We are also using Linux as routers/firewalls. Our twist is that the boxes have no harddrives! Instead we have hacked the software a little and now run 100% from CD-ROM. Bascially / is on a ramdisk. Our typical box has a 60MByte RAM disk out of 128MByte total RAM. Very fast. We can change config using ssh, save stuff using scp or make a new CD-ROM from time to time. Either way, zero maintenance. No backups necessary either. Works with any PC that will boot from a CD. One of our beta testers says that a P2 266 will packetfilter 50MBit/sec easily. Linux doesn't just kill Microsoft's NT and Solaris. It also eats Cisco for lunch. Email me if you think there would be interest in such a "Linux Router/Firewall KIT". We are about to package a CD based distribution plus a couple of the right Ethernet cards (this is key!) and are looking for more beta testers. Dirk On Tue, Oct 27, 1998 at 03:20:40PM -0800, Dan Hollis wrote:
On Tue, 27 Oct 1998, John Fraizer wrote:
[root@core0-eth0]:~ # /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface Gateway-NET * 255.255.255.252 U 0 0 5 eth0 EZone-CoLo-2xx- * 255.255.255.192 U 0 0 97 eth2 2xx.xx.2xx.0 * 255.255.255.0 U 0 0 6189 eth1 xx6.28.xx.0 * 255.255.255.0 U 0 0 17 eth1:0 xx9.201.1x8.0 * 255.255.255.0 U 0 0 27 eth1:1 loopback * 255.0.0.0 U 0 0 0 lo default core1-eth0-Ente 0.0.0.0 UG 1 0 286496 eth0
We're doing similar:
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 255.255.255.255 0.0.0.0 255.255.255.255 UH 1500 0 0 eth2 xxx.xxx.xxx.64 0.0.0.0 255.255.255.240 U 1500 0 0 eth1 xxx.xxx.xxx.160 0.0.0.0 255.255.255.224 U 1500 0 0 eth2 xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo 0.0.0.0 xxx.xxx.xxx.254 0.0.0.0 UG 1500 0 0 eth0
The 255/32 route is so that the isc-dhcp server on the box will work with win95 clients. eth2 goes to a remote customer site via DSL. So they just plonk win95 machines on their hub and dont have to do any configuration.
This machine is a 486DX/33 with 16mb ram. Even under heavy load between multiple ether interfaces with lots of firewall rules (eg ping -f -s 1500 from one side of the router to the other) it rarely breaks 15% cpu.
Basically linux makes a _great_ multi-ethernet router.
-Dan