Re: Debian as a packet shaper

2002-12-30 Thread John Griffiths 
> in all my
>years of using linux I've only read/heard about a couple people that
>have tried/and or use the bridging features of linux. And all of those
>people were discussing IDSs on another mailing list recently. By contrast
>I've known many people over the years who use free/openbsd in bridged
>mode and give it high marks. I just get the feeling it's been tested
>much more.
>

I've got a debian box doing bridgeing firewalling with a patched 2.4.18
kernel.

the users didn't even notice it going in until they realised that their 
zonealarm's had stoppped squawking about sniffers.

fast network going through an old (pII) box.

it was a little bleeding edge when we implemented but it's been rock solid.




___

Not yet is the spirit of that pristine valour
extinct in you, when girt with steel and lofty flames
once we fought against the empire of heaven.
We were -- that I will not deny -- vanquished in that conflict:
yet the great intention was not lacking in nobility.
Something or other gave Him victory: to us remained
the glory of a dauntless daring.
And even if my troop fell thence vanquished,
yet to have attempted a lofty enterprise is still a trophy.

--From La Strage degli Innocenti (The Slaughter of the 
Innocents) by Giambattista Marino (1569-1625)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian as a packet shaper

2002-12-30 Thread nate 
Matthew Daubenspeck said:
> I am looking into the possibility of using a server as a packet shaper
> with Debian. Is this viable?
>
> I have researched other commercial packet shapers, and, for the most part,
> are way out of the possible budget. Plus, if I can do the same thing with
> a server and Debian, I would look like a hero when the
> budget came in way under projects amounts :)

I've been usin debian since hamm was released. But the linux kernel
doesn't have the greatest history for performance in networking. More
recently this may of changed a bit but much of the code is too new and
untested for my taste.

In a traffic shaping enviornment, or a firewall or an IDS, I much prefer
freebsd. Although I absolutely despise the freebsd 'distribution' (that
whole ports thing pisses me off), the kernel is real good(hoping for the
day when there is a stabilized debian/freebsd) when it comes to networking.
And has a long positive history of being able to handle fast networks. I
currently only use it in these roles, specifically bridging firewalls/NIDS,
and it works great, I just dread their upgrade process.

it depends on your needs, my traffic shaping needs are quite basic,
I read that linux 2.4 has some advanced features which may be useful
for some configurations, this seems to be a good place to start if
your wanting to use the linux kernel with traffic shaping:
http://lartc.org/

perhaps this:
http://lartc.org/howto/lartc.ratelimit.single.html

I use this under freebsd:
http://www.freebsd.org/cgi/man.cgi?query=dummynet&sektion=4

I run my freebsd systems usually with at least 3 network interfaces, 2
of which are in bridged (IP-less) mode, making them transparent to the
network. In more complicated networks I use Znyx(or is it Zynx?) 4-port
PCI network cards so I can have 8 or more interfaces. Using bridged mode
is another reason why I did not choose linux for this task, in all my
years of using linux I've only read/heard about a couple people that
have tried/and or use the bridging features of linux. And all of those
people were discussing IDSs on another mailing list recently. By contrast
I've known many people over the years who use free/openbsd in bridged
mode and give it high marks. I just get the feeling it's been tested
much more.

there looks to be bridging for linux info here:

http://bridge.sourceforge.net/


nate




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debian as a packet shaper

2002-12-30 Thread Matthew Daubenspeck 
I am looking into the possibility of using a server as a packet shaper
with Debian. Is this viable?

I have researched other commercial packet shapers, and, for the most
part, are way out of the possible budget. Plus, if I can do the same
thing with a server and Debian, I would look like a hero when the
budget came in way under projects amounts :)

I am probably looking at a 1000 client network. Any ideas where I
should start to look?
-- 
:wq

 Matthew Daubenspeck
 http://www.oddprocess.org



msg21650/pgp0.pgp
Description: PGP signature