Topic: Can the SME replace a (Cisco 2811) Router?

[billporta]

I have a direct fiber connection (through Time Warner) to establish a non-profit colocation facility.  Time Warner has provided us with a C block of IPs.

Can the SME be used in place of a (Cisco) router.

I have been unable to add additional Public Facing Internet servers because the SME appears to protect servers on the Internal network from anyone outside out LAN.  Is there a work-around or should I just buy the router?

Thanks in advance for your help.

Bill Portajavascript:emoticon(':-o')
Surprised

[MSmith]

No need to limit yourself to a choice between Cisco and SME!  The latter is probably not appropriate in your situation; you might look at IPCop or Monowall, either of which can be set up the way you want.

[billporta]

IPCop and MonoWall look more like firewalls than a router.  We intend to set up a non profit colocation facility with (eventually) hundreds of ecommerce webservers.  

Time Warner does not want to continue routing for us and advised us to buy a (Cisco 2811) firwall.  We are also looking at the Foundry FESX424-PREM which costs more than $4000.  Before we spend the money, we are wondering if there might be a software solution that would handle the routing function.

The SME works great, but for just 1 server so far - it doesn't seem to allow other public facing internet servers to be viewed by anyone outside our LAN.

Is there a setting that would allow us to add public facing servers off the internal (protected) LAN?

If SME is not an appropriate solution, what are my options?

Thanks in advance for your help.

Bill Porta

[Thomas]

Take a look at the ProxyPass contrib.  I know there was one for 6.0.1, not sure about 7.0.  I think this is what you're after.

HTH,
Thomas

[purpaboo]

or just use IPCop or m0n0wall, as suggested.

[jfarschman]

Hey,

  m0n0wall really is a good option.  Depending on the type of hardware you set things up on in the first place it will work great and make a good firewall/router.

  Don't let Cisco fool you.  Their router can also be firewalls and so the m0n0wall is essentially a router with great firewall built in.

  But I wouldn't use a SME box unless you are certain SME is capable of handling the architecture you need.

BTW: When we have a Cisco router die on us once.  Replaced it with an old PC and no one noticed the 'outage' while Cicso replace their faulty hardware.

[duncan]

If you need a distro with full blown routing facilities - then the only answer is Mikrotik

[Snoopyski]

Hello,    Do not turn in round!!!    

I you council IPCop. This disto is more based Firewall than SME. And included majority of the option available in a CISCO.  Use SME for your local network…

Snoopyski

[mmccarn]

If you, yourself, are a 501c(3) organization, you might want to checkout TechSoup or contact Cisco directly.

[boss_hog]

Hey billporta,
have you had a look at FREESCO?
http://www.freesco.org/
Good luck.
Please report back when you decide on a solution.
Joe

[billporta]

Thank you for providing so many possible alternatives to Cisco.  Over the past few days, I have downloaded and installed Freesco and  IPCOP.  However, I have spent a tremendous amount of time trying to figure out why I still can't get them to operate.

Is it possible that my ethernet cards are incompatible with the software?  I am using a 450 mhz PC and my initial excitement is dwindling as I have been unsuccessful despite literally dozens of installs and configuration on each.

Would buying the Soekris (net4801-50: 266 Mhz CPU, 128 Mbyte SDRAM, 3 Ethernet, 2 serial, USB connector, CF socket, 44 pins IDE connector, 1 Mini-PCI socket, 3.3V PCI connector) make life easier or should I thow in the towel and buy a router?

Thanks again for all your help.

Bill Porta

[NickCritten]

Hey Billporta,

What are the problems you have been having?
You said that Time Warner have provided you with a C-Block of addresses...
Are these Public or Private addresses?

Privates are:
10.x.x.x
172.16.x.x - 172.31.x.x
192.168.x.x

Public is anything else.


SME isn't capable (Out of the box) of having mutiple external IP's, and can't act as a Non-NATing router (again, without hacking it) but as people have said, it is a great system as a LAN server or as a Web/email server, but not as a gateway if you need multiple Public IP's behind it.


Your path from here depends entirely upon what kind of services you want to present to the outside world, can you elaborate at all?

[NickCritten]

D'oh! Sorry,

We intend to set up a non profit colocation facility with (eventually) hundreds of ecommerce webservers

I missed that!

If you were talking maybe a dozen servers, I would have said use an IPCop for your edge, and SME for your internal Network but if it is going to be e-commerce, and your are talking 100's of servers, you've got to go Cisco, or Some other hardware Router.

You might be able to set up a very skinny Linux box with the relevent routing, but if you are talking e-commerce, you want something with a 2 hour fix-or-replace contract (like Cisco TAC) You REALLY don't want angry e-commerce people screaming $1000 loss per minute of downtime figures at you.. BELIEVE ME!

[ryan]

Try IPCop!!!!!!!!!!!

The release of 7 on distrowatch caught my eye.  I have phased out SME choosing Centos 4.3 with Fedora Directory Server and Scalix Community edition email.    I like this combo as I can use true internal dynamic DNS with reverse zones and with FDS, I can replicate my directory to other sites.  Samba also uses FDS as the LDAP backend.  XP clients authenticate against FDS using pGina with the LDAP plugin which allow's logins to be a regular user or an admin by assigning a specific object value for the admin users.    Pgina also allows directory authentication using Home Edition.   Centos & Fedora workstations are simple to configure to allow FDS LDAP directory authentication as well.  

Relating to this discussion, I use IPCop for a small state agency.  We have 11 offices around the state and IPCop is the central router and IPSEC VPN "hub".  IPCop is truely a great firewall/router.  

For my next side single office/site job, I may suggest SME 7 as it appears to have matured well.  Centos based using Yum will make v7 even easier to maintain that previous versions....nice work to the SME team.

[billporta]

Can FDS be used as a Web server?