Router/firewall OS
Feb 22, 2008I have seen these 2 OS that should work as router/firewall, but are they worth enything?
View 14 Replies
ADVERTISEMENT
Router And A Firewall
Oct 31, 2007I am about to design my company network.
The network will be designed like : we have 3 providers of IP transit, one will be the main network while the two other will feed the first network and manage a highly available network, probably using protocols like BGP4 and OSPF.
The current size of each fiber is 45 Mbit/s per operator. So I am looking for :
A router :
- able to handle each provider with up to 200 MBit/s in/output
- able to support protocol such as BGP4 or OSPF
- able to output snmp for monitoring
- have a little intuitive GUI for basic operations and have a real routing OS (like IOS or JunOS)
- is branded and warrantly (a plus would be hardware extensible)
- not too big box, something between 1 and 6U
A firewall :
- able to handle ALL the traffic to all carrier
- able to work as a SPF (drop all, allow only what I want, very accurate rules)
- have a little intuitive GUI for basic operations
- not too big box, something between 1 and 6U
About brand, most probably about Cisco, Juniper, Extreme or some good brand.
Which model would you advice me as router and which as firewall ? The price is not the main proccupation until it will do job just fine, but I would prefer to don't buy too expensive also.
Configuring A Linux Router/firewall
Nov 10, 2008I run a small datacenter, and we are migrating from Cisco to Linux based routers.
This routers should run a firewall, DDOS mitigation rules, CBQ bandwidth limitation, etc..
I know how to mitigate DDOS using tcpdump, also I know how to route..
I just need some advice about the firewall, stopping basic DDOS, fragmented packets, etc..
Should I use APF firewall in this case? Is there a good IPTABLES set of rules I could use?
I'm giving up from Ciscos, as I just discovered there are some UDP packets that can easily break them. I tested it last night, and that was it, nothing secure A few traffic (bogus UDP packets) and the router was down for a few minutes.
Firewall/router For VPS Host Server
Jan 30, 2008we had 2 Xen serverers in colohouse, each with 30 IPs yet.
Now we are going to purchase third server and started to think about renting small rack and putting own firewall infront of the servers.
Actual bandwidth is 5Mbits for both servers together.
We are thinking about to have something like this:
Colohouse-->Firewall<-->switch<--->Xen server(s)
With scenario we would like to add:
1) traffic monitoring per IP
2) traffic shapping per IP
3) firewalling whole segment of our public IPs
FW will get single IP and range of public IPs routed to that IP
4) be able to put one public IP for VPS on to any Xen server
What firewall and switch you will recommend for this scenario?
Building A Router/firewall -- Vyatta? Untangle? Endian?
May 22, 2008I would like to thank in advance to anyone who shares his knowledge or experience here.
I am trying to find a firewall with some routing capability. Since I expect to have Gbps transfer in the near future, I don't think I can find a solid commercial hardware firewall within my low budget. That's why I am looking at software products.
I would need firewall functions(ability to prevent DDoS attacks is desirable) and basic routing functions (dynamic routing and BGP is desirable but not necessary at the moment).
Stage 1 environment:
20Mbps from provider P;
100Mbps from provider C;
35 servers for budget dedicated, mainly web servers;
*I have a question in mind that, can I have my network setup that incoming from both provider P and C but outgoing through C only? Is static routing able to do that?
Expected stage 2 environment:
40 ~ 60Mbps from provider P;
100 ~ 200 Mbps from provider C;
70 ~150 servers, mainly web servers;
Currently I am looking at Vyatta, Untangle and Endian. Can someone give some comments on these software or any others that might be suitable for me?
First Time Setting Up Rack In CoLo: Router/Firewall?
May 13, 2008I've been using dedicated hosting in places like the planet and rackspace for a long time now, but we're about to purchase a rack in a local data facility. This is my first time setting up a rack environment, so I have a bunch of questions.
They'll be giving me an ethernet drop into the cabinet. I have to take it from there. I'm thinking I needed a router/firewall. Am I right? Can those be a single device? Should they be? Which models would you recommend? (We're still a small operation, we don't usually push more than 1Mbps bandwidth).
Cisco IOS Router Vs. ASA Firewall For Small Colo-racked Setup
May 3, 2008I am in the process of gathering the peices to move from a dedicated box to my own hardware in a local colo and am undecided how best to choose the edge device.
The colo has a 30Mb pipe with about 10Mb of it being constantly used during biz hours. Another 10Mb is being allocated in the next couple of months. I want to be able to burst to the full 30Mb when needed.
I am getting 12 IP's allocated but will increase to 24 soon if all goes well (fingers crossed!).
I will have for starters just a single Proliant running dnp on 2008 with IIS, FTP, Mail, ns1 and a 2003 VM running my secondary ns.
