North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Linux Router KIT
We are also using Linux as routers/firewalls. Our twist is that the boxes have no harddrives! Instead we have hacked the software a little and now run 100% from CD-ROM. Bascially / is on a ramdisk. Our typical box has a 60MByte RAM disk out of 128MByte total RAM. Very fast. We can change config using ssh, save stuff using scp or make a new CD-ROM from time to time. Either way, zero maintenance. No backups necessary either. Works with any PC that will boot from a CD. One of our beta testers says that a P2 266 will packetfilter 50MBit/sec easily. Linux doesn't just kill Microsoft's NT and Solaris. It also eats Cisco for lunch. Email me if you think there would be interest in such a "Linux Router/Firewall KIT". We are about to package a CD based distribution plus a couple of the right Ethernet cards (this is key!) and are looking for more beta testers. Dirk On Tue, Oct 27, 1998 at 03:20:40PM -0800, Dan Hollis wrote: > On Tue, 27 Oct 1998, John Fraizer wrote: > > [[email protected]]:~ # /sbin/route > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > Gateway-NET * 255.255.255.252 U 0 0 5 eth0 > > EZone-CoLo-2xx- * 255.255.255.192 U 0 0 97 eth2 > > 2xx.xx.2xx.0 * 255.255.255.0 U 0 0 6189 eth1 > > xx6.28.xx.0 * 255.255.255.0 U 0 0 17 eth1:0 > > xx9.201.1x8.0 * 255.255.255.0 U 0 0 27 eth1:1 > > loopback * 255.0.0.0 U 0 0 0 lo > > default core1-eth0-Ente 0.0.0.0 UG 1 0 286496 eth0 > > We're doing similar: > > $ netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 255.255.255.255 0.0.0.0 255.255.255.255 UH 1500 0 0 eth2 > xxx.xxx.xxx.64 0.0.0.0 255.255.255.240 U 1500 0 0 eth1 > xxx.xxx.xxx.160 0.0.0.0 255.255.255.224 U 1500 0 0 eth2 > xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo > 0.0.0.0 xxx.xxx.xxx.254 0.0.0.0 UG 1500 0 0 eth0 > > The 255/32 route is so that the isc-dhcp server on the box will work with > win95 clients. eth2 goes to a remote customer site via DSL. So they just > plonk win95 machines on their hub and dont have to do any configuration. > > This machine is a 486DX/33 with 16mb ram. Even under heavy load between > multiple ether interfaces with lots of firewall rules (eg ping -f -s 1500 > from one side of the router to the other) it rarely breaks 15% cpu. > > Basically linux makes a _great_ multi-ethernet router. > > -Dan >
|