same time, along with
> > > > the server.
> > >
> > >I strongly discourage having anything additional on the box that acts as
> > >a firewall. IMHO, the whole point of a firewall is a dedicated
> > >box/device to protect the other boxes on the LAN. In the event the
> > >firewall is compromised, you don't want anything else on that box to be
> > >tampered with, and you want as few utilities on the box available to the
> > >cracker to further compromise your LAN.
> > >
> > >FIREWALL == MINIMAL AS POSSIBLE
> > >
> > >
> > >
> > >Here's what you can do with your current hardware, just add a hub:
> > >
> > >CABLE
> > >xxx.xxx.xxx.xxx
> > >|
> > >|
> > >xxx.xxx.xxx.xxx
> > >ROUTER
> > >192.168.x.254
> > >|
> > >|
> > >------------HUB------------
> > >| | |
> > >| | |
> > >192.168.x.1 | 192.168.x.2
> > >DESKTOP | SERVER
> > >|
> > >192.168.x.3
> > >LAPTOP
> > >
> > >In this instance, the router is just passing traffic doing NAT, and
> > >forwarding ports to your server. From the ou tside, you only have one IP
> > >addy, and appear as a single device.
> > >
> > > > -----Original Message-----
> > > > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > > > Of Matt Grab
> > > > Sent: Wednesday, November 06, 2002 9:10 PM
> > > > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > > > Subject: Re: [CP-LUG] servers and appliances
> > >
> > >
> > >
> > >
> > >
> > >_______________________________________________
> > >CPLUG mailing list
> > >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > >http://lists.talos4.net/mailman/listinfo/cplug
> > >
> > >
> > >
> > >Do you Yahoo!?
> > >U2 on
> > >LAUNCH - Exclusive medley & videos from Greatest Hits CD
> >
> >_______________________________________________
> >CPLUG mailing list
> >CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >http://lists.talos4.net/mailman/listinfo/cplug
> >
> >
> >
> >Do you Yahoo!?
> ><http://rd.yahoo.com/launch/mailsig/*http://launch.yahoo.com/u2>U2 on
> >LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Chris Carbaugh
2002-11-07 16:15:53 UTC
Permalink
In that setup, the router is either a dedicated device with firewall
capabilities, or in my preference, a dedicated linux box providing
firewall and NAT services.

You should be fine just plugging in another box.

Chris


On Thu, 2002-11-07 at 11:05, alayne helmus wrote:
>
> newbie here: so where's the firewall on your setup at the bottom. i understand the setup because that is what i have configured at home (albeit windows). does the router have the 'intelligence capabilities' to act as a firewall? sorry if dumb question. also, providing i have enough ports on my router, do you think i will have any 'issues' adding a 4th computer but as a linux box? i think the answer is no, but sort of want to head off any problems.
> Chris Carbaugh <CCarbaugh-8ydV/9S8PNs2Twfvq/***@public.gmane.org> wrote:Comments within:
>
>
> On Wed, 2002-11-06 at 22:11, Joseph Sites wrote:
> > Ok, that all make sense, but the purpose of having a router in my setup
> > here at home is so that my current desktop, and laptop can share the
> > internet without swapping cables, and so they can both be onilne at the
> > same time.
>
> I'm assuming you only have a single IP addy from your ISP, which leads
> me to believe your current router can do NAT. If it can port forward as
> well, at the very least all you need to add is a hub.
>
> > If the server has 2 nic cards, NIC 1 is the input (where the
> > server is connected to the outside world through the cable modem. Now
> > once connected to the server, the server is to serve it's primary
> > purpose of a webserver, but also serve two secondary purposes:
> > 1. Firewall for itself as well as the other two computers
> > 2. Router, so that the internet can be split to the other two computers
> > so that they can both be on, and connected at the same time, along with
> > the server.
>
> I strongly discourage having anything additional on the box that acts as
> a firewall. IMHO, the whole point of a firewall is a dedicated
> box/device to protect the other boxes on the LAN. In the event the
> firewall is compromised, you don't want anything else on that box to be
> tampered with, and you want as few utilities on the box available to the
> cracker to further compromise your LAN.
>
> FIREWALL == MINIMAL AS POSSIBLE
>
>
> Here's what you can do with your current hardware, just add a hub:
>
> CABLE
> xxx.xxx.xxx.xxx
> |
> |
> xxx.xxx.xxx.xxx
> ROUTER
> 192.168.x.254
> |
> |
> ------------HUB------------
> | | |
> | | |
> 192.168.x.1 | 192.168.x.2
> DESKTOP | SERVER
> |
> 192.168.x.3
> LAPTOP
>
> In this instance, the router is just passing traffic doing NAT, and
> forwarding ports to your server. From the outside, you only have one IP
> addy, and appear as a single device.
>
> > -----Original Message-----
> > From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org] On Behalf
> > Of Matt Grab
> > Sent: Wednesday, November 06, 2002 9:10 PM
> > To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> > Subject: Re: [CP-LUG] servers and appliances
>
>
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
>
>
> ---------------------------------
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Matt Grab
2002-11-07 16:42:02 UTC
Permalink
I'm replying to myself. At the bottom where I mentioned appliances... That
machine has no fans, and no moving hard drives. It will never ever fail.
Okay it will fail eventually. Even solid state parts fail. But I'm not sure
why network cards fail so much more quickly than other solid-state parts,
like motherboards, vcr's, and the like.
Matt

