i386 based routing software with multi-WAN IP support

Mr. Brightside · 24 Apr 2006 at 11:22

Seems my router can't handle my network load. I'm on Zen and have the 8 IP addresses. It's fine if I only have it doing NAT and sharing the gateway IP, but when I use more than just the gateway IP (i.e. giving some PCs a whole WAN IP to themselves) it starts to crash. Probably about once a day on average. I'm guessing it's because it runs out of RAM for the routing table?

Anyway I hope to the fix the problem with an old Pentium 3 box I've got. 256mb ram should be plenty I think if the problem is what I think it is. However I'm having difficulty finding a suitable OS for it. I've tried Clark Connect, IPCop, Smoothwall, and SME Server and as far as I can see they don't support muliple WAN IPs

So my question is this; can you think of any pc based network operating system that is a) free and b) supports multiple WAN IP addresses through PPPoE?

Thanks, null

tolien · 24 Apr 2006 at 11:23

IPCop definitely does (though don't ask me how).

Mr. Brightside · 24 Apr 2006 at 11:31

/Investigates more

Thanks, null

Mr. Brightside · 24 Apr 2006 at 12:48

Currently trying out m0nowall. It was surprisingly easy to setup actually, and I've *almost* got 1:1 NAT setup. I say almost. Well actually I've got the 1:1 part sorted, but I'm having difficulty setting up 'standard' NAT for the other, non 1:1 PCs on the network.

At the moment, all non 1:1 PCs are getting NATed through the gateway IP. Before, with my ZyXEL router, I had these other client-only PCs getting NATed through a separate IP to the gateway IP.

Now you may ask, what's the problem with that? For whatever reason (I don't fully understand it), clients getting NATed behind the gateway IP cannot access other 1:1 clients from their WAN addresses - in practical terms this means that client-only PCs cannot access my web server from its WAN address. And they need to be able to.

I've not finished experimenting yet but thought I'd just give an update

(going for lunch now though so won't get much done for a while). If anybody knows anything about this please do explain

Also, I'm pretty much assuming I've got it all set up for my web server to be publicly accessable but if people could just check www.piggott.me.uk and say yes/no it doesn't work that would be great.

Thanks, null

Mr. Brightside · 24 Apr 2006 at 13:55

Fixed!

I fixed it, the GUI uses different terms to the ZyXEL. I just had to figure out and setup advanced outbound NAT. So everything's working nicely now except that now requests from the LAN to my web server via it's WAN result in the data being relayed all the way to Zen and back. That's judging both from the SNMP graphs I'm getting but also from the actual loading times on my website.

:confused:

Anyway I'm going to trial it for a few days, see how it goes and see if I get the bandwidth problem with web server traffic sorted.

Thanks, null

Topgun · 25 Apr 2006 at 01:19

Clarkconnect deff does as I'm using it now with 2 wan connections. Pfsense is the other option but it doesnt support DHCP, you need static IPs from your ISP (you should be ok with this from what I can see).

Mr. Brightside · 26 Apr 2006 at 19:33

Right I think I'm gonna try Clark Connect then, since it will allow me to run an IMAP server (always wanted to do away with POP3) and also spam filtering - every day that my e-mail address exists on the internet more and more spambots are scraping it to the point that I get ~30 spam mails a day

I guess I just didn't look hard enough

Not sure when I can try it out though, probably won't be until the weekend.

Thanks, null

edit - I've just looked into it and 1:1 NAT is not supported on the Home editions thus Clark Connect is not a free option. I will look into PFSense at some point. Seems I didn't look hard enough but even if I did it wouldn't have yielded anything

Thanks, null

Mr. Brightside · 28 Apr 2006 at 21:02

Trying pFsense right now, and so far I'm loving it

Particularly nice is being able to have a Squid cache, which I'm installing right now

. Oh and also the support for serial console, I may use that if I find I'm going to use it longterm (would transplant the hardware into a smaller enclosure and do away with monitor etc.)

It seems to be my perfect setup. However, like with m0n0wall, LAN requests to local PCs via their WAN addresses were getting bounced to Zen and back... (there's an option that supposedly enables local loopback but it says it will only work for port forwards not 1:1). HOWEVER, I realised there's a ridiculously simple way around this; I can just overide the DNS for my domain locally, to point to the local IP addresses. Good job I didn't realise that when using m0n0wall or I may not have got around to trying this.

So there are only three reasons why I may *not* use this;
a) I've only been using it an hour or two so have no idea of stability yet
b) At the moment the hardware is physically big and innefficient; this may prove to be annoying long term unless I can be bothered to transplant it.
c) The hardware uses more power than my ZyXEL which will have negative effect on my UPS runtime in an outage...

Only way to find out the practicality though is to integrate it as best as possible and see if I still have problems... /goes to drawing board for enclosure ideas

Thanks, null