SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slackware 10, Open BSD 3.6, Mac OS 10.3.7, Splack 10 beta
Posts: 393
Rep:
How to make a router?
I have a 486 that i'm going to turn into a router. I have two Ethernet cards in it (one attached to the cable modem and the other attached to a hub). How do i set this up so it will work as a router and how do i set up a firewall and port forwarding?
Originally posted by rcottere I have a 486 that i'm going to turn into a router. I have two Ethernet cards in it (one attached to the cable modem and the other attached to a hub). How do i set this up so it will work as a router and how do i set up a firewall and port forwarding?
On top of what Chris said: I'd use OpenBSD, and since you're
already using it I'm sure you know your way around their
web-site :) They have EXCELLENT documentation ;)
pf is way better than iptables ;)
Originally posted by Joseph_M Can you back this up??
It's primarily a gut-feeling :)
I like the way pf is set-up much better than
iptables, its configuration files are very close
to "normal english" ...
Having read your query I've done some googling,
and it appears that iptables is somewhat better under
heavy load when it comes to routing large amounts
of packets. So, if one's not planning to set-up an ISP
on a p 166 I think it's safe to stick with my claim.
You should also see the post in its entirety. I wouldn't
ask anyone to compile pf on Linux. It's a fact that OpenBSD
has a history of far less vulnerabilities than Linux.
Originally posted by Tinkster It's primarily a gut-feeling
it appears that iptables is somewhat better under
heavy load when it comes to routing large amounts
of packets. So, if one's not planning to set-up an ISP
on a p 166 I think it's safe to stick with my claim.
It's a fact that OpenBSD
has a history of far less vulnerabilities than Linux.
Cheers,
Tink
I wonder what constitutes a "heavy load" on a 486?
As for the assertion that BSD has far less vulnerabilities then Linux is debateable at best. Just because some software written for linux has vunerabilites does not mean that linux has vulnerabilities. I have been running a router/wireless ap/firewall built on an old pentium one for a long time. I get scanned all the time but have never had a breakin. And I use an ip tables firewall. There are tons of people that use ip tables. I am willing bet that the number of ip tables firewalls are exponetially greater then pf firewalls just as the number of users of linux are exponetially greater then the users of BSD.
Joseph_M: I use slack in a bridging firewall and am quite happy with it. However the assertion that OpenBSD (not BSD in general) has less vulnerabilities is not really debatable. OpenBSD might not have the latest and greatest, but what it has is generally accepted as well tested for vulnerabilities. The number of vulnerabilities it has had over the last couple years tends to back this up.
Now on to the topic. If you want to use Slack for the firewall you would probably want to compile the rules using a GUI on another computer and then scp them in. There are a couple options if you want to go that route, fwbuilder being my choice. This way you can have the router stripped down to the absolute bare essentials. Stick with bare.i on 2.4.x and it is not that much a stretch.
However, as has been stated, you are probably better off going with one of the dedicated FW distros unless you intend to do something fancy or you are just familiar with Slack and don't want to keep up with 2 different distros. SentryFirewall is one option IPCOP and Smoothwall are 2 others. Astaro is nice but probably won't run well on a 486.
I use a floppy-based router distro Off the top of my head I can't remember -- been so long since I've needed to touch it. I'm sure there are quite a few floating around. No HDD required, which is also nice.
Distribution: SlackWare 10.1+, FreeBSD 4.4-5.2, Amiga 1.3,2.1,3.1, Windors XP Pro (makes a fair answering machine)
Posts: 287
Rep:
A router/firewall device is an excellent choice for "old" boxes... Many of these devices currently available with imbeded software/hardware are linux based and run on processors ranging from 50mhz chips, Pentium pro 166s, PIIs, PIIIs, motorolas Oh you get it... Actually a router box does not really have a "load". During a test using slackware w/firestarter set as a firewall device with 2 nics running Gkrellm to monitor the load -- the processor hardly every blinked even during streaming video.
Most of the time traffic is passed between the nics without any processor clocks. So it really does not take a lot of power for a router/firewall device on a small/home net running a class C (<255 devices).
yeah, id backup Nichole_knc. my router runs slack10 and is a k5 pr133 @ 100mhz, with just 32mb ram, it really doesnt use up much cpu power, if anything.
id just put a full distribution on there and not bother with the firewall packages, that way it gives you something to play with :> and you can have say, apache, or something running on there too if you wanted.
ive always found distributions like slack and debian run just as well on older machines as they do on newer ones.
Originally posted by Poetics I use a floppy-based router distro Off the top of my head I can't remember -- been so long since I've needed to touch it. I'm sure there are quite a few floating around. No HDD required, which is also nice.
Distribution: SlackWare 10.1+, FreeBSD 4.4-5.2, Amiga 1.3,2.1,3.1, Windors XP Pro (makes a fair answering machine)
Posts: 287
Rep:
Yep slack does run real well on older boxes..
My webserver (which started as a test and still running) is a Pentium Pro 200 that used to be the home automation server running win98 and active home software until a lighting strike blow out the usb ports as well as a pci slot or 2. Well that bad little box still works just fine as a server with slack serverin' up a couple of pages from under the table...
And yes I have a slack powered firewall/home server (samba, nfs, dns, mail) for my network. Slack replaced FreeBSD in that job. Runs on a 333mhz HP Vectra with 128mb ram
Last edited by Nichole_knc; 08-18-2004 at 05:09 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.