Link to home
Start Free TrialLog in
Avatar of louisbohm
louisbohmFlag for United States of America

asked on

Building a Linux Router

I need to build a Linux Router at my office.  We currently have a PIX firewall so the Linux route does not need do NAT and be a router.  After going through all the different pre assembled options out there I think I will build it my self either using Fedora Core 4 or RHEL4 update 2.  One of the most compelling reasons for my doing it on my own is that I can setup some really nice monitoring tools on the machine and incorporate them into our corporate monitoring.

Anyway, my questions are this:
     1. Should I enable the firewall but leave NAT turned off?  Will this slow down the router?
     2. Should I enable SELINUX?
     3. I have found a few TCP Tuning options on the net but what options do I really need to tune?
     4. Are there and good tools out there that I can run to show me if I need to change/tweek any of the TCP Tuning options?

Thanks,
Louis
ASKER CERTIFIED SOLUTION
Avatar of leisner
leisner

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of louisbohm

ASKER

I have to trust the people behind the firewall at least to some extent.  My only thought for running the firewall and/or selinux is to protect the router itself.  So allow packets to be routed between the networks but use the firewall to prevent/limit access to the local machine.  Control which IP's can access the localhost and setup rules for DoS and Sync attacts.  Though I have no idea how to set up thouse rules.

On the machine I would be running NTOP and maybe a couple of other things to collect performance data and try to send it to my monitoring station.

The machine I have is a Dual Pentium 3 700 Mhz with 1 gig of ram and about a 20 gig HD.  I have not seen a huge amount of traffic going over the internet link but since I have T3 internet access (got to love wireless access) the users definitly could create a lot of traffic.  If I do run the firewall and I find that it gets in the way I could always shut it down.

Louis