Zebra... What am I missing???
Bob George
mailings02 at ttlexceeded.com
Fri Sep 17 20:02:01 EDT 2004
kyle at breezy.com wrote:
> Ok, router Guru's. My Netgear router died last weekend.
Are you talking about the ~$100 "broadband router" type of product? If
so, while technically correct, the "router" aspect has probably been
overplayed by the marketeers. These devices do, indeed route, but not at
the same level as Zebra /Quagga. They're more of a "home firewall that
does route packets."
> So as an interesting project. I thought I would turn a RH9
> workstation into a router using Zebra.
zebra (or the unofficial successor, quagga) are specific ROUTING daemons
that handle RIP, OSPF, BGP and numerous variants... and ONLY routing.
The actual routing done by your netgear was probably limited to static
routes and maybe RIP. (No insult intended, that's just my assumption at
this point. Please do correct if I'm way off base here!
> It's a PIII 500Mhz, 192MB RAM, 18GB Fujitsu SCSI HD, and now two NIC
> cards. Setup DHCP for the other PC's on my network, no problem. The
> second card talks to my ISDN TA, no problem. I can reach the second
> card from any PC, but not the TA. I had tried to setup pack
> forwarding in iptables earlier with the same results. I've only
> configured the ripd protocol for Zebra. What Next???
You probably need to get a basic iptables firewall/NAT going 1st.
Protect the gateway machine (your new "router") before connecting it to
the outside world.
Then, your gateway box should be configured to route. In a typical
home-to-ISP setup, you'll only enter a default gateway. I suspect your
kernel isn't enabled for routing yet. Set up NAT. That will get your
inside machines talking again, and secure the gateway machine itself.
Any good iptables howto should suffice.
After that, you can add on features (including zebra/quagga if you need
them).
FWIW: I have always shunned the commercial products, and had the fun of
building my own gateway/firewall machine using Linux. It's a bit more
work, but the additional flexibility is nice to have. I've developed a
far better appreciation for firewall functions as a result.
- Bob
More information about the Discuss
mailing list