Routers: Cisco vs. Linux?
Alma J Wetzker
almaw
Mon May 17 11:56:40 PDT 2004
Michael Hipp wrote:
> I'm planning a major upgrade of my SOHO network in the near future. Many
> of the network designs I've been looking at put a Cisco router ahead of
> the Linux firewall on the T-1s.
>
> What advantage does this offer?
>
> Even a smallish (26xx) Cisco router with 2 WAN ports is a pricey affair
> compared to a Linux box. Stated another way, I could have several
> hot/cold spares for my Linux firewall box for the price of a spare for
> the Cisco. And my impression is that Cisco routers aren't inherently any
> more secure than a "hardened" Linux box.
>
> Cable Internet
> fallback
> |
> |
> 2x T-1 bonded | Linux | DMZ LAN
> ================| IPtables |-------+--Apache Server
> (Cisco?) | Firewall | +--DNS Server
> | | +--Email Server
> |NAT |NAT
> | | QUARANTINE LAN
> | +------------ Win box
> | (suspect of viruses, etc.)
> |
> | PRIVATE LAN
> +---------------+--Win2k App server
> +--Linux desktops (x n)
> +--Win desktops (x n)
>
> Any other comments on this design?
>
> What PCI port card would anyone recommend for direct connection of the
> Linux box to the T-1s?
>
> What specs should I plan for the firewall box given that it needs to
> handle up to 3 Mbps of WAN traffic plus a fair amount of LAN traffic?
I can't see any point in putting in a Cisco box. A SMC or other type
DHCP/Firewall it plenty good to run what you want. Of course you don't get
the nice logging and stats that Cisco could provide (but your linux box also
provides them). Either way the Cisco doesn't make much sense.
ALERT!!! Cisco is one of those companies that license their software
separately from hardware. That means that buying hardware cheap from someone
doesn't cover software and you may need to pay Cisco directly for a license.
In practice, for someone small they may let it slide. But they can play nasty
if they want.
-- Alma
More information about the Linux-users
mailing list