Minimum hardware for a firewall / proxy / contentfilter
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Minimum hardware for a firewall / proxy / contentfilter
Hi all,
After upgrading some systems, I have some older hardware left and am thinking of putting it all together to build a dedicated firewall / transparent proxy / content filter for my home network.
First objective is learning new things. I know about firewalls and have maintained some Linux firewalls in the past, so this part won't be complicated.
On the other hand, I know next to nothing about content filters or configuring proxies. I have done some research and found some interesting software that runs on Linux.
What I have available as hardware is:
1) box with Pentium-III 800Mhz processor and 384MB of RAM
2) several PCI network cards
3) a probably too-small hard disk of 1.2GB
4) a mixed local network of computers running mostly Slackware (4x) and two computers for the kids running Windows (yeah... they play games...)
Questions:
1) Will the processor and memory be sufficient? If it won't, the project is basically dead already since I won't be able to convince my wife to spend more on hardware
2) Is it possible at all to do a basic install on the 1.2GB drive? I don't need any graphical environment I hope for the software I'm planning to install. I have installed Slackware on smaller drives in the past, but certainly things have grown since then.
Both the processor and memory are easily sufficient. I ran an FTP server off of 650mhz and 384mb Ram.
The only thing is that you might want a bigger hard drive.If you look through this forum there is a post for an ultra stripped version of Slackware that requires only a little bit of space to install but then you might be missing dependencies.
You could try putting an older version of slackware on the machine and just patching everything that you need to be up to date.
I think you'll manage with that ok but if you are running a proxy cache (squid maybe) then yes you will need a larger disk for the cache store.
The amount of ram will limit the "in-cache" files you can have and will force a lot more disk access so you might notice a bit of a slowdown under heavy usage.
You will have to manage your log files well too or /var will fill up fast.
@mRgOBLIN:
I was thinking of TinyProxy, since it's "fast and yet small" (quote from their website).
I think I have some RAM lying around (the motherboard uses PC133 DIMMs) so this might be simple to increase.
For the logs I will implement some logrotate routines, maybe moving older logs to my fileserver if things get really tight.
For the time being this is just a study project. If it becomes something more serious over time, I might consider investing in better hardware.
This should be fine, if you are careful. The big thing is that you have enough ram. processor won't ever be a speed demon, but should be just fine for simpler tasks.
What you don't want is a distro that just mindlessly throws in a lot of junk without giving you the option of not having it. One of the small distros (dsl, puppy, etc, etc) would install and work perfectly normally, or you could install a 'big' distro, just being careful about what gets installed. And, though I don't know the install specs for the dedicated firewall/net appliance type distros, given that they are usually gui-less, you could almost certainly find one of those that was fine, too.
Alternatively, you could buy an, eg, 4G USB stick for the OS and just use the hard disk for transient data. The expense of the thumb drive is so small that I can't see this as a problem.
I use a distro where I am completely in control: Slackware No mindlessly throwing in any junk here.
The idea of a 4GB stick is interesting... I have a few spare USB-sticks here I could use.
Now my first hurdle is installing a basic Slackware system on this minimal drive. Since the box only has a CDRom drive, no DVD, I am downloading the 12.2 disk 1 CD (I have the original DVD for 12.2 but the most recent CD I have is from Slackware 10, still with the 2.24 kernel).
It will probably arrive overnight, so I'll continue the project tomorrow.
Well, I sort of gave up on the 1.2GB drive.
It *is* possible to install a trimmed down Slackware, but I need the development packages to compile things, several libraries, etc.
It's just too much work and then I won't have enough space to install the software I want to test, like TinyProxy and the content-filter.
I thought about using DSL (played with it before), but I prefer using Slackware as I know it better.
I think I'll start hunting for a cheap 20 to 40 GB hard disk...
By the way, it would be very nice if the Slackware installer ("setup") showed the total space needed by the packages while selecting them...
Well, I sort of gave up on the 1.2GB drive.
It *is* possible to install a trimmed down Slackware, but I need the development packages to compile things, several libraries, etc.
It's just too much work and then I won't have enough space to install the software I want to test, like TinyProxy and the content-filter.
I thought about using DSL (played with it before), but I prefer using Slackware as I know it better.
I think I'll start hunting for a cheap 20 to 40 GB hard disk...
By the way, it would be very nice if the Slackware installer ("setup") showed the total space needed by the packages while selecting them...
I have an 20gb in a machine that is about to be upgraded. If you want I could give you that one for 5$ +S&H. Let me just see to make sure I have a spare HDD that I can replace that one with (I am pretty sure I have an 80gb that is suppose to replace that, I am just not 100% sure)
The price is OK, it's the S&H that worries me, since I live in Rio de Janeiro Any idea how much that would be?
I'll take a look at the local e-bay site today as well...
The price is OK, it's the S&H that worries me, since I live in Rio de Janeiro Any idea how much that would be?
I'll take a look at the local e-bay site today as well...
$78.
A lot.
OffTopic:
My dad use to live in Rio when he worked for a brazilian airline. he ran their entire reservation system in 256k of memory and that lasted until the late 1990's.
I think I can get hold of a 60GB hard disk for next-to-nothing in a sleek swap-deal with a friend...
And I found some spare PC133 memory so I might be able to put something nice together
Off-topic:
I'm a foreigner her too... Living here since '97. Rio is a place you can fall in love with
The project is going again
I managed to get hold of a used 60GB drive and stuffed a full 1GB of RAM on the motherboard (4x 256MB PC133 dimms).
Entertaining myself with two conflicting NICs (1x 3c900, 1x Digital "unknown" w/ 'tulip' chip).
The 3c900 only talks 10Mbps and is a combo (AUI / 10Base-2 / 10BaseT) and I'm fiddling with the modprobe options to choose the right connector. The tulip card is 100Mbps but only wants to talk at 10Mbps to my switch. Fiddling with the modprobe options as well...
Is this what Pat means when he says "Have fun :^)" ?
The gateway / firewall / proxy / content-filter is up and running!
The problem with the NICs was caused by the older motherboard that needed the "acpi=force" parameter in lilo.conf
I am still experimenting with all the configuration options but basically my setup is:
- ASUS m/b w/ Pentium-3 733MHz processor (thought it was 800MHz, but that's ok)
- 1GB of RAM
- 60GB hard disk
- 1x 3c900 NIC + 1x Digital NIC w/o identification, but uses the tulip driver. Both needed options set in modprobe.d
- Slackware 12.2-stable
- Squid-3.0 (tinyproxy wouldn't work well for some reason and has not been maintained for years it seems)
- DansGuardian
- Firewall configured with iptables (1)
I use ident to authorize access.
On the Linux boxes I just configured /etc/identd.conf to pass the username (default turned off) and lower the logging-level (all requests were logged, I changed this to 'warnings')
On the Windows boxes I installed "identdwin" from http://sourceforge.net/projects/identdwin/
Result:
- uses about 2.4GB of the hard drive (the 1.2GB drive was not enough...)
- memory used (w/o buffers & cache) is less than 100MB
- with about 4 computers accessing the internet, the processor stays 99,7% idle most of the time, with some peak usage of 10%
Conclusion: this gateway is a real slacker...
Now I have to find some extra use for this machine! Any suggestions?
(1) After I finish the fine-tuning, I'll post my script requesting for comments...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.