Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
help with proxy server/firewall.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
zoldrin
n00b
n00b


Joined: 25 Apr 2002
Posts: 3

PostPosted: Thu Apr 25, 2002 10:04 am    Post subject: help with proxy server/firewall. Reply with quote

Sorry for putting this in the wrong section but it seems as though none of the other catagories are very active, anyway:

First of all, what are your thoughts on gentoo linux. I am planning on installing it on my personal pc, is this wise? When I get my personal pc (a few weeks) it will be connected to a network as follows:

proxy server and firewall, hub, LAN= family's pc and my pc.

I am aware this is not neccesary but I want to gain skills with networking and Linux/Unix.

Second of all, what o/s should I install on my proxy server/firewall? At the moment the computer I have set aside to be the proxy server/firewall is as follows:

An AMD 486 dx2-80,
one stick of ram (unknown, probably min.)
two hdd's, each approximately 80 mb
up to two 3.5" floppy drives
up to two ethernet cards

I am yet to get the hub and networking gear (will get with my new system). I can probably get more ram if i need to but I should imagine it would be a bit un-common as it is fairly old.

An after thought, could I set up such a network configuration using crosswired network cables (eliminating hub)?

thanks all for your help, zoldrin

EDIT: I am having dinner, will check responce later.
Back to top
View user's profile Send private message
Target
Apprentice
Apprentice


Joined: 25 Apr 2002
Posts: 200

PostPosted: Thu Apr 25, 2002 11:47 am    Post subject: Reply with quote

I'd get the hub... crossover cables in a daisy-chain configuration would require masquerading everywhere and be a nightmare to set up & administer.

I'm not sure what distro to reccomend for a machine without a cdrom drive nowadays. Maybe the Linux Router Project, or an ftp install of SuSE or RedHat... but I'm not sure how well they'd perform on old hardware since they've become quite fat, if they install at all.

For the personal PC, whatever works for you. A source-based distro like Gentoo will be very fast with the optimizations set... But expect to have to get used to some eccentricities and quirks. Each package maintainer for portage has his or her own idea of how the package should be built and what the default configuration should be.

For example: In Gentoo, Apache is called apache and not httpd. As well, the configuration files have been split up to make them more modular. The maintainer's idea of what configuration directives should be in the "common" config file and what should be in the modular files probably won't mesh with yours.

Gentoo requires more work to set up and configure to your liking, but it's worth it.
Back to top
View user's profile Send private message
wheatstraw
n00b
n00b


Joined: 23 Apr 2002
Posts: 15
Location: Florida

PostPosted: Thu Apr 25, 2002 7:58 pm    Post subject: Yeah, definately the hub Reply with quote

I definately agree with the hub. If nothing else, it is way easier to connect another pc to your lan.

I am running Freesco on my router. It is a Pentium 100 with 32M RAM and no hard drive. It is not a proxy server, just a gateway and firewall. It has a nice web interface that I can log onto from my lan and do admin stuff.(read: mess with it when I shouldn't) The entire system is on a floppy. It runs via ramdisk. Another cool thing is to shut down, you just turn it off. No hard drive, no trouble.

Check out LRP and Coyote also. They are more feature rich and might suit your needs better.
Back to top
View user's profile Send private message
zoldrin
n00b
n00b


Joined: 25 Apr 2002
Posts: 3

PostPosted: Fri Apr 26, 2002 1:26 am    Post subject: Reply with quote

Thankyou very much all, I am looking at lrp and coyote as we speak. These may not be chosen however, because I can install a cd-rom drive if I feel it is wort it.
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Sun Apr 28, 2002 9:57 am    Post subject: Reply with quote

check out this little thing of beauty

www.bbiagent.net

it runs a firewall / dns / router off a single floppy disk

might be perfect for what you need
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Sun Apr 28, 2002 9:15 pm    Post subject: Reply with quote

For a firewall/router appliance, you might also check out Devil Linux. It's got all the benefits of a low-overhead linux distro, but has more capacity than single-floppy distros since it boots from a CD. Plus, since it boots from a CD, you never have to worry about your core OS files getting hacked, rootkits getting installed, etc. If you're suspicious about anything, just reboot the machine and you're back to a virgin install. Very cool little distro.


--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Sun Apr 28, 2002 11:54 pm    Post subject: Reply with quote

make the floppy disk of a "single floppy disk router" (like bbiagent) un-writable (using the little slide clip) - and no-one can hack in and change a thing
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Mon Apr 29, 2002 12:08 am    Post subject: Reply with quote

taskara wrote:
make the floppy disk of a "single floppy disk router" (like bbiagent) un-writable (using the little slide clip) - and no-one can hack in and change a thing


Absolutely true. However, your options are limited with a single-floppy distro since you only have ~2MB worth of space to work in. With a CD-based distro, you have 800MB of space to work in, which means you can have a more full-featured firewall device, such as one that allows incoming VPN connections, doubles as a dhcp server, GUI-based config options, etc.

It all comes down to what is important to you.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Mon Apr 29, 2002 12:31 am    Post subject: Reply with quote

yeah I agree - have been using smoothwall for my broadband at home.

but this guy only has 80 mb space ?

and no cd-rom drive

i can setup all those things you mentioned with bbiagent floppy :)

plus setup dns, dhcp, wins router

specify connections to allow / reject

tell it to ignore certain scans from the wan

auto connect, dial on demand

all sorts of stuff.. definately worth a look for this guy I think.
Back to top
View user's profile Send private message
zoldrin
n00b
n00b


Joined: 25 Apr 2002
Posts: 3

PostPosted: Mon May 06, 2002 6:16 am    Post subject: Reply with quote

What is this auto connect and dail on demand you speak of?
I am keen to nkow and from what I imagine is exactly what I need for a dial-up router/firewall.

For you information I now have about 120 megabytes over two hdd's and I am intending upon getting a big ass hdd later on and upgrading to a proxy server also.

Thanks again for your help.
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Mon May 06, 2002 7:43 am    Post subject: Reply with quote

auto connect just connects at startup, and dial on demand causes the server to dial the internet if someone wants to use it on your lan, when the connection is down.

if you have hd space now, you might want to try smoothwall.. it's really good.

in the mean time if you want a simple solution try bbiagent
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Mon May 06, 2002 12:12 pm    Post subject: Reply with quote

taskara wrote:
if you have hd space now, you might want to try smoothwall.. it's really good.


Smoothwall is a great product from a technical standpoint. There are a lot of people who are very upset with the developer/project leader, Richard Morrell. He has a very abrasive, rancorous demeanor. He has no appreciation for the GPL and has, in fact, stopped licensing Smoothwall under the GPL. He's also famous for not offering any sort of support unless you've paid him money.

But don't take my word for it: Search Google, read some of the posts there and decide for yourself.

All in all, there seems to be a lot of Bad Karma surrounding smoothwall. Enough so that folks have forked the code and created IPCop. I haven't used IPCop, which is GPL, but I've heard it's very good. Given the uncertainty surrounding the future of smoothwall, I would hesitate to use it in any sort of production capacity.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum