[17804] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: So... what's the best routing solution for..

daemon@ATHENA.MIT.EDU (Greg Simpson)
Fri Jun 12 02:09:09 1998

Date: Fri, 12 Jun 1998 02:07:58 -0400 (EDT)
From: Greg Simpson <gws@sweet.com>
To: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
cc: Steve Sobol <sjsobol@shell.nacs.net>, jzeeff@verio.net, nanog@merit.edu
In-Reply-To: <199806120549.WAA07819@condor.mhsc.com>


He said this was an ethernet handoff from the isp; they are not simply 
going to plug him into a switch; he will most likely get a port on a 
cisco; they should be able to apply policies for him.. no?

I don't see why he even needs a router, unless there is a lack of a trust 
of the upstream's ability to filter.. Or if you know beforehand they will 
not?

Oh, and c'mon Roeland, ipfwadm isn't *that* horrid. :) Granted, linux 
will not have release-stable socket filters until 2.2.*, but it ain't 
half bad..!

If your business requires offsite support of hw/sw, a 2514'd do you 
justice, but it can also be useful to have a un*x box as the router.. 
cheap proxy/cache engine anyone?

-g

> >> >Don't use any routing protocol at all.  Actually, skip having your
> >> >own router too.
> >> 
> >> Agreed, we ran default static routes for a long time. Y'all don't even need
> >> a router. I might recommend a LinkSys 2-port ethernet switch, though.
> >> (Control collision domains, See DataComm Warehouse.).
> >
> >Hm. My main goal is to be able to block stuff from entering my LAN that 
> >I don't want there. With a Cisco or Livingston box or something similar,
> >it's just a question of installing filters. I could set up a box and use
> >ipfwadm, perhaps that would be the best thing to do?
> 
> That would be the cheap thing to do. But, from personal experience, ipfwadm
> is a PITA! Granted, you only have to do the setup once, thank God.
> 
> If you have the budget, buy a firewall-router/switch. But, they're
> decidedly not cheap.
> ___________________________________________________ 
> Roeland M.J. Meyer, ISOC (InterNIC RM993) 
> e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com
> Internet phone: hawk.mhsc.com
> Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
> Company web-site: <http://www.mhsc.com/>www.mhsc.com/
> ___________________________________________ 
> SecureMail from MHSC.NET is coming soon!  
> 

home help back first fref pref prev next nref lref last post