Hello all, been a long time. woohoo here we go,
I have volunteered my time to help a friend install and configure a small office network at a summer retreat. the network is this:
5 computers wired on 192.168.10. 10-14 connected to a linksys router (office)
2 computers wired on 192.168.20. 10-11 connected to a linksys router (house)
5 wireless Access Points wired on 192.168.30. 10-14 connected to a linksys router running dhcp for the wireless clients covering the property and lake.
its all in and works, now its time to reach out
There is one internet connection (1.5Mbps with 5 static ip) and I would like to share it 0.5 Mbps to each segment while keeping each separate and secure. it would be nice to allow segments to use idle bandwidth and possibly have the house at 1.0 Mbps and the other 2 at 0.25 Mpbs on demand for skype-voip-confrence.
I have 1 Linux box(Slackware 13) should it have 4 nics or 2 nic with 1 aliasing 3 segments ? how much has changed since ipmasq ? looking for some direction as to kernel compile and howto's that i will need to read. security is important but wanted to keep it as simple as i can.
is Slackware able to dynamically allot bandwidth ? or is cisco the way to go (there is a 2924 and a 2621 on the shelf) leaving the linux box for firewall. but then i'd have to read up on cisco programming too well i could get someone to come in and do the cisco stuff (vlans and shaping) i guess but tell me what you all think.
I have a few weeks to get my head around this so any help would be great.
Thanks.
It's less of a case of "can slackware do that?" than "is there some service for Linux to do that?" then "what does slackware call that service?"
If you're after traffic shaping and load-balancing, I think iptables has modules to do that. I also read that the "tc" utility can act a a limiter to traffic.
aha - a web page that explains some of it!
In terms of networking... I would use the one NIC for the internal networks and alias the IPs on it, since you are using two different logical networks and your ruleset can use a netmask to determine the origin of the internet request (did it come from home or office?), but this would mean the two networks are physically connected and won't stop someone from adding an IP alias to one machine to fool the router into believing it originated from the other (and bypass restrictions). Having separate NICs is a better option, but you may run into issues with trying to act as a router/bridge between the two networks.
Similarly, the connection to the internet should be segregated onto another NIC, so there's no way of accessing it directly without going through the Linux router and succumbing to the ruleset you're enforcing.
(nb: to answer one question: ipmasq became ipchains then iptables. Masquerading in iptables is known as "NAT" - network address translation - now. Caught me out a few times.)
One alternative option you may want to investigate is some all-in-one distro that may do the lot for you, such as
smoothwall. By the looks of
their features, it could be everything you asked for in a easy-to-use web-based system. The advantage is that you don't need to know how tc/iptables/etc all works... the disadvantage is that you need to understand how to use that tool - but it seems strongly-supported, so assistance should be readily forthcoming from that community.
Hope that helps!