What I am unsure of is the edge device and looking for others that have used either a 2800 series router or a ASA5500 series firewall in a similiar fashion. I know what the raw throughput of each device is, but raw benchmarks are not realworld numbers by any means.
I am looking at the 2801 with IOS Firewall turned on and hopefully even some inspects for FTP and HTTP traffic. The other option and one that I am less familiar with is to use the ASA5505 instead which will do my basic routing but supposedly provide more thourough inspects and advanced rules.
Does anyone have experiance with either of these in a hosting environment and have input on the realistic throughput one can expect from either device?
There is a signifigant cost difference with the ASA5505 being much cheaper but I am more familiar with IOS. Would anyone recommend a 1841 router instead?
Do You Recommend A Software Firewall When Behind A Hardware Firewall
Dec 17, 2008Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
Firewall - Kerio Or Windows Firewall
Jun 13, 2008I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
Router DS3 And OC3?
Feb 18, 2008What routers would you recommend that is capable of doing BGP routing between multiple DS3, OC3's and Gig-E interfaces?
View 14 Replies View RelatedRouter
May 26, 2007I am having a big question which has been often asked, but which all the time depends on the network topology; so first let's be honnest :
- I have no experience with BGP / OSPF
- I have no experience with routers (except SOHO models
- I will not have to make this to work in a productive environment
So in the next month we will get an AS number and few IP addresses; the goal is to test drive a gigabit network before using it as productive network;
I would like to ask some advices here for early all aspecsts, let's show some important points :
- Which brand?
- Which model?
- Maybe refurbished?
The key points for me:
I am looking for a cheap chasis but extensible with time when it will be needed
- Extensible system
- Very cheap for small use (at beginning maximum $ 2-3k)
- Trafic rate : ~ 100 MBit/s to 4-5 GBit/s
- Type of trafic : HTML / JPG / GIF / PNG / CSS / EXE / ZIP (shared hosting network)
Router
Feb 21, 2007 getting my own AS number, but this seems to require also a router. I don’t really have a strong knowledge of routing, just basic knowledge.
As I think I understood, I have two possibilities for routing, to buy a ready-made router (Cisco, Juniper, Nortel,…) or to simply setup a simple box with Linux or BSD OS, some NIC and use a software such as Zebra, Quagga, etc…
So my question is :
- Is it possible to use for professional purposes a BSD box with Zebra ?
- What is entry price for a good Cisco router (approximately) ?
- Does BASIC routing setup requires a very strong knowledge ?
In case this would became concrete soon, people answering could maybe get some paid work doing this for us.
IP And Router
Jan 10, 2007I regiested a IP address from one company and I can post my website on internet. that company give me an IP address someting like: 167.23.42.100. Right now My internet speed is very slow, I want to reset my router. If I reset my router, router will produce a new IP address, Does this IP address is same as 167.23.42.100. IF i reset router, do i need to change my website address. I am worry that resetting router will affect my website address(domin name).
Maybe router IP is different as doman name. so I don't need to worry about
A Multiple WAN Router
May 17, 2009I am looking for a good router which will handle two separate WAN connections and bridge them together. Basically, we have DSL at our office (1.5mbps down / 769kbps up), its the only service we can get, cable is not offered, and a T1 inst fast enough and costs too much. We require a faster connection, doing Skype, VPN connections to servers, desktop sharing etc.
Basically we want to order another DSL line 1.5mbps down / 768 kbps up and join it together with our current DSL connection for a total of 3mbps down/1.5mbps up.
Just want to make sure this is possible and if you guys can recommend a router brand and model. To clerify, we don't just want redunacy/fail over, we need to utilize both DSL connections at the same, as if they were one.
Colo In USA For VPN Router
Oct 18, 2009I need 1U of space, .5 amp (50 watts) power, one IP, 2.5mbps bidirectional bandwidth (total of 5mbps up + down) and about 10GB of traffic per day each direction (total of 20GB up + down). Would be nice if they have remote KVM along with console (serial) access. Location should be anywhere in USA.
Purpose is to host a VPN router for various remote locations to connect in to. Reliability and good connection (low latency) is important.
Mutliple WAN Router
May 19, 2009We are looking for a good multiple WAN router for our office. We just ordered two DSL 3.0mbps down / 768kbps up lines.
Here are the requirements:
--> Under $500
--> 2 WAN Load Balanced And Fail Over Support
--> Smart enough to handle special session state traffic. Example, if you start a HTTPS session on one DSL line it has to stay on that line. If you start an FTP session connection on one line it has to stay on that line.
--> VPN Tunnel Site-To-Site Support, Only need a max of 1 site-to-site tunnel, but nice to have more just in case.
