Building a Linux Router

I need to build a Linux Router at my office.  We currently have a PIX firewall so the Linux route does not need do NAT and be a router.  After going through all the different pre assembled options out there I think I will build it my self either using Fedora Core 4 or RHEL4 update 2.  One of the most compelling reasons for my doing it on my own is that I can setup some really nice monitoring tools on the machine and incorporate them into our corporate monitoring.

Anyway, my questions are this:
     1. Should I enable the firewall but leave NAT turned off?  Will this slow down the router?
     2. Should I enable SELINUX?
     3. I have found a few TCP Tuning options on the net but what options do I really need to tune?
     4. Are there and good tools out there that I can run to show me if I need to change/tweek any of the TCP Tuning options?

Thanks,
Louis
LVL 1
louisbohmAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leisnerCommented:
Premature optimization is the root of all evil.
If you have a firewall upstream, do you trust the people between you and the firewall?
If you turn on the firewall, there will be a cost (the incoming packets have to be matched against
the rules).  Is this noticable?  depends on a lot of things (the size of the rule set, the speed of the hardware).  
2) Its hard to answer your questions -- do you have a reason to enable SELINUX (I never have.... I work for
a Fortune 500 company).  
3)Maybe none...please see first line....I'd have to look at how to tune...
4) good questions, I suppose there are test suites -- you'd want  to look at
latency and bandwidth....


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
louisbohmAuthor Commented:
I have to trust the people behind the firewall at least to some extent.  My only thought for running the firewall and/or selinux is to protect the router itself.  So allow packets to be routed between the networks but use the firewall to prevent/limit access to the local machine.  Control which IP's can access the localhost and setup rules for DoS and Sync attacts.  Though I have no idea how to set up thouse rules.

On the machine I would be running NTOP and maybe a couple of other things to collect performance data and try to send it to my monitoring station.

The machine I have is a Dual Pentium 3 700 Mhz with 1 gig of ram and about a 20 gig HD.  I have not seen a huge amount of traffic going over the internet link but since I have T3 internet access (got to love wireless access) the users definitly could create a lot of traffic.  If I do run the firewall and I find that it gets in the way I could always shut it down.

Louis
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.