[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which machine to firewall with?

On Mon, 13 Oct 2003 13:26:00 -0500 (Central Daylight Time), 
"Gerald V. Livingston II" <debuser@sysmatrix.net> wrote in message 
> 2. Athlon XP2000 w/1G RAM (DDR 2100) -- Currently (and will stay)

..riiiiiiiiiiiiight.   ;-)

> WinXP Pro. Used for work, carried between work and home as needed.


> 5. AMD K6/2-333 - PC133 RAM 256 - 512 available (not yet built)


> I think the K6/2-333 with a small hard drive (3G) will be perfect for
> firewall/router duties. Feeding out to a single port that goes to
> wherevr I decide to install the patch panel and a couple of
> switches/hubs. I have a 5 port and an 8 port that should stack nicely,
> giving me 11 available ports.

> Debian Stable on the 333 with firewall/router running.

..your _next_ step.  Shorewall plus webmin, if you're a newbie.

..rip out any ipchains and any 2.2 kernels, you need 2.4 and iptables.
Basta!:  Boot bf2.4 and do the base install, then 'apt-get remove \
--purge ipchains linux-2.2.* ; apt-get update ; apt-get upgrade ; \
apt-get install webmin shorewall '.  Then fire up webmin, and 
update that from within webmin, that'll take it from 0.94 to 1.110 and 
give you a nice web gui for shorewall.  Until then, use ipcop.
> So, I know NOTHING about firewall building. I've seen various firewall
> builder software mentioned in the archives. What do you all think
> would be best for a headless system that I'll be accessing by ssh? Is
> there something out there with a decent web based interface that I
> could set up?
> Ideas? Opinions?

..for now, put ipcop-1.3.0 in your amd k6-2/333 for now, quickest
solution to set up.  I run an ipcop-1.4.0alpha1 on an old P90 with 
96MB ram on a 1.7GB disk, this gets me online thru a 802.11 radio 
link.  http://ipcop.org/ 

..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to: