Menu
▾
▴
Re: [Shorewall-users] OFFTOPIC: ADSL Modem/Router Recommendations for shorewall box
|
From: Paul G. <pau...@bi...> - 2002-05-31 08:42:43
|
Andy wrote:
> ...
> I am finding now, with the arrival of my /29 IP block, that when I have 3
> machines or so downloading etc, the net slows to a DEAD slow..e.g. ping is
> 600+...stop a machine downloading, and im back to the 40-100ms range - seems
> fine with the shorewall box + 2 other pcs on the net.. I think its because I
> use a usb alcatel green icky thing, into my linux box running shorewall -
> usb takes a lot of software decoding I believe (I may be wrong). So, I was
> wondering what you use as your modem/routers. I dont want to get a router
> that will gobble my .254 router address, as I'm quite happy with my
> shorewall machine being the router.
>
> Any ideas / recommendations ??
The two main outer firewall/routers i use are:
1. 486/100, 32 Mb RAM, 2 x 1 Gb disk (mirrored), Red Hat 7.2, 2 x RealTek
8139 (local & DMZ), 1 x SMC 83C170QF (cable modem). This system supports
2 client PCs, one local server, and one DMZ server.
2. Pentium 133, 32 Mb RAM, 4 Gb disk, Red Hat 7.1, 1 x RealTek 8139 (local),
1 x RealTek 8029 (Alcatel Speed Touch Pro ADSL router). The ADSL router
is dumbed down to a plain old bridge, and i run PPPoE on the Shorewall
box. Between 5 & 30 clients are supported. The server also runs a 1 Gb
Squid proxy cache, small web site, and email gateway.
As you can see, both of my systems are pretty small. They are certainly far
less powerful than the clients they serve, and both are running adequately. I
have never noticed any significant slowdown when a few downloads are in
progress.
I'm not sure about the USB issue, but personally i think it's more likely that
you have a problem elsewhere. Some suggestions:
* NIC serving your local LAN
* client NICs
* cabling problem
* switch/hub faulty
* some DNS timeout issue
This is by no means exhaustive. Try turning on bad packet logging on your
inside NIC and see if you get anything. Ethereal/tcpdump is also your friend.
Make sure you've applied the latest security patches, though!
http://www.redhat.com/errata/
Paul
http://paulgear.webhop.net
|