On Wednesday 06 November 2002 05:44 pm, Matt Grab wrote:
> $199
> via 833mhz
> 10gb hd
> 128mb ram
> nic card
> cdrom
>
> My friend just bought one of these. It has tons of horsepower for serving
> websites. You can't beat it. Just load Mandrake 9.0 on it, fire up
> webmin, and you have a killer box. In fact that's exactly what he's doing
> with it. Add a second nic card, and you have your firewall appliance.
>
> If you want to go the "appliance" route, here's what I'm working on.
> $200 800mhz via c3 w/ 128mb ram
> $20 compact flash - ide adapter
> $50 - 128mb compact flash card to act as ide hard drive
>
> Matt
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Chuck Vohs
2002-11-06 13:12:05 UTC
Permalink
As for swap file, 2x the RAM is what I follow.
As for me using 2 boxes, that was just pure dumb luck.
A fellow set up the first box to do everything...it worked and works great.
He spent so much time I didn't want to undo t just to demo cpanel...so when
I stumbled onto the 2nd box, I put cpanel on it...I'm sure it could all run
on one (because it did before!)

-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf Of
Greg Spangler
Sent: Wednesday, November 06, 2002 12:17 AM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: Re: [CP-LUG] Newbie questions


Thanks for the reply Chuck, some of your answers I think will be very
helpful. I'd looked at the latest RedHat but finally decided to spend some
of my boss' money on the new Mandrake 9.0 Pro Suite distribution. From
everything I've read it's very similar to RedHat, the easiest to install and
often recommended over other distributions for those with no Linux/Unix
experience. I've thought of a couple more questions and was hoping you might
help with those as well. First, I was wondering how large should I make the
swap file? With Windows I've always used the rule of thumb that the swap
file should be twice the size of physical RAM (assuming at least 128mb RAM.)
Does that hold true for Linux as well? Also you said you've seperated the
tasks I'm trying to accomplish between 2 boxes of comparable power. Yet
another of you said they're accomplishing all these things with a single box
of considerably less power. From the sound of that system I'd guess they're
not using it for as many users nor in a business setting, but will I really
need to use two boxes or can I possibly get by for awhile using the single
box and say increase the amount of RAM to 512mb or more? Finally any ideas
how difficult this will be to incorporate with our Windows based network?
Any ideas that might make this incorporation less painful? I'm really
starting to look forward to this project and have hopes that I might
eventually convert our company to Linux using the Star Office Suite a put
and end to the endless Microsoft Money Pit we're currently bogged down with.
----- Original Message -----
From: Chuck Vohs
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Sent: Monday, November 04, 2002 12:53 PM
Subject: RE: [CP-LUG] Newbie questions


I am way new at this stuff, but will give you my answers inline:
-----Original Message-----
From: cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org [mailto:cplug-admin-ukKDrwqYsA+sTnJN9+***@public.gmane.org]On Behalf
Of Greg Spangler
Sent: Monday, November 04, 2002 12:32 PM
To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
Subject: [CP-LUG] Newbie questions


1. Which distribution should I use? (Debian, FreeBSD, Mandrake,
RedHat, SuSE or other)

I use RedHat 7.3

2. Can I use one server box (AMD Duron 1GHz CPU, 256mb PC133 SDRAM,
10Gb HD, Trident Blade 8Mb Video, 10bt/100btx Net, DSL feed w/ fixed IP) as
a web server, firewall, post office (for 6 - 12 users) and VPN gateway for
(1 - 4 users) and if not how many boxes (and how much horsepower) will I
need to accomplish this?

I use one box such as this as my firewall and gateway.

I use another box, PIII 512mb 40gb, for my services, www, ftp, mail,
dns, etc.

3. Regarding web server setup and administration, can this only be
done from the command line or can this be accomplished using either the KDE
or GNOME GUI interfaces?

I used cpanel.net for this initially, but it is too costly...so now I
am using webmin (free).