--> Standard SPI Firewall With Port Forwarding
--> Reserve LAN Static IP's
--> Firewall throughput of at least 10mbps
Router VS Switch
Feb 13, 2008We have a small hosting company (currently 24 racks) that we are expanding to hold 100 racks. We have several 3640 series routers behind a 7200 series router (our edge router) that feed into numerous 2950 switches and 515 & 525 pix firewalls then into the racks with customer supplied switches within the rack. I want to replace all the 3640 and 2950 switches with a 6500 series switch. The only routing we do within the 3640's is subnet routing to the switches which make up individual networks for each customer. My goal is to use the 6500 switch to limit bandwidth for each port feeding a customer and to eliminate all but the 7200 router and the 2950 switches. Does anyone know of a reason or reasons this would not work or if it's just a bad idea. Looking for pro's and con's,
View 2 Replies View RelatedMore Than 1 Webserver Behind Router
Apr 15, 2008Is it possible for forwarding ports for simultaneous use of web servers on the same LAN behind router?
View 3 Replies View RelatedSwitch/router
Mar 29, 2007I have been thinking of getting a switch/router when I rent 10U´s of space in a DC, but what to get?
I need to be able to read the trafficusage on each port/IP for billing purpose.
havent got a clue what to buy, have been told that you can do it with a 1U server to get more statistic out of it, but what OS to use?
Linux Router
Jun 29, 2008i got one fully managed ip range from my isp around 256 ips to use on my networks. Basically i want to set up gateway, segment the 256 ips into two parts, each part with 128 ips. detail below
1, nameserver 123.123.123.2 and 123.123.123.3
3, first part gateway 123.123.123.4 and ip use from 123.123.123.5-123.123.123.128
4, second part gateway 123.123.123.129 and ip use from 123.123.123.130 - 123.123.123.255
what i am using?
centos 5.2 with vconfig installed
what i did?
1.i add the name server 123.123.123.2 and 123.123.123.3 to /etc/resolv.conf
2,i add the gateway 123.123.123.4 and 123.123.123.129 to /etc/sysconfig/network and added line" VLAN=yes"
3,i edited eth1 with following setting
#Realtek
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.1
GATEWAY=
NETMASK=255.255.255.0
TYPE=Ethernet
4, i added eth1.2
DEVICE=eth1.2
BOOTPROTO=none
ONBOOT=yes
IPADDR=123.123.123.5
GATEWAY=123.123.123.4
NETMASK=255.255.255.0
TYPE=Ethernet
Vlan=yes
5, i added eth1.3
DEVICE=eth1.3
BOOTPROTO=none
ONBOOT=yes
IPADDR=123.123.123.130
GATEWAY=123.123.123.129
NETMASK=255.255.255.0
TYPE=Ethernet
Vlan=yes
then i restart the network
however the configuation fails to work,
Router For BGP 100Mbps
Mar 18, 2007We currently have a single 100Mpbs (currently pushing ~40Mpbs) feed from a single upstream provider. Routing is handled by our transit provider.
We wish to provide a more resilient setup and are now looking to install our own BGP router(s) and take a second feed from another provider. I have a looked around the Cisco website and this forum but am unsure which model of routers / layer 3 switch we should be looking at.
A layer 3 switch looks more cost effective but doesn't appear to support enough routes for BGP without great expense. Would a 2600 router be enough or should I be looking at something higher like the 7600 series?
Router Performance
Jun 12, 2007We have a project in mind and we are planning on using a Cisco 7140 to push about 80Mbps over ethernet. Do you think the 7140 will be enough or it will get maxed out? (the 7140 is supposed to be like the 7200VXR NPE-300).
The routing would be thorugh BGP with partial routes.
Which Cisco Router To Use
Jul 11, 2007I am currently looking at these Cisco switches:
- Cisco 2924 WS-C2924-XL-EN Enterprise Switch
- Cisco 2950 WS-C2950-24 Catalyst Switch
- Cisco 3512 WS-C3512-XL-EN Enterprise Switch
- Cisco 3524 WS-C3524-XL-EN Enterprise Switch
- Cisco 3548 WS-C3548-XL-EN Enterprise Switch
1) I was recommended to chose the XL-EN model switches because it seems they have more Memory, but the second one in the list (Catalyst) is not a XL-EN, is that going to have any affect performance wise? or it doesn't really matter?
2) I was also recommended to choose managed switches because that way I can use the SNMP features to measure bandwidth, are any of the switches above unmanaged?
3) I also want to be able to manage the switch remotely, web managed, are any of the switches above web-manageable?
4) Most importantly, when my datacenter give me a 100mbit drop, I dont know which port to plug it in in the 29** series. In the 35** I see it clearly but I am not able to see it in the 29**, any ideas?
5) On some of these switches I see a special port called "Console", what is it? where does that connect to?
6) Do any of the switches above not have a console port?
Which Router Model
Jun 13, 2007I have decided to finally remove all my servers rented from provider to provider to one single place.
