I have a 486 that i'm going to turn into a router. I have two Ethernet cards in it (one attached to the cable modem and the other attached to a hub). How do i set this up so it will work as a router and how do i set up a firewall and port forwarding?

if it's dedicated, best to use a tailored distro, like smoothwall. not sure what will run on a machine that archaic though.

On top of what Chris said: I'd use OpenBSD, and since you're
already using it I'm sure you know your way around their
web-site :) They have EXCELLENT documentation ;)
pf is way better than iptables ;)

Cheers,
Tink

thanks

Can you back this up??

It's primarily a gut-feeling :)

I like the way pf is set-up much better than
iptables, its configuration files are very close
to "normal english" ...

Having read your query I've done some googling,
and it appears that iptables is somewhat better under
heavy load when it comes to routing large amounts
of packets. So, if one's not planning to set-up an ISP
on a p 166 I think it's safe to stick with my claim.

You should also see the post in its entirety. I wouldn't
ask anyone to compile pf on Linux. It's a fact that OpenBSD
has a history of far less vulnerabilities than Linux.


Cheers,
Tink

try SentryFirewall. It's slackware based.

I wonder what constitutes a "heavy load" on a 486?

As for the assertion that BSD has far less vulnerabilities then Linux is debateable at best. Just because some software written for linux has vunerabilites does not mean that linux has vulnerabilities. I have been running a router/wireless ap/firewall built on an old pentium one for a long time. I get scanned all the time but have never had a breakin. And I use an ip tables firewall. There are tons of people that use ip tables. I am willing bet that the number of ip tables firewalls are exponetially greater then pf firewalls just as the number of users of linux are exponetially greater then the users of BSD.

Joseph_M: I use slack in a bridging firewall and am quite happy with it. However the assertion that OpenBSD (not BSD in general) has less vulnerabilities is not really debatable. OpenBSD might not have the latest and greatest, but what it has is generally accepted as well tested for vulnerabilities. The number of vulnerabilities it has had over the last couple years tends to back this up.

Now on to the topic. If you want to use Slack for the firewall you would probably want to compile the rules using a GUI on another computer and then scp them in. There are a couple options if you want to go that route, fwbuilder being my choice. This way you can have the router stripped down to the absolute bare essentials. Stick with bare.i on 2.4.x and it is not that much a stretch.

However, as has been stated, you are probably better off going with one of the dedicated FW distros unless you intend to do something fancy or you are just familiar with Slack and don't want to keep up with 2 different distros. SentryFirewall is one option IPCOP and Smoothwall are 2 others. Astaro is nice but probably won't run well on a 486.

DistroWatch's list of router dstros is here: http://distrowatch.org/dwres.php?resource=firewalls

I use a floppy-based router distro Off the top of my head I can't remember -- been so long since I've needed to touch it. I'm sure there are quite a few floating around. No HDD required, which is also nice.

A router/firewall device is an excellent choice for "old" boxes... Many of these devices currently available with imbeded software/hardware are linux based and run on processors ranging from 50mhz chips, Pentium pro 166s, PIIs, PIIIs, motorolas Oh you get it... Actually a router box does not really have a "load". During a test using slackware w/firestarter set as a firewall device with 2 nics running Gkrellm to monitor the load -- the processor hardly every blinked even during streaming video.
Most of the time traffic is passed between the nics without any processor clocks. So it really does not take a lot of power for a router/firewall device on a small/home net running a class C (<255 devices).

yeah, id backup Nichole_knc. my router runs slack10 and is a k5 pr133 @ 100mhz, with just 32mb ram, it really doesnt use up much cpu power, if anything.

id just put a full distribution on there and not bother with the firewall packages, that way it gives you something to play with :> and you can have say, apache, or something running on there too if you wanted.

ive always found distributions like slack and debian run just as well on older machines as they do on newer ones.

Coyote Linux is a nice floppy firewall.

http://www.coyotelinux.com

Yep slack does run real well on older boxes..
My webserver (which started as a test and still running) is a Pentium Pro 200 that used to be the home automation server running win98 and active home software until a lighting strike blow out the usb ports as well as a pci slot or 2. Well that bad little box still works just fine as a server with slack serverin' up a couple of pages from under the table...

And yes I have a slack powered firewall/home server (samba, nfs, dns, mail) for my network. Slack replaced FreeBSD in that job. Runs on a 333mhz HP Vectra with 128mb ram

Go with SmoothWall: http://www.smoothwall.org

I have one up and running at home. It's great!