[MUD-Dev] Mud Network Setup

J C Lawrence claw at kanga.nu
Fri Mar 3 23:16:36 New Zealand Daylight Time 2000


On Fri, 3 Mar 2000 23:36:40 -0500 
Jon A Lambert <jlsysinc at ix.netcom.com> wrote:

> J C Lawrence wrote:

>> Low end routers: El-cheapo i486 and pentium boxes with a couple
>> NICs work well.  There's a rash of such PCI 4U rackmounts going
>> cheap here in the Valley as a number of labs clear out -- they
>> make very attractive firewall/routers.  I have an i486-33 sitting
>> beneath my desk as the router/firewall for the home LAN that's
>> serving excellent duty for a net cost of $25 in parts (admittedly
>> the rackmount stuff is a tad more expensive).  Its a cute box
>> really:

> I'm confused about this issue.  I was planning on connecting the
> P-III right onto the net.  Should I instead use the 486 or P90 as
> a router?  

This really depends on what you want for box connectivity.  What
boxes need to communicate to what, and what protocols would they
need to use (there are a few protocol problems going thru IP Masq).
Its also worth realising that the compute horsepower needed for a
NAT or IP Masq box is fully satisfied by an i386SX-16 -- a box on
which Linux runs quite happily.

> What are the downsides and upsides of using the linux machine as a
> firewall/router?  

Versus what?  Versus a Cisco box with IOS? or versus nothing at all?
What is being compared here and why?

Firewalls, and in particular asymmetric NAT (number of internal
addresses not equal to number of external addresses) violate several
of the base assumptions of 'net communications and there are
occassional prices to pay for that in protocol breakages.

  Note:  NAT covers translations of the forms:

           N<->N' -- where internal addresses (N) are mapped to an
                     equal number of external addresses (N')

           N<->M  -- where internal addresses (N) are mapped to a
                     smaller set of external addresses (M)

           N<->1 --  where internal addresses (N) are mapped to a
                     single external address (commonly known as IP
                     Masquerading) and actually a special case of
                     the second form.

The last is the most complex in its necessity to do intelligent port
following and protocol prediction, and thus is the mostly likely to
break things.  Most of the commonly used non-single-stream protocols
at this point have adaptors which correctly process assorted
protocols thru an IP Masq box because of this (eg FTP, IRC 9due to
ident requirements IIRC), Quake, etc).  your protocol sensitivity is
utterly dependent on what you run.  I haven't hit a problem for a
couple years now, but then I really exercise a very small set of
protocols.

Well, asides from breaking the pattern of your all-windows setup, it
really depends on how you do your NAT and whether any of the
protocols you run are sensitive to the violation of end-to-end
connectivity (most aren't, but its not 100%).

Outside of that, there are few problems.  If you want you can use
one of the single-floppy distributions, or even (fairly trivially)
build and cut your own bootable CD and run it that way.  There's
also a mini HOW-TO on the area which is quite good.  If you go for
the magentic media approach, Debian probably makes the simplest to
maintain distribution (which is why I moved all my moxes off RedHat
about a year ago). as you can do most of the work of system
maintenance and upgrade off cron-jobs and then just hand walk the
few things that need supervision when-ever you wish (which is
specifically why my colo boxes all run Debian: No more CD upgrades
-- everything is done over the wire).

> Could I also use it as a browser gateway...

What is your definition of a browser gateway?  Using NAT, HTTP works 
quite nicely and utterly transparently out thru the the NAT box.
Installing a cacheing or filtering proxy ala junkbuster or squid
really changes nothing there -- it all works just fine due to the
fact that HTTP is a simple single stream protocol that is NAT
insensitive.

> ...since I'd like the P-II to have web access.  

Perhsps I should diagram the net here at home:

  ---(T1)----(Emu)----(Hub)
                        |
                        +--Dingo
                        |
                        +--Toad
                        |
                        +--Koala
                        |
                        +--Bruce
                        |
                        +--Royal
                        |
                        +--etc


Emu is an i486-33 with 20Meg RAM, a 2Gig HD and a couple 3C509 NICs
(its the $25 box I mentioned earlier).  Its running Linux 2.2.10 IP
Masq on the internal network, and PPPoE with dynamic IPs out to my
ISP.

The hub is an ordinary Arlotto 10/100 8 port hub.

Dingo is my main workstation (the one I'm typing on now), Toad is my
remaining OS/2 box, Koala is a test server, Bruce is the
AlphaStation that used to run Kanga.Nu, Royal is the wife's
workstation, and then various other boxes I'm mostly trying to get
rid of continue the network.  Every box plugged into the hub has
full net access: HTTP, FTP, SSH, SMTP, IRC, you name it.  All
transparent and without effort or special configuration other than
making Emu their default route.

> Would I only need 1 static IP for all 3 machines?  

If you do IP Masq, yes.  Please read up on it.  If you want, drop me
a note off list and I'll walk you thru the area on the phone.

>> Switches: HP makes some very nice equipment.  Hot pluggable, full
>> (and well done) SNMP support, remote console, etc.  Been a while
>> since I've bought one, but they were comparitively reasonably
>> priced last time I did.

> I prolly won't need these.  At least I don't think so!?

Nah, you shouldn't.  They're really only useful for large
installations.

>> Cases:

> All towers.  Too late now.  ;-)

Have a look into the SunCheer tower cases.  Very very nice.

>>> What type of network connection and what was the install cost
>>> and monthly, yearly cost are you paying?

>> Kanga.Nu is sitting on a 384Kbit DSL...

> I'm going to be running web and ftp services, light use.  And only
> occasionally running remote shells.  I'll want to support about
> 100-150 users at a time the same mud using 1k-2k per user.  It
> looks like a constant 384K in both directions is about the minimum
> I should check into, no?

Yes, tho you *might* be able to get away with 114K IDSL, but its
squeezy.

>> Name registration: DNS services:

> I'd like to spend less than $100/mo average cost, outside of the
> installation.

Going for the cost cutting route:

  ISP charges:  $market, but typically in the $15-$75 range.

  Telco/CLEC charges: $market, but typically in the $20-$110 range

  (note the previous two values vary WIDELY depending on local
  market, providers, phase of the moon, and other unknowables.  All
  bets are off on the above numbers applying to you).

  Forgo name registration and nameservice and bum a subdomain (and
  thus name service) off a friend (eg lambert.kanga.nu).  Cost: $0.

  Bum secondary MX service for your subdomains off friends.  Cost:
  $0.

More expensive options:

  ISO TLD domain registration typical cost: $25/yr - $50/yr

  NET/ORG/COM domain registration cost: $75/yr

  Commercial name service: $25/yr for EasyDNS (example)

  Secondary MXing: $market but typically $5-$35/month from your ISP
  for those that offer it.

  You can also semi-cheat and use one of the Dynamic DNS services in
  lieu of proper name service.  Cost ranges from free to $25/yr last
  I checked.

You can pick any combo out of the above that makes sense.

--
J C Lawrence                                 Home: claw at kanga.nu
----------(*)                              Other: coder at kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--


_______________________________________________
MUD-Dev maillist  -  MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev



More information about the MUD-Dev mailing list