Hi, @Andrew: Overall, I like the router. There is some internet rage against it but I have no major issues with it. My only minor quibble is that it takes "too long" to boot - but my network stack is on a UPS so it doesn't get rebooted very often:) I don't use the built-in VPN endpoint for a couple of reasons: 1) I don't trust them because I don't know how well or poorly they were implemented. http://lists.debian.org/debian-security-announce/2008/msg00152.html 2) I already have SSHd & OpenVPN available on my network.
@Robert: I haven't done anything with IPSEC - I should probably do at least a proof of concept but ... well, there are always other things to play with. The Alix functions as a dumping ground for all those tasks that didn't need their own server. This includes SSHd & OpenVPN servers which are my main means of remote access. Cheers, John J. On Mon, 2013-08-12 at 12:32 -0600, Lewko, Robert wrote: > John, I am thinking of doing something similar. Have you tried to connect > to IPSEC with Linux or some other OS? How difficult is it? > > > > I know I'm coming in late to this discussion but here's what I was using > > (what I'm using now is further down). > > Alix box with DNSMasq as DHCP & DNS. I've never setup Bind so I have no > > idea of the relative effort involved. > > > > My requirements are: > > Static IP pool from x.y.z.1 to x.y.z.99 > > DHCP pool from x.y.z.100 to x.y.z.254 > > Functionally static IPs for two NAS devices > > This worked great and allowed all my internal machines to see each > > other. The only thing I had to do was turn off the DHCP server on my > > Linksys router. > > > > Current network: > > My earlier infrastructure was a hybrid of 100GB/GigE and I built a new > > network anchored by a DLINK DSR-250 that is pure GigE with a couple of > > VLANs to separate traffic. The DSR-250 does VLANs and IP/MAC mapping out > > of the box so no issues there. > > > > Interestingly I had a bit messing around to get DNSMasq to resolve > > hostnames on my local network but got it working. The DSR-250 did it > > out of the box. > > > > I would not hesitate to go back to DNSMasq if I ever found unresolvable > > issues with my current setup. > > > > Cheers, > > John J. > > > > On Mon, 2013-08-12 at 01:29 -0600, Shawn wrote: > >> Thanks All. > >> > >> I've used Bind in the past, but it has been a couple of years. I do > >> remember that it was a little more of a technical pain in the butt, but > >> effective. But seeing as it's been a while, I thought I'd ask. > >> > >> I checked out DNSmasq and it seems to be a reasonable solution in my > >> case. At least worth trying out. If it doesn't work out I can always > >> go back to BIND. > >> > >> Shawn > >> > >> On 13-08-12 12:53 AM, Gustin Johnson wrote: > >> > dnsmasq is used by default on OpenWRT IIRC as well. > >> > > >> > Bind may be a "heavy" solution, but it is ultimately the one I chose. > >> I > >> > have 3 bind servers on my LAN. The primary is actually a VM (KVM) > >> with > >> > the slave installs living on the firewall itself (vanilla Ubuntu 13.04 > >> > server) and the KVM server host. > >> > > >> > I used to have the isc dhcp server update the zone file, but now I > >> > statically assign the DNS to avoid collisions so this is possible, it > >> > just does not work out of the box like it does with dnsmasq (I do not > >> > actually want this enabled in my primary LAN). > >> > > >> > To actually answer your question, either solution will work, but I am > >> a > >> > fan of Bind so I will probably always suggest it :) > >> > > >> > > >> > On Sun, Aug 11, 2013 at 9:57 PM, Anand Singh <an...@linizen.com > >> > <mailto:an...@linizen.com>> wrote: > >> > > >> > I'm actually an Untangle reseller and only have it installed as a > >> > firewall/gateway at two small sites. For larger networks I use it > >> > in bridge mode behind another firewall. It's just not a robust > >> > gateway solution. > >> > > >> > For Internet facing DNS zones Bind is the way to go, but is > >> overkill > >> > for your application. DNSmasq is a better option since it is > >> light > >> > weight, and has a built-in DHCP server to allow automatic name > >> > creation in the DNS responder based on the DHCP hostname. i.e.: > >> If > >> > mygamebox picks up a DHCP lease, it automatically gets a DNS > >> entry. > >> > > >> > DNSmasq is used by many firewall distributions (including > >> Untangle) > >> > to provide that functionality. > >> > > >> > Anand. > >> > > >> > > >> > On Sun, Aug 11, 2013 at 9:32 PM, Shawn <sgro...@open2space.com > >> > <mailto:sgro...@open2space.com>> wrote: > >> > > >> > So I have a basic network set up now via my Asus RT-N56U > >> > wireless router with updated firmware (which happens to have > >> > parental controls too!!). The one thing it seems to be missing > >> > is name resolution. I can't ping any other boxes on the > >> network > >> > by name with the firewall as my gateway and name resolver. > >> > > >> > The obvious short term solution is to add my boxes into my > >> > /etc/hosts file. That only affects my local box though. So > >> I'm > >> > looking at setting up a DNS server on my network and thought > >> I'd > >> > ask here for tips and such first. (my previous firewall - > >> > Untangle - has failed on me, but allowed me to add HOSTS > >> entries > >> > on the firewall that would be used for internal resolution...) > >> > > >> > Is Bind still the best DNS server? Is there another/simpler > >> > name resolution solution I'm missing? > >> > > >> > Thanks for any tips. > >> > > >> > Shawn > >> > > >> > _________________________________________________ > >> > clug-talk mailing list > >> > clug-talk@clug.ca <mailto:clug-talk@clug.ca> > >> > http://clug.ca/mailman/__listinfo/clug-talk_clug.ca > >> > <http://clug.ca/mailman/listinfo/clug-talk_clug.ca> > >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.__php > >> > <http://clug.ca/ml_guidelines.php>) > >> > **Please remove these lines when replying > >> > > >> > > >> > > >> > _______________________________________________ > >> > clug-talk mailing list > >> > clug-talk@clug.ca <mailto:clug-talk@clug.ca> > >> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >> > **Please remove these lines when replying > >> > > >> > > >> > > >> > > >> > _______________________________________________ > >> > clug-talk mailing list > >> > clug-talk@clug.ca > >> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >> > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >> > **Please remove these lines when replying > >> > > >> > >> _______________________________________________ > >> clug-talk mailing list > >> clug-talk@clug.ca > >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >> **Please remove these lines when replying > > > > > > > > _______________________________________________ > > clug-talk mailing list > > clug-talk@clug.ca > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > > > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
