So... what's the best routing solution for..

Greg Simpson gws at sweet.com
Fri Jun 12 06:07:58 UTC 1998


He said this was an ethernet handoff from the isp; they are not simply 
going to plug him into a switch; he will most likely get a port on a 
cisco; they should be able to apply policies for him.. no?

I don't see why he even needs a router, unless there is a lack of a trust 
of the upstream's ability to filter.. Or if you know beforehand they will 
not?

Oh, and c'mon Roeland, ipfwadm isn't *that* horrid. :) Granted, linux 
will not have release-stable socket filters until 2.2.*, but it ain't 
half bad..!

If your business requires offsite support of hw/sw, a 2514'd do you 
justice, but it can also be useful to have a un*x box as the router.. 
cheap proxy/cache engine anyone?

-g

> >> >Don't use any routing protocol at all.  Actually, skip having your
> >> >own router too.
> >> 
> >> Agreed, we ran default static routes for a long time. Y'all don't even need
> >> a router. I might recommend a LinkSys 2-port ethernet switch, though.
> >> (Control collision domains, See DataComm Warehouse.).
> >
> >Hm. My main goal is to be able to block stuff from entering my LAN that 
> >I don't want there. With a Cisco or Livingston box or something similar,
> >it's just a question of installing filters. I could set up a box and use
> >ipfwadm, perhaps that would be the best thing to do?
> 
> That would be the cheap thing to do. But, from personal experience, ipfwadm
> is a PITA! Granted, you only have to do the setup once, thank God.
> 
> If you have the budget, buy a firewall-router/switch. But, they're
> decidedly not cheap.
> ___________________________________________________ 
> Roeland M.J. Meyer, ISOC (InterNIC RM993) 
> e-mail: <mailto:rmeyer at mhsc.com>rmeyer at mhsc.com
> Internet phone: hawk.mhsc.com
> Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
> Company web-site: <http://www.mhsc.com/>www.mhsc.com/
> ___________________________________________ 
> SecureMail from MHSC.NET is coming soon!  
> 



More information about the NANOG mailing list