4. Regarding firewall setup and administration, can this only be done
from the command line or can this be accomplished using either the KDE or
GNOME GUI interfaces?

Easy text file, I use http://www.shadowweb.org/fwscript/



5. Regarding post office setup and administration, can this only be
done from the command line or can this be accomplished using either the KDE
or GNOME GUI interfaces?

Again, cpanel handle this.

6. Regarding VPN gateway setup and administration, can this only be
done from the command line or can this be accomplished using either the KDE
or GNOME GUI interfaces?

webmin works for this.

7. Assuming all this can be setup on one (or two) boxes, can I
remotely administrate (and experiment with additional applications) from a
Linux partition on my personal Windows XP (NTFS) laptop?

I do! Works great.

8. Looking at all the various packages that are included with any of
the Linux distributions, I'd like to only install the packages that I would
need (plus a some applications like Star Office & Gimp on the laptop.) Which
do I want to install to accomplish my goals without overloading my HD with
things I'll never use? (Please note I'm not a programmer and I've already
got more than enough Windows games.)

I installed the bare minimum in text format, then used cpanel.net to
do the rest...it installs only what you need to do the server stuff.

9. Are there any utilities I will need (other than Partition Magic?)

Always...but I can't think of any right now.



10. What are some of the other issues I haven't thought of but should
address? (Sorry I know this one is especially vague.)

Who will win the Super Bowl this year?
Scott Witmer
2002-11-07 16:14:55 UTC
Permalink
After reading this, it's sounds like an over simplification. A switch can
do more. In a switch you can set up vlans or program ports
individually. I do think the basic difference is how it makes the
segments. please correct....


>Date: Thu, 07 Nov 2002 11:05:01 -0500
>To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>From: Scott Witmer <bluegrass-***@public.gmane.org>
>Subject: switch vs. hub
>
>
>Hi ,
>
>As far as I know the difference between a switch and a hub is that the
>switch has separate collision domains. Each port on a switch is it's own
>network segment vs. one shared segment on a hub. Can someone speak to
>this, correcting and clarifying if necessary.
>
>-Scott
Chris Carbaugh
2002-11-07 16:24:40 UTC
Permalink
Yes, switches can do much more, for much more money :)
Higher end 3Com's can do vlans, port trunking, SNMP, monitor traffic,
remote admin, Gigibit interconnects, switch grouping, etc, etc,

The more you spend, the more you can do.

Chris

On Thu, 2002-11-07 at 11:14, Scott Witmer wrote:
>
>
> After reading this, it's sounds like an over simplification. A switch can
> do more. In a switch you can set up vlans or program ports
> individually. I do think the basic difference is how it makes the
> segments. please correct....
>
>
> >Date: Thu, 07 Nov 2002 11:05:01 -0500
> >To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> >From: Scott Witmer <bluegrass-***@public.gmane.org>
> >Subject: switch vs. hub
> >
> >
> >Hi ,
> >
> >As far as I know the difference between a switch and a hub is that the
> >switch has separate collision domains. Each port on a switch is it's own
> >network segment vs. one shared segment on a hub. Can someone speak to
> >this, correcting and clarifying if necessary.
> >
> >-Scott
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Matt Grab
2002-11-07 16:39:08 UTC
Permalink
Yes, that is the basic difference. Any packets coming into a hub, go out on
all the ports. A switch can selectively filter which ports packets can be
resent out on. Some other things switches can do, like you mentioned, are
setup vlans, lock ports by MAC addresses, and other stuff.
If anyone else knows the other stuff, feel free to list.
Matt

On Thursday 07 November 2002 11:14 am, Scott Witmer wrote:
> After reading this, it's sounds like an over simplification. A switch can
> do more. In a switch you can set up vlans or program ports
> individually. I do think the basic difference is how it makes the
> segments. please correct....
>
> >Date: Thu, 07 Nov 2002 11:05:01 -0500
> >To: cplug-ukKDrwqYsA+sTnJN9+***@public.gmane.org
>
> From: Scott Witmer <bluegrass-***@public.gmane.org>
>
> >Subject: switch vs. hub
> >
> >
> >Hi ,
> >
> >As far as I know the difference between a switch and a hub is that the
> >switch has separate collision domains. Each port on a switch is it's own
> >network segment vs. one shared segment on a hub. Can someone speak to
> >this, correcting and clarifying if necessary.
> >
> >-Scott
>
> _______________________________________________
> CPLUG mailing list
> CPLUG-ukKDrwqYsA+sTnJN9+***@public.gmane.org
> http://lists.talos4.net/mailman/listinfo/cplug
Continue reading on narkive:
Loading...