[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie, someone have how-to on from-scratch Debian firewall?

At 05:48 PM 11/6/00 -0800, IML-debian-firewall wrote:
>Does someone have some notes to share on a from-scratch install of Debian
>for firewall purposes?  For those that don't know Debian install and barely
>know Linux? I know this may be asking a lot, but I'm sure that I'm not the
>only one who would benefit.

I don't have the notes you want, but I have done things like this. I'm sure
a lot of people on this list have, considering its subject matter. My main
router here is a NAT'ing firewall based on Slink. I've built many based on

>I'm talking a basic two-ethernet one-subnet firewall on a dedicated Debian
>box using the latest Debian installed from a CD-ROM.

Here I can't be of help. I always build from a network install, using a
local mirror of (now) Potato.

What you want is not difficult. Just to get you started ...

600 meg hard disks and CD capacities are way overkill. The fattest router
I've built was about 100 megs, and it had way too much unneeded stuff on it.
I've gotten as lean as 20 megs, and that's without doing the really
difficult cutbacks ... distributions that focus on routing (like LRP and
LEAF) often fit on a floppy and top out around 5 megs of stuff. But you
can't get this lean if you follow the Debian packaging standards, which are
designed for normal systems, not compact and ultracompact ones.

Start with the Debian base install. Say no to everything else. Then add
selectively the few packages you need for routing. YMMV, but a starting list
of .deb's I like is 

        bind bzip2 dhcp dhcpcd ssh ipmasq

This stuff, plus a firewall (usually bespoke in my setups, though there are
good off-the-shelf choices around) and, if you need it, the pppoe package,
gets you a serviceable firewall/router for small sites with simple routing

I always compile a custom kernel for routers ... so routinely that I don't
even recall if the stock Debian kernels support all the needed routing bits
and pieces. 

You need to go through the init scripts and turn off things unneeded by and
usually unsuited for routers ... such as portmapper and smtp. And, of
course, you have to configure your interfaces properly, as well as bind (at
least as a caching nameserver) and possibly dhcpcd or pppoe.

>If there isn't such a beast... I'm willing to start one.  However, I need
>someone to feed me steps.  Starting with... if you wanted to keep the system
>to a size that could be imaged to CD-ROM (backup)... how would you partition
>600MB hard disk?  What packages should be installed?

This isn't exactly spoon feeding, but I hope it is enough to inspire you to
do some creative work of your own. As for CD versions, you might want to
take a look at Gibraltar, whose author is, I believe, on this list and
perhaps can supply the URL.

------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        

Reply to: