Very Computer

Here is my question.

What are the advatages / disadvantages of using a Linux box with ISDN
TA, as opposed to a Ethernet <---> ISDN router (ie: Cisco 762, Netgear
rt328, Pipeline 75 etc..). ?

Assuming a person was connecting a small network (<10 PCs) to an ISP
that provides **** ONLY ONE (1) Fixed IP address  ****

Thank You.

Mike

I'm always one to suggest using a computer over a router for a small
network.  My reasons:  better configurability (you're stuck with
Cisco's software on a router, but you can build your own routing
software on a Linux box), a more familiar environment, generally
cheaper and easier to replace.  I'd advise going with the Cisco on a
bigger network.  My reasons:  bigger networks tend to have better
management software for their routers, you have less time to*
with flaky PC hardware, possibly better throughput (although I haven't
seen numbers for this).

If you only have 1 IP address, Linux masquerading is great.  I'm not
sure if Cisco routers do this, although I'm sure you can find one that
does.  But, with only 1 IP address, you need to assign that to the
router.  If you want people to be able to reach your web browser or
email server, it may not be possible.  With Linux, you can do NAT or
port redirecting.

Just my 2 cents.

Quote:> What are the advatages / disadvantages of using a Linux box with ISDN
> TA, as opposed to a Ethernet <---> ISDN router (ie: Cisco 762, Netgear
> rt328, Pipeline 75 etc..). ?
> Assuming a person was connecting a small network (<10 PCs) to an ISP
> that provides **** ONLY ONE (1) Fixed IP address  ****

Router: disadvantage - doesn't work with only a single IP assigned

Linux w/TA: advantage - can work with a single IP

If you can get an account with a small block of addresses then you
have choices, but if not this is very, very simple.

This comes down to a cost/hassle issue.  Yes, Linux should be able to do
this.  Get an ISDN TA, configure it, configure IP Masq, and it should
work.  This is the low cost solution, but can be a hassle to set up.

However, any time you wish to upgrade your kernel or dork with your
network settings you may take down your network gateway.  There is also
a bit more of a security risk in having your gateway doing more than
just networking -- the more services you have running, the more potential
holes you have.

Not that Linux is any worse for security than other UNIX systems...
It's a bit better, in my opinion.

Or... buy a Cisco 77x (x = what ever model works in your location),
configure it once, put it in a corner, and go.  You can even set it up
to assign certain ports to your private addresses on the other side.
It's quiet and doesn't take up much power.  It's probably supported by
your ISP.  But it costs more money.

I use Cisco in the above example because I know it will do what you need
to do, but I can't speak for any other vendors' equipment.  Use what your
ISP recommends if it will do PAT or something like it -- this will make
your life easier.

As always, YMMV.  But it works for me.  I'll be nailing up a household
Linux server soon...  :)

-- Lou Schmidt
-- Network Ninja in training

Quote:Lou Schmidt writes:
> Not true.  A Cisco 7xx series ISDN router using PAT works just fine
> with one ethernet address.  This message is coming to you through it :)

> This comes down to a cost/hassle issue.  Yes, Linux should be able to do
> this.  Get an ISDN TA, configure it, configure IP Masq, and it should
> work.  This is the low cost solution, but can be a hassle to set up.

btw, I'm not sure that I'd consider the Cisco a lower-hassle option.  
It would depend on whether one is more comfortable with Unix boxes
or instead with routers.  (Unfortunately, 7xx software isn't -- or
at least wasn't then -- very similar to IOS which is used in Cisco's
more expensive products.  So even some router experience may
not guarantee an easy 7xx installation.  IMO, it would depend more
on how similar your required set-up is to the few examples in the
Cisco docs.)
        Due to my requirements, the hassle trade-off wasn't Cisco
vs. Linux/Apache/Sendmail/etc.  Since I needed those services I
had to configure them no matter how I connected to the outside
world.  For me the hassle tradeoff was PPP/MASQ versus the Cisco,
and I found the former much easier than the latter.  And support is
free.  :-)  I encountered some fairly severe problems, and a couple
of very helpful folks in this group helped me narrow down the
glitch to problems with my ISP's equipment.

If I had money coming out my ears, I'd get a Cisco 2524 router
because it runs their more standard IOS software and because it
is upgradeable with different interface cards.  Otherwise I'd
stick with the Linux box.  (The 765 would be junk as soon as I
got a different internet connection -- such as T1 or ADSL or
cable modem -- but the Linux box would just get another ethernet
card and would keep purring along with 95% of the firewall
configuration intact.)

--
Chris Stassen                          http://www.stassen.com/chris/
NOTE:  The "Reply-To" address of this message is an auto-bounce.
Use "http://www.stassen.com/chris/feedback/submit.html" for private
or offline responses, if you don't know my real E-mail address.

Quote:

>Or... buy a Cisco 77x (x = what ever model works in your location),
>configure it once, put it in a corner, and go.  You can even set it up
>to assign certain ports to your private addresses on the other side.
>It's quiet and doesn't take up much power.  It's probably supported by
>your ISP.  But it costs more money.

>I use Cisco in the above example because I know it will do what you need
>to do, but I can't speak for any other vendors' equipment.  Use what your
>ISP recommends if it will do PAT or something like it -- this will make
>your life easier.

I personally prefer the MN-128 SOHO and Yamaha RT-80i for low-cost ISDN
lan dial-up connectivity.  Both will do the standard dial-up routing, NAT,
etc. and are dirt cheap.  (half the price of the Cisco or less, the Yamaha
will do copper leased lines as well, and the MN-128 has a built-in 3-port
ethernet hub.)

--
David Van Cleef         - Chief Engineer (and Cat Herder)

    Mike> What are the advatages / disadvantages of using a Linux box
    Mike> with ISDN TA, as opposed to a Ethernet <---> ISDN router
    Mike> (ie: Cisco 762, Netgear rt328, Pipeline 75 etc..). ?

IP Masquerading under Linux can accommodate new and changing protocols
simply by downloading new kernels.  With a hardware router, you may be
getting firmware upgrades, but these are typically more static in
terms of protcols (TCP/IP, IPX, AppleTalk...) and general support.

OTOH, with IP masquerading, you rely on using Linux (or FreeBSD, or
OS/2) running on that machine.  Windows anything does not have similar
features.

Perhaps a low-end PC with Linux and IP masquerading and an ISDN TA is
cheaper than an ISDN router..?

-tor

Quote:> Assuming a person was connecting a small network (<10 PCs) to an ISP
> that provides **** ONLY ONE (1) Fixed IP address  ****

> Thank You.

> Mike

--
... Sid Boyce...Amdahl(UK)...44-121 422 0375
                   -----------------------------------
Any opinions expressed above are mine and do not necessarily represent
 the opinions or policies of Amdahl Corporation.

[Posted and E-mailed]

Sid Boyce wrote (Wed, 15 Apr 1998 18:28:00 GMT):

Quote:> A TA is cheaper, though I would like to use the second line on my
> router as a telephone line, my ISP doesn't currently support routers,
> and though my Teles card has a phone port, I haven't yet found any
> software to drive it, except under Win95 and you have to click an
> icon etc., even then I didn't see any way of receiving incoming calls.

I have a Motorola BitSurfr, and had little trouble setting it up to
accept incoming voice calls on the second "B"-channel of the ISDN
line.  I use it for a dedicated fax line, except when I'm on the road
when it is configured for dial-in PPP.

--
Chris Stassen                          http://www.stassen.com/chris/
NOTE:  The "Reply-To" address of this message is an auto-bounce.
Use "http://www.stassen.com/chris/feedback/submit.html" for private
or offline responses, if you don't know my real E-mail address.

With Linux you can run server programs on the router, you can use IP
masquerading (necessary if you only have 1 IP address!) and
firewalling, have extensive logging etc., everything without paying
extra. An ISDN router with all these features would by very expensive!

Of course, the drawbacks of the Linux box would be higher energy
consumption, need for a monitor (at least when installing the OS) and
keyboard, etc.

Michael Hohner
Ing.-Buero Dr. Kaneff
Nuernberg, Germany

[Posted and E-mailed]

Michael Hohner wrote (15 Apr 1998 08:31:21 GMT):

Quote:> The ISDN router can't run TCP/IP applications,

Quote:> so if you want to run server programs (mail, WWW, ...) and make
> them accessible from the outside, you can't use an ISDN router
> if you only have a single IP address.

Quote:> Of course, the drawbacks of the Linux box would be higher energy
> consumption, need for a monitor (at least when installing the OS) and
> keyboard, etc.

--
Chris Stassen                          http://www.stassen.com/chris/
NOTE:  The "Reply-To" address of this message is an auto-bounce.
Use "http://www.stassen.com/chris/feedback/submit.html" for private
or offline responses, if you don't know my real E-mail address.

Quote:> As always, YMMV.  But it works for me.  I'll be nailing up a household
> Linux server soon...  :)

> -- Lou Schmidt
> -- Network Ninja in training

What it boils down to is this: How much capacity will you need? The
ISDN "modem" route looks best when you are using only a single
B-channel and have no desire to expand. Two B-channels will overrun
the Linux serial port (unless you have a very expensive high-speed
multiport card installed).

The internal ISDN (e.g. Spellcaster) "card" route looks best when
you're going to use your Linux box as the NAT and firewall
machine. This is most cost-effective if you intend to run a caching
web proxy server and thus would need a dedicated Internet firewall
server anyhow. Note that it is *NOT* generally recommended to run DNS
and Sendmail on the same machine as your firewall! (If you wonder why,
go look at some security alerts -- inevitably, they refer to fun with
DNS or fun with Sendmail).

The ISDN router is best if you are going to be running both B-channels
(or plan to do so within the next year or so), need something to do
NAT and packet filtering, and don't want to dedicate a Linux box as a
firewall. (Because if you use that Linux firewall box for anything
besides firewalling it is not a firewall anymore -- it is a security
breach). Given that you can get a Netgear RT328 ISDN router for as
cheap as $285 (from http://www.buycomp.com), well, that's a very
attractive alternative. Especially if you are setting up a home network
or are running a small office. (The Bay Nautica 200 is also a nice looking
router, for about $80 more).

--

Systems Specialist               Educational Administration Solutions
 "We believe Windows 95 is a walking antitrust violation" -- Bryan Sparks

Quote:>Not true.  A Cisco 7xx series ISDN router using PAT works just fine
>with one ethernet address.  This message is coming to you through it :)

>This comes down to a cost/hassle issue.  Yes, Linux should be able to do
>this.  Get an ISDN TA, configure it, configure IP Masq, and it should
>work.  This is the low cost solution, but can be a hassle to set up.

Keep in mind that External ISDN TA's are quite a bit slower then
112/128K due to that serial port constriction.
It's obvious, I know.

-raj