Raymond M. Subasic wrote:
My situation:
I have a cable modem (COMCAST 6Mbit d/l) and am about to also have DSL (Verizon 3 Mbit d/l). I was thinking of using CentOS (4.4, 4.5, or 5??) as a router/dhcp server/firewall for my home network consisting of 3 to 6 computers at any given time. I seek the wisdom of the members of this list on the following issues:
-- Is CENTOS a good direction to go? I do not mind manually configuring things or installing lots of packages, and am doing this as both a learning experience for myself and proof of concept for a customer.
Its reasonable. not optimized particularlly as a firewall/routing system, its more of a general purpose server but its certainly capable of doing firewalling
-- Is it possible/hard/easy/trivial to share the load between the two connections? Have either link fail and things still work correctly?
possible? yes. hard, definately. easy/trivial, nope. reliably detecting a 'failed' link is also tricky as most failures will be upstream from you. routing outbound traffic and load balancing two seperate ISPs is also tricky.
-- I plan to build a box for this job – looking for general recommendations of how much horsepower (mem/disk space, etc) is required
a router/firewall can run off a 512MB flashcard, and a 450MHz CPU with 256MB ram is way more than adequate.
-- What are the implications of two pipes for incoming connections such as DynDNS based remote desktop or VNC, or web server, FTP, etc
the two connections have two differnet IPs on different networks. you'll need to run two DynDNS clients and sort all that out, you'll have two seperate possible hostnames to connect to from outside.
webserver, ftp server, etc would typically serve the content to either IP.
The basic hardware layout I see is 3 nics, 1 GB RAM, 60 GB disk space. 1 NIC for each WAN port, 1 NIC for my local net, some recent CPU.
I have been browsing through the “Linux Advanced Routing & Traffic Control HOWTO,” but am still not on top of how to get done what I’m looking for. I understand that there are probably products that I could buy to do this, but my preference is to do it myself.
thats the document you need to understand, along with the rest of the stuff on http://netfilter.org