John, I am thinking of doing something similar. Have you tried to connect to IPSEC with Linux or some other OS? How difficult is it?
> I know I'm coming in late to this discussion but here's what I was using > (what I'm using now is further down). > Alix box with DNSMasq as DHCP & DNS. I've never setup Bind so I have no > idea of the relative effort involved. > > My requirements are: > Static IP pool from x.y.z.1 to x.y.z.99 > DHCP pool from x.y.z.100 to x.y.z.254 > Functionally static IPs for two NAS devices > This worked great and allowed all my internal machines to see each > other. The only thing I had to do was turn off the DHCP server on my > Linksys router. > > Current network: > My earlier infrastructure was a hybrid of 100GB/GigE and I built a new > network anchored by a DLINK DSR-250 that is pure GigE with a couple of > VLANs to separate traffic. The DSR-250 does VLANs and IP/MAC mapping out > of the box so no issues there. > > Interestingly I had a bit messing around to get DNSMasq to resolve > hostnames on my local network but got it working. The DSR-250 did it > out of the box. > > I would not hesitate to go back to DNSMasq if I ever found unresolvable > issues with my current setup. > > Cheers, > John J. > > On Mon, 2013-08-12 at 01:29 -0600, Shawn wrote: >> Thanks All. >> >> I've used Bind in the past, but it has been a couple of years. I do >> remember that it was a little more of a technical pain in the butt, but >> effective. But seeing as it's been a while, I thought I'd ask. >> >> I checked out DNSmasq and it seems to be a reasonable solution in my >> case. At least worth trying out. If it doesn't work out I can always >> go back to BIND. >> >> Shawn >> >> On 13-08-12 12:53 AM, Gustin Johnson wrote: >> > dnsmasq is used by default on OpenWRT IIRC as well. >> > >> > Bind may be a "heavy" solution, but it is ultimately the one I chose. >> I >> > have 3 bind servers on my LAN. The primary is actually a VM (KVM) >> with >> > the slave installs living on the firewall itself (vanilla Ubuntu 13.04 >> > server) and the KVM server host. >> > >> > I used to have the isc dhcp server update the zone file, but now I >> > statically assign the DNS to avoid collisions so this is possible, it >> > just does not work out of the box like it does with dnsmasq (I do not >> > actually want this enabled in my primary LAN). >> > >> > To actually answer your question, either solution will work, but I am >> a >> > fan of Bind so I will probably always suggest it :) >> > >> > >> > On Sun, Aug 11, 2013 at 9:57 PM, Anand Singh <an...@linizen.com >> > <mailto:an...@linizen.com>> wrote: >> > >> > I'm actually an Untangle reseller and only have it installed as a >> > firewall/gateway at two small sites. For larger networks I use it >> > in bridge mode behind another firewall. It's just not a robust >> > gateway solution. >> > >> > For Internet facing DNS zones Bind is the way to go, but is >> overkill >> > for your application. DNSmasq is a better option since it is >> light >> > weight, and has a built-in DHCP server to allow automatic name >> > creation in the DNS responder based on the DHCP hostname. i.e.: >> If >> > mygamebox picks up a DHCP lease, it automatically gets a DNS >> entry. >> > >> > DNSmasq is used by many firewall distributions (including >> Untangle) >> > to provide that functionality. >> > >> > Anand. >> > >> > >> > On Sun, Aug 11, 2013 at 9:32 PM, Shawn <sgro...@open2space.com >> > <mailto:sgro...@open2space.com>> wrote: >> > >> > So I have a basic network set up now via my Asus RT-N56U >> > wireless router with updated firmware (which happens to have >> > parental controls too!!). The one thing it seems to be missing >> > is name resolution. I can't ping any other boxes on the >> network >> > by name with the firewall as my gateway and name resolver. >> > >> > The obvious short term solution is to add my boxes into my >> > /etc/hosts file. That only affects my local box though. So >> I'm >> > looking at setting up a DNS server on my network and thought >> I'd >> > ask here for tips and such first. (my previous firewall - >> > Untangle - has failed on me, but allowed me to add HOSTS >> entries >> > on the firewall that would be used for internal resolution...) >> > >> > Is Bind still the best DNS server? Is there another/simpler >> > name resolution solution I'm missing? >> > >> > Thanks for any tips. >> > >> > Shawn >> > >> > _________________________________________________ >> > clug-talk mailing list >> > clug-talk@clug.ca <mailto:clug-talk@clug.ca> >> > http://clug.ca/mailman/__listinfo/clug-talk_clug.ca >> > <http://clug.ca/mailman/listinfo/clug-talk_clug.ca> >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.__php >> > <http://clug.ca/ml_guidelines.php>) >> > **Please remove these lines when replying >> > >> > >> > >> > _______________________________________________ >> > clug-talk mailing list >> > clug-talk@clug.ca <mailto:clug-talk@clug.ca> >> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> > **Please remove these lines when replying >> > >> > >> > >> > >> > _______________________________________________ >> > clug-talk mailing list >> > clug-talk@clug.ca >> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> > **Please remove these lines when replying >> > >> >> _______________________________________________ >> clug-talk mailing list >> clug-talk@clug.ca >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying > > > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > _______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
