byUsers Forums

Jellyroll · 06-02-2010 13:44:26

I'm about to have my Internet speed upgraded to a point that my current firewall won't be able to cope with. However, I'm very happy with my current firewall. It ain't broke, just slow, so I'd rather not risk fixing it...

What I'd like to do with the extra bandwidth is set up another Internet-facing machine on another IP (I have a small subnet of my own cool ) whose sole responsibility will be to use that extra bandwidth for file transfers - iPlayer, torrents, FTP, etc. That machine will need to sit between my router (which is a Draytek, clever enough that I can reserve fresh bandwidth for this new use on one of its Ethernet ports, and leave its other existing functions unaffected on its remaining ports) and my LAN, acting as a firewall in keeping the two absolutely separate - nothing in and nothing out, no routing function or proxy function, just the traffic instigated by the box itself - taking files from external sources and placing them on a NAS device so that machines on the LAN can see them.

The box I shall dedicate to the task is an old-ish Toshiba Portege 7220, which has an on-board 100Mbps NIC for talking to my router, and a PCMCIA slot into which I shall insert another 100Mbps card (a D-Link DMF-560TX) for talking to the LAN. It will need to be able to run a BitTorrent client (one that supports PeerGuardian, just on principle), and to be accessible from both LAN and Internet using SSL and VNC (or a similar remote control function) so that I can instigate downloads by launching a client of the right type - browser, FTP, ICQ etc. - on it and pasting in links as appropriate.

There are various ways that could be done, I'm sure, and various Linux and BSD distros would be suitable, but I'd like to know if anyone has seen (or, better, implemented) a particularly good way of doing it.

jerryh · 06-02-2010 15:47:43

If I correctly understand what you are trying to do then I use a similar setup although not to improve firewall throughput but to run my sons torrents, downloads etc on a low power machine.

Use it for local media streaming direct to web enabled devices (again to save running a 500w PC just to listen to a bit of music)
Also useful for remote connection when I'm away.

I run Ubuntu server edition on a Compaq 700UK laptop (Duron 700 with 512MB Ram) - probably one of the worst laptops ever sold. - now there's a topic for discussion.

Ubuntu server was quick and easy to customise and install. With only the required applications installed its been running now for 3 months 24/7 with no interference.

I run it behind my router firewall but it would equally work as a firewall in its own right and will do everything you want.

I tried a couple of server variations but none were as flexible or as easy to use.

Jellyroll · 22-02-2010 08:28:33

Well, after getting all the bits together I needed - 10 metre LAN cable and a Buffalo LinkStation Mini to provide a quiet, low-power always-on NAS for the sitting room - I went to install Ubuntu 9.10 Karmic Koala on the Portege over the weekend. It installed fine, downloading its updates over the D-Link, but then on its first boot it couldn't find the D-Link any more. DMESG showed the system recognising that the card had been inserted, but IFCONFIG simply couldn't see it.

I then tried Vector Linux 5.8, on the basis that the older hardware might prefer a more lightweight distro. That installed fine, up until the point where it had to recognise the S3 graphics adapter, which it failed to do.

At that point I gave up. (Well, I say "at that point", it was actually after trying to install Ubuntu about three times, Vector 5.8 twice, Vector 6.0 once - that was a complete non-starter - and Mint once, but that wouldn't even boot its live CD.)

The expression "Linux is user-friendly; it's just picky about who its friends are" never seemed truer.

boringgit · 22-02-2010 20:06:53

I can't stand Toshibas.

Trouble, is I can't stand them for all the wrong reasons - back when speedstep and the like were not available I remember a Toshiba laptop which had a nifty hardware / software feature which would dynamically adjust the CPU speed to optimise battery life. The guy who owned it loved the battery life, and give them their dues in general, the design is usually pretty sharp.

Trouble was, without the software the laptop defaulted to the slowest speed. The software only ran on whatever version of Windows was current back then and it was pretty horrible to use....

I use Puppy Linux all the time - mainly because its a 100mb live CD - but when I put it on the hard drive it boots in about 20 seconds! I've found hardware support to be good - not perfect, but good.

Jellyroll · 23-02-2010 18:58:53

I've got a copy of Puppy somewhere. I'll give it a go at the weekend...unless I can find another PCCard LAN adapter somewhere that is recognised by Ubuntu.

Jellyroll · 20-03-2010 10:12:58

It's Working! big_smile

I finally got Ubuntu onto the notebook, and recognising both its NICs, simply by re-installing in "advanced" mode. I didn't choose anything different from the automated install, but it made the PCMCIA NIC work.

A couple of straightforward entries in ufw (Ubuntu's firewall manager) to allow SSH and BT traffic, a copy of rtorrent, and we're off. The notebook and NAS are running almost silently in the sitting room (unless I stress the notebook and its fan kicks in), I can access the notebook from the Internet, I can access the NAS from the notebook on its LAN (as opposed to WAN) interface through a little switch, and can access it from the rest of the LAN by powering on the switch that connects the little switch to the rest of the house.

No more than 300 kbytes per second peak download rate so far (peak throughput on my ADSL router is 2200 kbps down), rate-limited to 50 kbytes up per second (400 kbps on the router), so it's not stressing the link.

I run rtorrent using screen, so I can (optionally) detach the session and grab it (with screen -x rtorrent) from wherever I log in, whether locally on the notebook, SSH from the LAN or SSH from the Internet.

I tried to use moblock, but it blocked access to the trackers - my error, without doubt - so I've given up on that. Also I followed the recommended sizing for filesystems, and / is now 95% full with only 18MB free, which is a bit rubbish, because it means I can't install linux-image-2.6.31-20-generic-pae (it fails with:

Code:

dpkg: error processing /var/cache/apt/archives/linux-image-2.6.31-20-generic-pae_2.6.31-20.58_i386.deb (--unpack):
 failed in buffer_write(fd) (10, ret=-1): backend dpkg-deb during `./lib/modules/2.6.31-20-generic-pae/kernel/drivers/pcmcia/pcmcia_core.ko': No space left on device

)

I had a look at using lvresize to take some space from /home and give it to / using the Logical Volume Manager, but e2fsresize complained about the result, insisting e2fsck was needed, so I bottled out and reverted things.

Still, it's working pretty much as I intended, so I shall leave it running rather than try to "fix" it. cool

byUsers Forums

Announcement

#1 06-02-2010 13:44:26

Firewall+

#2 06-02-2010 15:47:43

Re: Firewall+

#3 22-02-2010 08:28:33

Re: Firewall+

#4 22-02-2010 20:06:53

Re: Firewall+

#5 23-02-2010 18:58:53

Re: Firewall+

#6 20-03-2010 10:12:58

Re: Firewall+

Code:

Board footer