... a small operation with a few computers (maybe three or four servers plus a handful of other computers)... ... that is not multihomed, and in fact will just be running an Ethernet link down to the ISP downstairs... ...that is too small to get an ASN and therefore can't do BGP... Do I go with gated or something similar, or try to pick up a cheap used router... because I am going to be in this situation within the next couple months. Suggestions? -- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
... a small operation with a few computers (maybe three or four servers plus a handful of other computers)...
... that is not multihomed, and in fact will just be running an Ethernet link down to the ISP downstairs...
...that is too small to get an ASN and therefore can't do BGP...
Do I go with gated or something similar, or try to pick up a cheap used router... because I am going to be in this situation within the next couple months.
Suggestions?
Don't use any routing protocol at all. Actually, skip having your own router too.
At 09:44 PM 6/10/98 -0400, Jon Zeeff wrote:
... a small operation with a few computers (maybe three or four servers plus a handful of other computers)...
... that is not multihomed, and in fact will just be running an Ethernet link down to the ISP downstairs...
...that is too small to get an ASN and therefore can't do BGP...
Do I go with gated or something similar, or try to pick up a cheap used router... because I am going to be in this situation within the next couple months.
Suggestions?
Don't use any routing protocol at all. Actually, skip having your own router too.
Agreed, we ran default static routes for a long time. Y'all don't even need a router. I might recommend a LinkSys 2-port ethernet switch, though. (Control collision domains, See DataComm Warehouse.). _________________________________________________ Morgan Hill Software Company, Inc. Colorado Springs, CO - Livermore, CA - Morgan Hill, CA Domain Administrator MHSC2-DOM and MHSC3-DOM Administrative and Technical contact ____________________________________________ InterNIC Id: MHSC hostmaster (HM239-ORG) e-mail: <mailto:hostmaster@mhsc.com>mailto:hostmaster@mhsc.com web -pages: <http://www.mhsc.com/>http://www.mhsc.com/
On Thu, Jun 11, 1998 at 07:07:17AM -0700, Roeland M.J. Meyer wrote:
Don't use any routing protocol at all. Actually, skip having your own router too.
Agreed, we ran default static routes for a long time. Y'all don't even need a router. I might recommend a LinkSys 2-port ethernet switch, though. (Control collision domains, See DataComm Warehouse.).
Hm. My main goal is to be able to block stuff from entering my LAN that I don't want there. With a Cisco or Livingston box or something similar, it's just a question of installing filters. I could set up a box and use ipfwadm, perhaps that would be the best thing to do? -- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
At 10:42 AM 6/11/98 -0400, Steve Sobol wrote:
On Thu, Jun 11, 1998 at 07:07:17AM -0700, Roeland M.J. Meyer wrote:
Don't use any routing protocol at all. Actually, skip having your own router too.
Agreed, we ran default static routes for a long time. Y'all don't even need a router. I might recommend a LinkSys 2-port ethernet switch, though. (Control collision domains, See DataComm Warehouse.).
Hm. My main goal is to be able to block stuff from entering my LAN that I don't want there. With a Cisco or Livingston box or something similar, it's just a question of installing filters. I could set up a box and use ipfwadm, perhaps that would be the best thing to do?
That would be the cheap thing to do. But, from personal experience, ipfwadm is a PITA! Granted, you only have to do the setup once, thank God. If you have the budget, buy a firewall-router/switch. But, they're decidedly not cheap. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ SecureMail from MHSC.NET is coming soon!
He said this was an ethernet handoff from the isp; they are not simply going to plug him into a switch; he will most likely get a port on a cisco; they should be able to apply policies for him.. no? I don't see why he even needs a router, unless there is a lack of a trust of the upstream's ability to filter.. Or if you know beforehand they will not? Oh, and c'mon Roeland, ipfwadm isn't *that* horrid. :) Granted, linux will not have release-stable socket filters until 2.2.*, but it ain't half bad..! If your business requires offsite support of hw/sw, a 2514'd do you justice, but it can also be useful to have a un*x box as the router.. cheap proxy/cache engine anyone? -g
Don't use any routing protocol at all. Actually, skip having your own router too.
Agreed, we ran default static routes for a long time. Y'all don't even need a router. I might recommend a LinkSys 2-port ethernet switch, though. (Control collision domains, See DataComm Warehouse.).
Hm. My main goal is to be able to block stuff from entering my LAN that I don't want there. With a Cisco or Livingston box or something similar, it's just a question of installing filters. I could set up a box and use ipfwadm, perhaps that would be the best thing to do?
That would be the cheap thing to do. But, from personal experience, ipfwadm is a PITA! Granted, you only have to do the setup once, thank God.
If you have the budget, buy a firewall-router/switch. But, they're decidedly not cheap. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ SecureMail from MHSC.NET is coming soon!
On Fri, Jun 12, 1998 at 02:07:58AM -0400, Greg Simpson wrote:
He said this was an ethernet handoff from the isp; they are not simply going to plug him into a switch; he will most likely get a port on a cisco; they should be able to apply policies for him.. no?
True.
I don't see why he even needs a router, unless there is a lack of a trust of the upstream's ability to filter.. Or if you know beforehand they will not?
