[leaf-user] multiple static ip address router/firewall
Hi group, I have been using Bering uClibc for a couple of years now. It has been rock solid and great. My thanks go out to everyone. I currently use my leaf box with 5 static ip's without any major problems. But my question to you guys and gals is do you know of an over the counter firewall/router (like Linksys, D-Link, or Netgear) that can route multiple public static IP's for a single cable or dsl connection? If there are no "cheaper" solutions, what would an entry level cisco model be? How would these solutions compare price wise to a WRAP running uClibc? Thanks in advance, Andrew --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
None of the over-the-counter router-in-a-boxes are going to be able to handle multiple static IPs, with the possible exception of a Linksys that's had it's firmware replaced with a Linux-based one from the hardware hacking groups. An entry level Cisco is hideously expensive; I found two on Pricewatch for $389 USD from a retailer with truly bad reviews. Last time I looked for one (which, admittedly, was a couple of years ago) the same model was going for $1500 USD refurbished. I adore Cisco equipment and the IOS, but it is way too pricey if you're not running a major site - and even then, it's questionable. You're going to be far better off with Bering uClibc and any kind of hardware than you are spending the money a Cisco will cost, especially since most of them you'll need to buy a second ethernet card for your external interface and actually get a license for IOS. George Andrew Nance wrote: Hi group, I have been using Bering uClibc for a couple of years now. It has been rock solid and great. My thanks go out to everyone. I currently use my leaf box with 5 static ip's without any major problems. But my question to you guys and gals is do you know of an over the counter firewall/router (like Linksys, D-Link, or Netgear) that can route multiple public static IP's for a single cable or dsl connection? If there are no "cheaper" solutions, what would an entry level cisco model be? How would these solutions compare price wise to a WRAP running uClibc? Thanks in advance, Andrew --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] multiple static ip address router/firewall
Thanks George, That's what I was afraid of. It looks like my options now are to build (or buy cheep dell ($300 w/ no OS)) computer to handle firewall/routing or go with the wrap or soekris. I plan on having multiple video streams going through this router/firewall nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I need the extra cpu of a regular computer or will the wrap be able to handle it? Thanks, Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Metz Sent: Wednesday, July 13, 2005 5:27 AM To: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] multiple static ip address router/firewall None of the over-the-counter router-in-a-boxes are going to be able to handle multiple static IPs, with the possible exception of a Linksys that's had it's firmware replaced with a Linux-based one from the hardware hacking groups. An entry level Cisco is hideously expensive; I found two on Pricewatch for $389 USD from a retailer with truly bad reviews. Last time I looked for one (which, admittedly, was a couple of years ago) the same model was going for $1500 USD refurbished. I adore Cisco equipment and the IOS, but it is way too pricey if you're not running a major site - and even then, it's questionable. You're going to be far better off with Bering uClibc and any kind of hardware than you are spending the money a Cisco will cost, especially since most of them you'll need to buy a second ethernet card for your external interface and actually get a license for IOS. George Andrew Nance wrote: > Hi group, > I have been using Bering uClibc for a couple of years now. It has been rock > solid and great. My thanks go out to everyone. > I currently use my leaf box with 5 static ip's without any major problems. > > But my question to you guys and gals is do you know of an over the counter > firewall/router (like Linksys, D-Link, or Netgear) that can route multiple > public static IP's for a single cable or dsl connection? > If there are no "cheaper" solutions, what would an entry level cisco model > be? > How would these solutions compare price wise to a WRAP running uClibc? > > > Thanks in advance, > Andrew > > > > --- > This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening > July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual > core and dual graphics technology at this free one hour event hosted by HP, > AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar > > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