I want to manage everything, so basically route the traffic (at this time without BGP or OSPF), my current average of traffic for all servers together would be about 15 Mbit/s with top at 35-45 Mbit/s.
I want to buy a cheap router (no computer router), I'd like to buy a chassis with very extensible and upgradable router, so I can start with a basic card and later use BGP (and maybe OSPF) and have ability to push from 30 Mbit/s (to over 1000 Mbit/s by upgrading cards and memory).
So, which (refurbished or not) chassis can I buy ? Which card would you setup with it ?
The important is really the ability to start with low cost configuration and go up to very high rates without having to change all (of course once I will be average over...).
Laptop + Wireless Router = LAN
Oct 22, 2009I hate to ask this, because I bet it's been asked many times before, but I want to start a little class teaching web development at a local night school and I wanted to set up a LAN using my laptop, CentOS, and a wireless router.
The idea is to have the students develop their pages and download files and get used to the idea of what a server is.
I see about ten students sitting in a room, popping open their laptops, logging onto the network, and then pointing their browsers to a certain IP address which would be the home page for the class.
If this is possible, can anybody point me in the right direction to teach myself how to do it?
Cisco ASR 1000 Router
Aug 2, 2009I'm buying Cisco ASR 1000 router that should handle 2 Gbps bandwidth. Please advice on components, models, etc.
I have a vendor, but I'll appreciate any reference, based on your experience, on where to buy one at reasonable price. I think I can probably get refurbished ASR 1000 or similar as well, if the vendor can guarantee the quality of the device.
Weird Router Packet
Jun 17, 2009We have a license application client(IBM/LUM) that connects to a license server outside our network.
The clients works this way... it binds a random port and tries to connect to the remote IP with UDP port 1515.
Through wireshark I could see that it reaches the destionation, although the way back is unreachable.
If I add this random port to our router Port Forward rule, it works perfectly. Although this is not a solution cause the port is changing every time.
Isnt this strange? Other applications open random ports as well and comunication is two-way reachable.
If I connect directly to the internet, it works perfectly as well.
What can I try to do with our ZyWall USG300 Router to fix this situation?
Good Budget L3 Router
Jul 31, 2009We're building out a small setup for a client, and we're wondering what's a recommended L3 switch on a budget?
Basically, we're going to be colocating in a rack with about 12 servers & a 100 mbps drop, and won't really be doing any major bandwidth (less than 10 mbps).
The datacenter was saying something about a /30 handoff for the C class of IPs they're going to be allocating to us. They also said they will NOT handle any Vlans for us, and will just basically handoff the IPs and we will need to route to them and do our own vlans.
One thing we need to be able to do is route additional IPs to servers if a client orders them. We were recommended a 3550-24-EMI by a friend, it seems old but if it does the trick, it works. One thing I was reading about it though was PVlans and the 3550 not supporting them. I don't think we'd need PVlans in our setup, just basic 1 vlan per client.
Server Behind Soho Router
Mar 4, 2008i'm using ddwrt for firmware on my router.
mainly because of dhcp static leasing of ip addresses,
and the amount of torrents i download don't bother the router unlike the older firmware.
my problem is:
REMOTE_ADDR
HTTP_X_FORWARDED_FOR
X-Forwarded-For
are all returning my ip of my router: 192.168.1.1
i'm wondering what i can do to fix this.
even setting as dmz i don't get the correct ip.
I'm pretty sure i had this working with my previous firmware several years back... its been a while since i've setup my site again.
neways if any one can suggest debugging tips or suggest routes i can take to accomplish what i'm doing.
i'm thinking if this doesn't work is i plan on purchasing a secondary nic to create a gateway.
Deciphering Router Names
Feb 12, 2008Is there a list somewhere of what the various hostnames one sees when running a traceroute?
Some are obvious, but quite a few aren't.
I come across car1 and car2 a lot, but can't quite figure those out.
(Example: gigabitethernet6-24.car2.bos1.Level3.net -- the "gigabitethernet" is obvious, as is bos1 (Boston). But car2? And it shows up towards the other end: ae-31-89.car1.Washington1.Level3.net. (Bonus: what's the "ae" at the start denoting?)
csw, ebr, mpr, and ash are all common followed by a single number, too. (pos and tge show up on RCN a lot.) cr, dcr, ecr, hr on Savvis?
Linux Based Router
Nov 17, 2008I'm thinking about adding a linux based router to my cabinet. I have 8 computers so I'm not looking for anything that's tricky. In fact some of this is just for my own education as to what routers can do.
The biggest feature that's important to me is ease of use. I want something that I can configure from a web based menu. So what linux based router software is the easiest to use and most educational?
Also - I dealing with about 30mb 95th percentile traffic. Peak is 100mb. Would a box that has and AMD dual core CPU with 8 gigs of ram be a good enough computer to run on?