I don't know that I necessarily need a router. :>
If your business requires offsite support of hw/sw, a 2514'd do you justice, but it can also be useful to have a un*x box as the router.. cheap proxy/cache engine anyone?
If push comes to shove I can set up mgetty on the router box, get an additional phone line and dial into it when needed. Incidentally, if this is better discussed on another list, I'll go subscribe to it and raise the question there... -- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
Any further replies I send will be off nanog, let's go private.. I'm sure someone has a quick response for an alternate list, but I don't mind helping you out a bit more, off the list.. -g
He said this was an ethernet handoff from the isp; they are not simply going to plug him into a switch; he will most likely get a port on a cisco; they should be able to apply policies for him.. no?
True.
I don't see why he even needs a router, unless there is a lack of a trust of the upstream's ability to filter.. Or if you know beforehand they will not?
I don't know that I necessarily need a router. :>
If your business requires offsite support of hw/sw, a 2514'd do you justice, but it can also be useful to have a un*x box as the router.. cheap proxy/cache engine anyone?
If push comes to shove I can set up mgetty on the router box, get an additional phone line and dial into it when needed.
Incidentally, if this is better discussed on another list, I'll go subscribe to it and raise the question there...
-- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
On Thu, 11 Jun 1998, Terence C. Giufre-Sweetser wrote: | | > Do I go with gated or something similar, or try to pick up a cheap used | > router... because I am going to be in this situation within the next | > couple months. | > | > Suggestions? | | A cisco 2514, or a 3620 with 2e2w... | If Linux/ipfw is a turn-off, what about OpenBSD/IPFilter? +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Chris Cappuccio voice: +1-541-317-3437 System Administrator fax: +1-541-317-3402 Empire Net, Inc. 20310 Empire Ave chris@empnet.com Suite A-100 Bend, OR 97701 http://www.EmpireNet.net/
On Fri, Jun 12, 1998 at 09:54:14AM -0700, Chris Cappuccio wrote:
On Thu, 11 Jun 1998, Terence C. Giufre-Sweetser wrote: | > Suggestions? | | A cisco 2514, or a 3620 with 2e2w... |
If Linux/ipfw is a turn-off, what about OpenBSD/IPFilter?
Mebbe :) A PC based solution, for me, would probably involve Linux and ipfw, though, since I use Linux all the time and am familiar with it. -- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
Sorry, why could not you use free-distributed old gated? In's quite enougph if you do not need comminities, use simple localprefs, do not use other modern BGP4 features. On Tue, 9 Jun 1998, Steve Sobol wrote:
Date: Tue, 9 Jun 1998 23:43:10 -0400 From: Steve Sobol <sjsobol@shell.nacs.net> To: nanog@merit.edu Subject: So... what's the best routing solution for..
... a small operation with a few computers (maybe three or four servers plus a handful of other computers)...
... that is not multihomed, and in fact will just be running an Ethernet link down to the ISP downstairs...
...that is too small to get an ASN and therefore can't do BGP...
Do I go with gated or something similar, or try to pick up a cheap used router... because I am going to be in this situation within the next couple months.
Suggestions?
-- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
On Tue, 9 Jun 1998, Steve Sobol wrote:
... a small operation with a few computers (maybe three or four servers plus a handful of other computers)...
... that is not multihomed, and in fact will just be running an Ethernet link down to the ISP downstairs...
...that is too small to get an ASN and therefore can't do BGP...
Do I go with gated or something similar, or try to pick up a cheap used router... because I am going to be in this situation within the next couple months.
Suggestions?
steve, my favorite solution for this kind of thing is a dos program called iproute, a $50 shareware program. it'll do filtering (ala access lists), syslog, and nat. it can run on a 286 and fits on a floppy. just stick two ethernet cards in an old used computer and edit the config file. it's actually pretty cool. i've never run gated, so can't compare it to that. you can search on shareware.com for it, but make sure you look under dos, not windows. mike -- mike cullerton michaelc@frii.com 970.224.3668
NADA - nothing - just default route - either with a small router or a unix box acting as a gateway router with 2 ethernet cards. On Tue, 9 Jun 1998, Steve Sobol wrote:
... a small operation with a few computers (maybe three or four servers plus a handful of other computers)...
... that is not multihomed, and in fact will just be running an Ethernet link down to the ISP downstairs...
...that is too small to get an ASN and therefore can't do BGP...
Do I go with gated or something similar, or try to pick up a cheap used router... because I am going to be in this situation within the next couple months.
Suggestions?
-- Steven J. Sobol - Founding Member, Postmaster/Webmaster, ISP Liaison -- Forum for Responsible & Ethical E-mail (FREE) - Dedicated to education about, and prevention of, Unsolicited Broadcast E-mail (UBE), also known as SPAM. Info: http://www.ybecker.net
-- I am nothing if not net-Q! - ras@poppa.clubrich.tiac.net
participants (9)
-
Alex P. Rudnev -
Chris Cappuccio -
Greg Simpson -
jzeeff@verio.net -
mike cullerton -
Rich Sena -
Roeland M.J. Meyer -
Steve Sobol -
Terence C. Giufre-Sweetser