[SunRescue] Re: Help!

[Greg A. Woods]

[ On Friday, April 20, 2001 at 01:01:55 (-0400), Joshua D. Boyd wrote: ]
> Subject: Re: [SunRescue] Re: Help!
>
> We don't care if the floppy will fail so easily because the idea is for
> the whole system to be loaded to a ram disk.  Thus, the floppy is only
> needed on reboots, and we all know the uptime possible with unix like
> systems.

It doesn't matter one hoot what your uptime is if the floppy fails when
you need to reboot!  MTBF does not equal reliability.  For a home
machine though the MTTR vs. the actual uptime requirements is probably
acceptable enough though.

Of course the embsd.org guys have the right idea and are working with
FlashRAM cards and such.....  That also gives them an order of magnitude
more space than can be found on a floppy to, and almost infinitely more
real-world reliability than any floppy drive.

> At this time, neither me nor my family have $100 to spare.  Perhaps in a
> few months we will, but the security threat to the network is here and
> now.

Well the first 486 was a freebie, but as I said it just wouldn't fly
fast enough to get the bandwidth I was paying for!  :-)
  
(the P-150 motherboard plus RAM and disk was $100 Canadian dollarettes,
BTW, not real dollars!  ;-)

You can buy P-133's around here for about $75[cdn] now, complete with a
disk and RAM and in a cheap desktop case, so even that price was
"overkill".  In any case I can understand your predicament.

> I'm running a pair of 3c509 cards, which aren't the most modern, but
> aren't as bad as ne2k.

If you've got the right drivers (ex* on NetBSD) to do DMA on those cards
then you're probably well off (depending on the exact model they may
default to non-DMA mode).

I had some chipset problems on the 486 I tried too -- it had some PCI
slots that were not quite up to snuff and I think there was some
hardware conflict causing wait states on the ISA bus.

I really really really hate PCs (even though I have three in production
and another two in test and two old laptops also in test!).  If I could
have found a cheap/free Sbus ethernet card I've have tried my SS1+ (or
maybe an SS2) as a gateway, but I can't seem to find such things at any
decent price (usually they're about three times as much as a whole new
machine can be had for!).

>  I don't expect too much ip filtering on a machine
> like this, but, then I'm not a security expert and probably wouldn't know
> what to do with it.  

I've got quite a few basic rules for blocking spoofed packets and
"martian" addresses.

I also have a GIF tunnel for routing my real non-NAT'ed network through
the cable network, though that's mostly unused now that I have the DSL
line and my real network's routed directly over it.

> I'll know more once the machine is setup (I spend an hour here and there
> poking at it), but initial tests have it saturating a DSL line with bearly
> an CPU load.  Previously my biggest concern had been that the ISA bus
> would run out of bandwidth.

If that's just a 1mbit aDSL line then you shouldn't have any worries
even with a 386.  My cable modem is/was at least 2mbits and I've now got
a 3.0mbit aDS line too.

>  I can't imagine that NAT would saturate this
> machine.

A NAT needs memory and CPU power, things old 486's can sometimes be lacking.

The deciding factor is how many machines you'll have behind the NAT and
what they'll be doing.

> And if I'm wrong about performance, well, I'll have to live with it for at
> least several months unless my sister decides to consider linux acceptable
> for her computer.

Good luck!

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>