January 11, 2010 at 10:31 pm #42131
i’m MartyMcFly from Germany and this is my first post in this forum.
At the moment i’m planning to use zeroshell for our “small” Home-Network as a router/QoS/firewall/snort combination. Now i’m looking for the right hardware. It would be of great help to me if somebody could help me with this.
Some things we need:
– ~80 connected devices (PCs, Access-Points, Printer, Fileserver)
– Internet with 50MBit Upstream and 10MBit Downstream
– 19″-Device (1U-4U possible)
– all traffic to the internet should go through L7-Filtering (banning filesharing etc.) and ClamAV (via the transparent proxy)
– a minimum of 4 GBit NICs are needed for different networks, 5 would be nice but not necessary
– costs should be in a moderate manner
Some things we don’t need:
– DHCP-Server (have other device for this)
– File-Server (have other device for this)
– VPN (have other device for this)
– DNS-Server (have other device for this)
– Mail-Server (don’t want one)
– Webserver (have other device for this)
So here my questions:
– What CPU-Power do i need to realise all these points?
– How many RAM is reasonable?
– Where is the typical bottleneck in this configuration?
– Which Rack-Unit can you recommend to me?
– Anything else you want to tell me for this project?
If you want to know other things that are relevant for my project just ask!
Many thanks in advance for your posts!
MartyMcFlyJanuary 12, 2010 at 12:02 am #49361
You really don’t need something fancy here. If I were you I would assemble one of my old PCs to create a ZS router. Something like a Pentium 4 with 256RAM is easy to find and rather cheap. If I was forced to assemble a new one, I would choose something with low power consumption, such as Atom with 512Ram.January 12, 2010 at 10:58 am #49362
Thank you ppalias. Because we want to buy a 19″ Rack next year something like this (of course without pre-installed software) would be very nice:
Any suggestions?January 18, 2010 at 10:28 pm #49363
I got a pair of 1u servers similar to this:
Dual core, 2gb, sata drive, 4 ethernet ports.
‘free’ shows that zeroshell only uses 470mb. I have 1606064 free. So the 2gb memory wasn’t needed. I think that zeroshell is limited to 512mb memory (unless there’s some setting I don’t know about)
I have zeroshell installed on the hard drive, and had some trouble getting it to boot at first. I set the sata drive to be an IDE drive on cable number 2, and it works fine. ( I don’t think the hard drive is used during normal operation, just at boot time and to save the profile / database entries)
I don’t do any L7 filtering or clamAV, but I do forward between three different subnets and the internet for about 70 users. My uptime or vmstat always shows 100% idle.
So this configuration is really much more than I needed. I just ran iptraf and saw 250 packets/sec on our LAN, with half the users already gone home. The load average is still 0.00 0.00 0.00 in ‘uptime’.
We have two identical U1 servers, since the company completely depends on this router to forward between our wired vlans, not just for internet access. Having spare hardware will save us downtime if one zeroshell stops working. I really like having a second machine for testing configuration changes and upgrading the zeroshell version, since upgrading is very similar to a re-install.
You must be logged in to reply to this topic.