hello john.
we are doing something similar here with one of our boxes. we provide a
small masquerading firewall and some switching hardware for students with
laptops and visiting presenters. the masquerading protects them from most
security problems external to the lan, the switching provides some
security from packet-sniffers on the lan. the firewall is also a samba
server, with a laser-jet printer attached, and the drivers available
automatically. this way folks can print. the system scales well up to
dozens (40) of users, and only uses 1 ip address!
the machine is an ancient compaq prosignia (p75, 16meg ram) with 2x1gig
narrow SCSI-2 drives. they are setup as a series of raid1 arrays.
md0 = /, md1 = /var, md2 = /usr, md3 = /samba
there is also swap space on each disk (non- raid, i could not get that to
work) and a small /boot partition on each (20 megs)
the system uses RH 5.2, 2.2.1 kernel and the latest raid drivers (although
i see that 2.2.2 is out now)
hardware raid was pointless, as the system is a POS anyway (good money
after bad on this proprietary compaq system). and we have many software
raid boxes in use, all are stable as hell.
recommendations-
1. since swap on SW does not seem to work, try getting excess ram, so you
dont swap ( > 64 meg).
2. high-speed cpu is un-needed if this thing is pretty much a firewall.
any old pentium 166 will do.
3. raid 5 is uneeded, as raid1 gives better read performance, and this
thing is not a database server anyway.
4. the docs are way out of date. the current alpha stuff can hot add
disks, etc.
5. scsi is overkill for a firewall, but i am more impressed with the
quality of scsi drives and controllers than ide, so i think it is a good
idea if you never want to visit the job-site again.
6. adaptec cards suck. i have a couple that work perfectly, and a couple
that i returned cause they dont like my cables. i really push NCR 8xx
series like the diamond fireport40 (cheap and compatable, plus RELIABLE)
good luck.
allan noah
"so don't tell us it can't be done, putting down what you don't know.
money isn't our god, integrity will free our souls" - Max Cavalera
