|
Suggestions for linux router distro
Hi,
I'm planning to turn one of my old pentium boxes into a linux router. I'd like it to be bootable from the hard drive, not from a floppy or cdrom, because I want to be able to install various other applications on it. I was thinking I'd want to be able to route everything to a DSL modem. I want to be able to have advanced firewall features, such as being able to detect intrusion attempts and log them, as well as sniff packets network wide with something like snort/tcpdump/wireshark, and also maybe block certain things, for example, ads on webpages. I suppose I could just install a more mainstream distro such as debian in a minimal configuration, but if I could have any pointers on what type of software could do these things most efficiently, it would be greatly appriciated. I've used linux quite a bit, but never set up an advanced router before, so I don't know quite where to start, just what I'm looking for in it in general. Thanks, Marshall |
It depends on how easy you'd like life to be..
Roll your own version and learn in the process.. (takes a couple of years to feel secure) Buy/borrow/try a commercial distro.. Go to www.distrowatch.com for a list Install Smoothwall in about 10 mins and have a play. www.smoothwall.org Once you see how much you need to put in for your needs and what is extra, you can roll up a distro yourself. |
A ole' pentium huh, sounds like you have some fun on youre hands..
Well when it comes to Distro's for Routing packets, there is a few. Some are Designed as pure router distro's, some as Firewalls, and others as minimal installs.. First thing you want to ask yourself is, how much ram does this system have, how fast is the processor, how much hard-drive space does it have. lastly, How much traffic Throughput will this be handling... Once you have answered them questions, you can decide the rest alot easier... Remember, for every NIC it will rely on youre Processor and memory to make throughput, Packet routing and further Decisions. the more youre running per box... the more youre pushing it.. that being said... Starting from the top, you have... Endian Firewall 2.1 EnGarde Secure Linux EnGarde Secure Server Feather Linux Featherweight Linux Gibraltar Firewall Honeywall IPCop Firewall Lineox Enterprise Linux Linux from scratch Network Security Toolkit Openwall GNU*Linux SME Server Smoothwall StartCom Enterprise Linux AS Sun JDS SUSE Topologilinux TFM Linux Tiny Sofa Trixbox Trustix Enterprise Firewall Trustix Secure Linux Ultima Linux VoIPonCD White Box Enterprise Linux YellowDog YES Linux Zenwalk Linux ZoneCD/select (and im sure many many more) -- Each of these distributions have there strong points and there weak ones. you should make a decision based on YOU'RE specific Situation. When it comes down to prefrence. i prefer ipcop, its less Memory intensive, and you can just install youre routing software afterwards.. But thats just a matter of opinion, if you want more info, search the LQWiki on Each Distribution and im sure some one will poke there head in and suggest another. |
Cool, I'll look at all those selections. The box is an old pentium... I think it was a 100, but it's OC'd right now to 120. Been rock solid for an overclock, I've left the thing on and gotten uptimes for ~8 months or so (it's connected to a UPS, it used to be a little webserver), until the power would go out for too long. Has about 64MB of ram, 2 hard drives (1 is 1GB, the other a 100MB that came out of a 386 (with no bad sectors?!?! :P)), and a cdrom. No video card, no soundcard, not even a keyboard connected to it, I just stripped that all out because it just sits in my closet, I just ssh into it. It has 4 PCI slots, and 2 ISA slots, so I'm just gonna stuff the thing with NICs (I have a bunch laying around that arn't in use). I have a crappy hardware Belkin wifi router, but it's not very configurable and is korkey. It's also one of the one's thats semi-famous for that MITM attack (http://yro.slashdot.org/article.pl?sid=03/11/07/1740205) they installed in the firmware that comes up every few hours with advertisements for Belkin's products, ugh. So basically I was just wanting to take that thing out of the loop, and try my hand at building one. I have about 2 computers that are always connected up to the internet, a printer, a few others that I play with that arn't necessarily connected (or working) at any given time, and sometimes my sister's notebook when she comes home from college. The DSL modem's throughput is only 175kb/s so there's not a whole lot of load on that point, and I only occasionally transfer large files in between the computers within my network.
|
Well local network connections are a issue with software based routers, as long as were not talking a star topology.
(Where every computer connects to the router instead of a switch or a hub) this produces a single point of failure AND can cause some major latency for a poor ole Pentium 1 on 64mb of ram. I would suggest though getting atleast a 4gb hdd, you really have to strip a OS to get it on 1gb these days. most modern packages are getting in the 50mb+ a piece range these days, so a gig is really pushing youre luck... As far as the old router goes.. Dont pull it out of the loop.. Just Disable DHCP, and go ahead and use it in Youre new Network! the old router would function great as a switch, just dont use the same ip address subnet as the router actually functions on(aka: if the routers ip is set to 192.168.0.1, make youre new network 192.168.1 not 192.168.0 .) by doing this you will increase network performance greatly, than relying on just youre linux router to do all the switching. Ps. - if you ever decided to get a new router, get a Linksys WRV4400N, it uses Linux(and you can pass commands and install SSH directly to it... just use Traceroute in the web administration, it is a Console!) ive owned one for 2 years and i am VERY happy with it(not to mention 1Gbps on all ports WAN/LAN) |
Sorry not to Double post..
I should tell you though, i have a Compaq Proliant 2500(2x 233mhz Pentium Pro Processors{Pentium, server equivalent} 64mb of ram, 15gb SCSI-2 Wide HotSwap(with Dual Bay) dual Intel Pro server Nic(10/100/1000 802.All)) that i use as a firewall box from my ISP to my main router, also does web and a few other things.. so i know its possible. you just have to keep in mind the limitations of the system youre dealing with |
Just to add an additonal thought to this, I ended up purchasing a second hand Compaq Proliant DL360 G2 (AU$90). Quick specs are single processor Pentium Xeon 1.4GHz, 1Gb Ram, 2x9.1Gb SCSI HDD running in RAID 1. After checking a few distros out I decided on a modded version of Smoothwall express, which runs on a DL360G2. Smoothwall contains a number of tools and features which may be over the top for some but I like to know whats happening on my netwrok and what's coming in and out. Much of what's happening is logged and can be referred to in history to help find an strange occurences or times when your network may seem bogged down. The DL360 rack mounted box is a bit under utilized (about 25%)however I have had downloads running at well over 100Kbs with peaks of 250-300Kbs at times with no effect in the CPU or bogging down of the network. I've been running this server with Smoothwall now for about 5 months and have had no major performance issues, and have been slowly closing unused ports and modifying the firewall settings to get the best out of the bandwidth I have available.
Even if you don't use a commercial rack mounted box, I do recommend Smoothwall Express 3.0 as an easy to install and use distro, for home firewalling, particularly if you enjoy "playing" and watching what your network does. For those who would like to download the modded Smoothwall Express 3 modded G2 edition here is the url I used - http://carlnet.no-ip.org/dl360_iso/ |
|
Pfsense
I use pfsense. It is very easy to set up and is easier to configure for QoS then some of the others.
|
| All times are GMT -5. The time now is 07:41 PM. |