Honestly, I'm not up on the specs for the WRAP or Soekris boards, but I'd be fairly surprised if they wouldn't serve admirably. I'm currently using, of all things, a Microsoft wireless router that normally just serves as my AP point (we just moved, and I have to rebuild my LEAF box now that I have a connection the old ISA 3Com cards would throttle) and I've had a radio stream, 2 connections to World of Warcraft, and about 5 threads downloading large files without a real problem. Given that the thing is probably the most underpowered router-in-a-box I've seen, just about anything should work fine for you. Andrew Nance wrote: Thanks George, That's what I was afraid of. It looks like my options now are to build (or buy cheep dell ($300 w/ no OS)) computer to handle firewall/routing or go with the wrap or soekris. I plan on having multiple video streams going through this router/firewall nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I need the extra cpu of a regular computer or will the wrap be able to handle it? Thanks, Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Metz Sent: Wednesday, July 13, 2005 5:27 AM To: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] multiple static ip address router/firewall None of the over-the-counter router-in-a-boxes are going to be able to handle multiple static IPs, with the possible exception of a Linksys that's had it's firmware replaced with a Linux-based one from the hardware hacking groups. An entry level Cisco is hideously expensive; I found two on Pricewatch for $389 USD from a retailer with truly bad reviews. Last time I looked for one (which, admittedly, was a couple of years ago) the same model was going for $1500 USD refurbished. I adore Cisco equipment and the IOS, but it is way too pricey if you're not running a major site - and even then, it's questionable. You're going to be far better off with Bering uClibc and any kind of hardware than you are spending the money a Cisco will cost, especially since most of them you'll need to buy a second ethernet card for your external interface and actually get a license for IOS. George Andrew Nance wrote: Hi group, I have been using Bering uClibc for a couple of years now. It has been rock solid and great. My thanks go out to everyone. I currently use my leaf box with 5 static ip's without any major problems. But my question to you guys and gals is do you know of an over the counter firewall/router (like Linksys, D-Link, or Netgear) that can route multiple public static IP's for a single cable or dsl connection? If there are no "cheaper" solutions, what would an entry level cisco model be? How would these solutions compare price wise to a WRAP running uClibc? Thanks in advance, Andrew --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graph
RE: [leaf-user] multiple static ip address router/firewall
On Wed, 2005-07-13 at 10:06 -0500, Andrew Nance wrote: > I plan on having multiple video streams going through this router/firewall > nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I > need the extra cpu of a regular computer or will the wrap be able to handle > it? > Can you estimate how much bandwidth you use (average/peek) ? > Thanks, > Andrew --arne -- Arne Bernin <[EMAIL PROTECTED]> http://www.ucBering.de --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] multiple static ip address router/firewall
It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total bandwidth. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arne Bernin Sent: Wednesday, July 13, 2005 11:32 AM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] multiple static ip address router/firewall On Wed, 2005-07-13 at 10:06 -0500, Andrew Nance wrote: > I plan on having multiple video streams going through this router/firewall > nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I > need the extra cpu of a regular computer or will the wrap be able to handle > it? > Can you estimate how much bandwidth you use (average/peek) ? > Thanks, > Andrew --arne -- Arne Bernin <[EMAIL PROTECTED]> http://www.ucBering.de --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] multiple static ip address router/firewall
El jue, 14-07-2005 a las 11:18 -0500, Andrew Nance escribió: > It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total > bandwidth. From the graph, you see WRAP box is capable of sustaining around 4Mbps for 50 firewall rules (1500PPS and 350bytes/package). I think you could live with it :) -- Jaime Nebrera - [EMAIL PROTECTED] Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Nance wrote: | It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total | bandwidth. Almost anything fairly modern (ie: Pentium-class PCI based system) should be able to handle this kind of bandwidth. Even 486 based systems with EISA cards (should you actually be able to find one) could probably move this much data around. Most of those 'black-box' routers from Linksys, D-Link, et-al. will typically handle 3-5 MBits/s or more fairly easily (remember, they're engineered to hook to cable modems, and would look bad if they were a bottleneck). - -- Charles Steinkuehler [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFC1p1ULywbqEHdNFwRAv4pAKDDh3VsCG0Y68eFGuxtiY1ANXwAUgCghNWj N6PvPaR+7jTqTpYJIfgrET4= =DB3b -END PGP SIGNATURE- --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
Charles Steinkuehler wrote: Andrew Nance wrote: | It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total | bandwidth. Almost anything fairly modern (ie: Pentium-class PCI based system) should be able to handle this kind of bandwidth. Even 486 based systems with EISA cards (should you actually be able to find one) could probably move this much data around. - -- Charles Steinkuehler Testing my "brand new" set-up couple of years ago I got 700Kbps FTP transmissions with two SMC (ISA 10Mbps cards) in our company intranet. PC was a 486/50MHz with Bering 1.x from a floppy. It should be reasonable close to a ISA maximum? Processor load was somewhere 20-30% if I remember correctly. I have had the same machine running next to my ADSL for four years now...hey it's only 15 years old, it is supposed to work for another 10 years atleast! -M --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] multiple static ip address router/firewall
> Andrew Nance wrote: > | It is hard to estimate but somewhere around 750 Kbps to 1.5 > Mbps total > | bandwidth. > > Almost anything fairly modern (ie: Pentium-class PCI based > system) should be able to handle this kind of bandwidth. > Even 486 based systems with EISA cards (should you actually > be able to find one) could probably move this much data > around. Most of those 'black-box' routers from Linksys, > D-Link, et-al. will typically handle 3-5 MBits/s or more > fairly easily (remember, they're engineered to hook to cable > modems, and would look bad if they were a bottleneck). A 486 can handle a T1 (1.5mbps) or E1 (2mbps) while encrypting with 3DES and IPSEC. A pentium-75mhz can encrypt ~10mpbs. Both of these rates assume decent NICs. Most statistics for bandwidth include packets per second (PPS) and the # of bits or bytes in those packets. I think a WRAP can handle your load easily unless you are running some huge amount of firewall rules and QOS. In fact, I know so :) even though I don't own one :(. TomsHardware has a nice review : http://www.tomsnetworking.com/Reviews-169-ProdID-WRAP1D2-3.php. As you can see 266mhz WRAP can do ~40mbps NAT, or ~3.5mpbs Ipsec/3DES. This means it is somewhere between a fast 486 and a pentium 75mhz in speed for encryption. If I remember correctly a Pentium 75mhz can only do 20-30mpbs NAT so apparently the WRAP is faster for this kind of thing. Regards, P --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
> Andrew Nance wrote: > > | It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total > | bandwidth. > > Almost anything fairly modern (ie: Pentium-class PCI based system) > should be > able to handle this kind of bandwidth. Even 486 based systems with EISA > cards (should you actually be able to find one) could probably move this > much data around. > - -- > Charles Steinkuehler On a Soekris net4801 with Bering 1.2 using a 100Mb/s switch and a 8Mb/s cable modem I calculated almost 5Mb/s throughput on FTP. That is: 720MB CD transferred in 20 minutes == 36 MB in a minute == 0.6 MB in a second == 4.8 Mb/s. I guess a WRAP should behave close to this. Not that this below is a very relevant piece of information since the packets were very big and packet count was low, but: on the same Soekris wired with cross eth cables to one workstation on each side (no public connection) with 100Mb/s cards I fed the Soekris from one workstation with ping packets of 64Kbytes per second by increasing the number of simultaneous ping processes. On the target workstation I was observing the received throughput. I kept loading the Soekris/Bering with up to 42 streams, which makes roughly 42 Mb/s of bidirectional traffic. (1 packet sent per second; packet size 64KB * 8 = 512Kb; ping reply makes 2 x 512 Kb/s == 1 Mb/s; 42 processes == 42 Mb/s). More than 42 Mb/s produced a non-linear graph of the received traffic on the target workstation. Doing the same test on a commercial SOHO ethernet firewall/router caused the commercial router to colaps with overload at 4Mb/s, that is after the fourth simultaneous 64KB ping. Tom --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/