Hardware:
Intel PII 200Mhz, 1,3GB Fujitsu HD, 32MB EDO RAM, 2 NIC

The box will only be used as firewall expected with ipchains.

The LAN is mixed OS (XP, debian, gentoo) all connected to a router.

Question:
1. Which distribution will be best suited for this purpose?
2. Is it possible to include a virus protection to scan all incoming packets for virus?
3. Is there a better solution for use of this old box to prevent my LAN from attack through the Internet?

mosquito_dk

This is a good solution.

Try 'ipcop'

That's a good firewall distro.

You can't virus scan each packet as, well, it wouldn't know it was a virus from packets............

What I meant was a virus scanner for incoming files just like the Norton Anti-virus.

My point is that I will only need one virus scanner to protect the LAN from infected files from the Internet.

Today I use ClamAV but haven't been checking if its possible to make it scan on the fly.

Mosquito_dk

What satinet is getting at is a virus isn't going to come in on one packet, which is what a firewall looks at. Rather, it is going to come in on multiple packets usually via email. What you would want to do is setup ClamAV on your mail server, which would filter emails for viruses, and then help prevent them from coming through to your LAN. There was a good article in a recent Linux Journal issue about ClamAV on your mail server that I will try to find for you.

Here is what I was looking for. I guess they are regarding ClamAV on your postfix server, may not be what you are looking for. Anyways here it is
http://www.linuxjournal.com/article/7778
http://www.linuxjournal.com/article/7811
Also another point to make is what ports will you be opening on your firewall? You will want to check into what vulnerabilities there are on those servers that you will be running. Make sure you are keeping patches up to date, checking logs, etc.

To specifically answer your questions:
There are various linux based distro firewalls. The one I have worked with is smoothwall (www.smoothwall.org). Also, ipcop is a good choice (so I've heard, haven't worked with it).

Not on your firewall. You can include AV on all the hosts, your servers, etc but a firewall won't be able to pick up a virus by one packet.

Yea, don't open any ports on your firewall. That may not be realistic, so my first suggestion would be only open the ports you need. Really there shouldn't be much of a need to open any ports to your LAN, as a DMZ is where you would/should put all of your public servers.

Let me know if you have any more questions.

Jon

To answer the original Q
I am currently using Smoothwall, but in all honesty wouldn't recommend it as I've had all sorts of little hassles with it, nothing major, just little hassles.

I thinking seriously of converting to Monowall a BSD based firewall
http://m0n0.ch/wall/

although I'm also considering IP Cop as well
http://www.ipcop.org/

having said that, all three have good documentation which you MUST READ before installing.

floppy

Just a quick answer to Q 2

Yes you can run an anti-virus on a linux firewall, AVG make one and I think Kapersky which is included in Astaro ( firewall ). However with your RAM I think that would be out of the question. Even with Monowall - 32 Meg means your computer could struggle a little, so I would recommend chasing up another 32 meg of RAM if you can. Monowall recommend 64 Meg minimum. Like wise IP-Cop will run on 32 but 64 or more is recommended.

hope this helps
floppy

thx for your answers. Maybe I havent been specific enough in my questions. The firewall is not the isssue rather the underlaying linux distribution and the virus protection.

I was looking for a small minimal linux distribution for this old PC. No server vill be set up on this box. The only purpose for this box will be a firewall between my LAN and my Internet connection.

Since all data from the Internet will flow through this box. it will be convinient to scan all incoming files for virus aswell.

All your comments are usefull to me anyway but to get it strait:

Q1: which linuix distribution will be a first choice (thinking security) for such an old box with the mentioned specs. (debian, freeBSD... etc.) ? I want to install and compile ON this old box. Its only use is firewall and if possible a scanning tool aswell.

Q2: Is there a virus scanning tool to scan on the fly like a shield to protect the LAN from all incoming and infected files from eg. webbrowsing a picture, flash, streaming video etc. with a virus attatched.

Q3: Solved. I believe this setup is ok since my router have built in wireless too.
Internet - firewall box - router - LAN

If I had a wired router I expect this solution to fit better:
Internet - router - firewall - switch - LAN

To find a linux distro that suits your needs, I think you will have the best luck researching a little on http://www.linuxiso.org This site lists a bunch of different distros and gives a little info on them. Also on the LQ site, check out http://www.linuxquestions.org/reviews/index.php?cat=2
I have really only used FC and RH, but from what I've read, you may want to look at Gentoo, as its main feature is customizability and only loading the stuff you want/need. However, the installation is not for the meek (or so I've heard). You will want to read the manual for the installation prior to installing.

Also, the ones mentioned before (smotthwall, ipcop, and monowall) are all linux distros as well, they are just used only for firewall/IDS/proxy just they come with a reduced amount of commands, programs, etc.

As far as the virus scanning, I'm not sure on that. You will probably want to follow up on what floppywhopper mentioned
AVG is at http://www.grisoft.com
Kapersky is at http://www.kaspersky.com

That should get you started, you will want to do a little reading on your own to know what is out there, and you will probably learn quite a bit.

Also, you mentioned ipchains, but you may want to look at iptables as it is newer and what most distros are coming with.

thx jonlake. I believe I have read a lot but more over it is often better to hear the opinion of someone who have already been in similar situations. But of course reading and collecting new information gives a better foundation for a choice.

Btw I would prefer gentoo, as it is my preferred distribution and as you said its very flexible. Unfortunately it takes at least 64MB of Ram to install and compile on the box.

No further questions so far.

mosquito dk

mosquito_dk I think you are missing the point about virus scan. Virus packets are not 'bad' as such. It's just TCP/IP traffic as far as the firewall is concerned - If you've requested to download a file - it will get it for you. Scanning files can't be done 'on the fly' as such. The only way to do this would be to use a proxy server that would cache all the data, and THEN scan it, before it hit your LAN. This would also be slow and complex. A router/firewall doesn't have the capacity to work out what a load of data will be when it hits your PC, or what the code may contain and what it will do.

so basically you need virus on your PC.

get IPCOP for your firewall... Note this will also be a router - there's not much point having a serpate one when this box will do it for you. It will also be your DHCP server and default internet gateway in this set up...........

If you search around
There is a Live-CD based firewall
but I forget its name

You still are going to have problems with only 32 meg RAM

hope this helps
floppy

edit
just had a quick look
Monowall will run from CD Rom and a floppy LOL
although I believe there is a linux based one as well

Live Cd Router

http://www.wifi.com.ar/english/cdrouter.html

min RAM 16 Megs

floppy

thx for interesting answers. I jumped to the conclusion that IPcop was the better choice for my needs and Its running smoothly. A really nice distribution.

take a look at viralator: http://viralator.sourceforge.net/