Mirror RAID, NIC configurations & firewall

Discussion in 'Installation/Configuration' started by vestport, Jan 31, 2013.

  1. vestport

    vestport Member

    Hello Group,

    I have planned a new ISPCONFIG3 install on CentOS 6.3 and had a few questions.

    Drive Configuration:
    The server I will be using is a dual quad processor Dell PowerEdge 1950 rack server. It is an older server but has the 64bit & L2 cache etc. Unfortunately there are only 2 sata drive bays. Typically I just install centOS + ISPCONFIG on a large single drive and then image the whole drive from time to time using G4U (Ghost for Unix) for backups. This time I am entertaining just doing a mirrored raid so I don't have to backup as often. That way if one drive goes down there is no data loss and no downtime until I swap the drive out (using G4U to image the good drive that is left). Since there are only 2 SATA bays I will need to pull one drive and reboot with G4U to backup from time to time.
    I know writes may be a bit slower with the mirror array but I believe reads are faster. My question regarding this topic is simply should I use a mirror raid array as I desribed above or not? I am interested in any opinions.

    Networking :
    Ideally I would like to utalize both network cards in the server as follows. One configured with a real IP (WAN) and the other configured with a non-broadcast IP for my LAN segment and for faster local transfers. I do not intend to use the ISPCONFIG box in any way as a router/gateway for the LAN side. In the past I have had some problems trying to run 2 or more network cards with ISPCONFIG. I bailed and just decided to run a single network card on a real IP in the ISPCONFIG box versus a non-broadcast IP behind a third party firewall.
    I forget if the issue was simply trying to get to the ISPCONFIG server via FQDNS from the LAN (I think so)? I have 5 IP's available on my feed. It looks like the only way I can use all 5 for ISPCONFIG & LAN is if my ISPCONFIG box is setup with a non-broadcast IP and behind a third party firewall. Then have the firewall (like m0n0wall forward any relevant port requests to the ISPCONFIG box like SSH, http, https, DNS etc.).
    In this configuration I would only need to run one network port (just the LAN side) which solves speed issues for local transfers to and from the ISPCONFIG box. If I use a real IP on the ISPCONFIG box + built in firewall (like I have it now) then my LAN computers will need their own IP (one IP) to be able to access the net. In this situation (as is the case currently) trying to access the ISPCONFIG box is as slow as if it were on the other side of the planet or at least as fast/slow as my feed if you know what I mean. Also, I loose being able to assign that IP on ISPCONFIG because I will need it for the LAN side.

    In short I my plan is to run a mirrored array backud up occasionally with G4U and either my ISPCONFIG box with a non-broadcast address on a single IP behind a third party firewall or an ISPCONGIG box with 2 cards active (one for LAN + one for WAN) as described above. Not sure what to do as I want to assign multiple IP's do different domains on the ISPCONFIG box.

    Thanks in advance for any replies/advice.

  2. vestport

    vestport Member

    I assume since I need to have multiple domains with different IP's that I cannot use most third party firewalls with my ISPCONFIG box having a non-broacast address. Most likely I will need to do this with ISPCONFIG firewall with the system right on a real IP. If the ISPCONFIG box was strictly a virtual host then perhaps I could use a separate third party firewall appliance. Is that correct?

  3. vestport

    vestport Member

    It appears m0n0wall will let you forward packets back and forth using proxyarp and some NAT tricks. I am wondering if the latency of doing things like this is an issue or not. That is if I decide to keep my ISPCONFIG box on a non-broadcast IP with a firewall (like m0n0wall) on the WAN to do a proxyarp and NAT translations inbound/outbound for the 5 IP's I have access to. Is the latency of the third party firewall significant or nominal? Or am I better off just running the ISPCONFIG box right on the pipe with only the internal firewall? Certainly easier to configure!

    Again, any opinions on this or mirroring as described in the original post welcome.
  4. ressel

    ressel Member

    1. Remember RAID 1 (mirror) is NOT a backup! I use raid 1 on all my servers so far when we got 2 HDD's, if we got 3 HDD's we choose raid 5.
    2. You could also look in to pfsense as firewall, it supports reverse proxy, that make it possible to forward web requests into multiple webservers / ip's
    Last edited: Jan 31, 2013
  5. vestport

    vestport Member

    Yes, RAID 1 definitely not a backup but does give you some extra time when things go bad. My plan was to use the mirror array and if a drive went down just toss it and simply G4U the good drive to bring the array back online.

    I have heard of the firewall that you mentioned. It seemed to have good reviews. I have just been using m0n0wall forever so I am a bit partial to that. Also it runs on CF here so pretty low consumption for a PC size box. I'll have to get an embedded box one of these days! Also, m0n0wall is kind to Asterisk PBX for remote phones where other firewalls have given me problems in configuration. At the end of the day I think it would be just too much configuration trying to configure NAT and proxyARP for every port and IP. I am going to just run ISPCONFIG right on the pipe in the DMZ and use the built in firewall with generic rules for all IP's. I'll run a separate server on the spare IP (probably a database server to take the load off of ISPCONFIG) where my voIP server and LAN is located.

    Thank you for your input!

    Any other suggestions welcome!

  6. vestport

    vestport Member

    Well I got the on board RAID 1 going, centOS 6.3 installed and working on finishing up ISPCONFIG 3 install.

    I am a bit confused as to how I should proceed to backup or ideally image drives as a safety net. Originally I had intended to configure a software RAID 1 just with centOS but it appears that the Dell PowerEdge 1950 can only do on board RAID and no way to configure non-RAID drives that I saw. Looks like even if I wanted to run a single drive I couldn't.

    I have run hardware RAIDs in the past but not with Linux and thought I remembered reading somewhere that it was a no no to use hardware RAID with Linux?

    On other servers that I have setup in the past typically I would just run single drives and image them from time to time with G4U. Not sure how to proceed imaging the DELL hardware RAID. There are only 2 drive bays in this box so I assume I need to pull one drive, install another backup (or hot swap initialized drive) and let the hardware RAID rebuild? Just no idea how to proceed for backups where there are only 2 bays. Any advice appreciated here as this is uncharted territory for me.



Share This Page