Hello everyone,

I have a question about a firewall im going to set up. I was given an old computer, so I figured it would be a great opportunity to practice setting up firewalls, IPtables, IPMasquerading etc.

Here are the specs on the computer im going to use:

IBM Aptiva (still finding out all the information)
P166
80mb RAM
2gig Hard Drive--(It's a SCSI, so im trying to find out information for this drive...any suggestions?)
Rest are basics: keyboard, mouse, monitor etc.

This is the machine im going to be using for my firewall and eventually, IPMasquerading.

My question is, does anyone have a suggestion on which distribution would work best for a firewall? Im thinking of Debian, Slackware and possibly loading on OpenBSD through an FTP download.

Just wanted to get some feedback and suggestions here. Any suggestions would be great as well as links that would help.

THanks everyone!

RL

Check out http://trinux.sourceforge.net/ . Trinux is a version that runs off a floppy. Runs only the services needed to be a firewall and nothing else. Even better find a way to run the system with the floppy write protected. Shouldn't be that hard.
Also check out http://www.linuxsecurity.com .

One last thing I read somewhere that the easiest and most secure thing that you can do is to run a firewall on a shutdown box. How do you do that? The interface that your using, and Ipchains (might be missing somethin here, cause I thought that there were three items) are all that is needed to run a firewall. So take them out of rc0.d so that they are left running when the system goes down. Issue the shutdown command. But, don't turn the box off. Run to another computer and see if you can still browse the internet and such. All this information was taken from a article somewhere out there. So I suggest that if you want a better description than what I am giving you do a google search.

Found these for ya.

http://linux.oreillynet.com/pub/a/ne...ll.html?page=2

http://edge.fireplug.net/

See if that helps.

THANK YOU!! I really appreciatey our reply. It gives me somewhere to start.

Thanks again!!!

RL

I just installed redhat 7.1 and updated the kernel and other related things such as iptables. I then found a iptables script that one of the moderators had posted as an example and then modded it to fit my router.
Here is a brief rundown of what mine does:
2 NICs soon to be 3 (3c509 10mb) pull IPs from cable modem
eth1 and eth2
1 NIC on int LAN (3c515 100mb) attaches to int network
eth0
DHCP server on eth0
full firewall script on eth 1 and 2
running a client that auto redirects ports.
ssh into box from int network but blocked from ext.
FTP server running behind it

The reason for multiple ext IPs is that my roomate and I occassionally play the same game on the internet behind the router together. Therefore his main box goes through oen ext IP and my main box through the other one.

PS I have tried several of the linux floppy routers but I was never fully satisfied b/c they are just your basic settings and usually aren't too extensive as far as customizing.

Mandrake has a security distro that I read a couple of good reviews about. About 200M download. even has a nice gui setup.

Halted Firewalls

http://www.samag.com/documents/s=182...201d/0201d.htm

I really like the idea behind halted firewalls, but there is one huge problem. Most people tend ot have DHCP addresses from their ISP's.
I was thinking about trying to make one that I load from a bootable CD. Therefore there is no hdd to fail and I can umount the CD after it has loaded. The only thing that could possibly be a problem is if you want to log things. I though maybe I could e-mail ones I deem very iportant and just forget the rest.