Linux Firewall?

[bob4432]

i have an old 533Celeron / 256MB / 20GB machine sitting around collecting dust. i was wondering what to do with it and thought of making it a firewall.

my question is what are the advantages of using it instead of linksys router? would it take the place of the router? would i then connect the cable modem out into nic0 and then nic1 into a switch? is this more effective / configureable than a linksys router? what about the learning curve? what distro of linux for this application?

thanks in advance...

 

[bersl2]

You can do anything and more than you can with a router. Routing, firewalling, NAT, traffic control.

I picked up the basics from reading the man page and the HOW-TOs a couple of times each, and this document. If you need anything more advanced than what iptables can provide, tc and iproute2 will do that.

There are many custom distros that perform firewalling, many of them able to fit on a floppy.

I think that machine is good enough; then again, I am a guy who tried to turn a computer with 48MB RAM into a file server, so I do not exactly have the best sense of minimum specification.

 

[bob4432]

thanks, will look into it

 

[silverpig]

You can run a very powerful router on a P200...

 

[Netopia]

You could just grab smoothwall. I have a friend running it on a 486, though I think that's version 1 and not the current one.

Joe

 

[bob4432]

how is smoothwall compared to items like mandrake multi network firewall? i don't know linux so it needs to be easy....

 

[osage]

ClarkConnect is pretty easy, you can install it as a standalone Firewall, or as a Gateway.

download the Home 3 version-burn the image- boot from the CD-and set it up.

 

[imported_Kensai]

I have two systems lying around. My 700Mhz shall run FC2 as an FTP/Apache server and my 500MHz AMD K6-2 will run Smoothwall or Clarkconnect. I like em both. Don't know what to choose.

 

[bob4432]

Originally posted by: osage
ClarkConnect is pretty easy, you can install it as a standalone Firewall, or as a Gateway.

download the Home 3 version-burn the image- boot from the CD-and set it up.

will give it a try too

 

[EvilWobbles]

I'm a fan of IPCOP. It is a fork from the Smoothwall project.

Super simple to install and configure with a very intuitive web interface.

IPCOP

 

[bob4432]

just out of curiosity, do these machines access the hdd often? could i just put in a slow old 4-10GB?

 

[drag]

Sure. Harddrive speed shouldn't matter, unless you have very low memory and it has to access swap space. But that shouldn't be a issue. (64megs should be more then enough for all but the most demanding applications, I beleive. 8 or 16 megs should be enough for most things. I don't know how bloated something like clark connect would be. Best to look for minimal recommended specs.)

 

[bob4432]

since i will be taking the current router of the configuration and using this computer setup, i am going to be losing a switch. which cisco switch should i pickup on ebay? 100Mb/s - 16ports, managed. may as well learn something also since they seem to be pretty cheap on ebay

 

[bob4432]

so far have messed around with clarkconnect - pretty cool stuff. just getting used to the webadmin and the way stuff works before i make it part of the lan... thanks for the idea

 

[ynotravid]

PROS: it's interesting and you have a lot more features possible. Great, if you want to setup a VPN between friends/family.
CONS: considerable time to setup your first time. The computer will take a lot more power. And if you have to have it in an inhabited room, the fans and HDD will make noise, and the smaller the room, the more you will notice the heat output.

 

[bob4432]

Originally posted by: ynotravid
PROS: it's interesting and you have a lot more features possible. Great, if you want to setup a VPN between friends/family.
CONS: considerable time to setup your first time. The computer will take a lot more power. And if you have to have it in an inhabited room, the fans and HDD will make noise, and the smaller the room, the more you will notice the heat output.

like you said, nice all in one package for a whole setup - webserver/ftp/mail/webmail/ etc. quite a bit of stuff... probably try something else out, don't need all this offers...

 

[mundhra]

sorry to reply so late; i posted this on another thread:

i use coyote linux at home on my firewall/router machine. i have it running on junk, basically - an old dell pentium 100 with 16MB ram and 2 isa network cards. it's a stripped down linux distribution that's built specifically for being a firewall... and it runs off a floppy. you can ssh in to the machine or use the web admin functions to enable port forwarding and all that good stuff. it'll even do dhcp and printserving, too. i think.

a friend of mine uses smoothwall and he's pretty happy with it. i haven't bothered with it because i'm very pleased with coyote linux, and smoothwall needs a hard drive. he had previously been using freesco, which he was also impressed with.

Newsforge article on floppy based firewalls

 

[osage]

ClarkConnect Hardware System Requirements

The hardware requirements are listed below. Keep the following in mind:

Hard disk space depends on your file server needs. The full install of ClarkConnect is under 1 GB.
Requirements also depend on usage. For instance, a heavily used content filter will increase your system requirements, while a system running just a barebones firewall will require very few resources.
Base Hardware Minimum Requirements
Network Cards You will need 2 of these for gateway mode
Monitor Only required for the installation
Video Card Any old video card will do
CD-ROM Only required if you install over the Internet
Floppy Drive Only required for non-bootable CD-ROM drives
Broadband Ethernet, cable, or DSL connection required
Modem Only required for caller ID feature


<5 users
Processor 200 MHz
Memory 256 MB

5-10 users
Processor 750 MHz
Memory 512 MB

10-20 users
Processor 1.2 GHz
Memory 1 GB

20-50 users
Processor 2 GHz
Memory 2 GB

CC is more resource hungry that the floppy based, and some of the other options, but it has a lot of features, and the prebuilt modules are very nice.

 

[n0cmonkey]

Originally posted by: osage

ClarkConnect Hardware System Requirements

The hardware requirements are listed below. Keep the following in mind:

Hard disk space depends on your file server needs. The full install of ClarkConnect is under 1 GB.
Requirements also depend on usage. For instance, a heavily used content filter will increase your system requirements, while a system running just a barebones firewall will require very few resources.
Base Hardware Minimum Requirements
Network Cards You will need 2 of these for gateway mode
Monitor Only required for the installation
Video Card Any old video card will do
CD-ROM Only required if you install over the Internet
Floppy Drive Only required for non-bootable CD-ROM drives
Broadband Ethernet, cable, or DSL connection required
Modem Only required for caller ID feature


<5 users
Processor 200 MHz
Memory 256 MB

5-10 users
Processor 750 MHz
Memory 512 MB

10-20 users
Processor 1.2 GHz
Memory 1 GB

20-50 users
Processor 2 GHz
Memory 2 GB

CC is more resource hungry that the floppy based, and some of the other options, but it has a lot of features, and the prebuilt modules are very nice.

That's ridiculous for a firewall. What features do you need? Uh, blocking traffic and letting traffic through. Maybe a bit of NAT...

 

[osage]

"That's ridiculous for a firewall. What features do you need? Uh, blocking traffic and letting traffic through. Maybe a bit of NAT... "

I agree, for just a firewall and nothing else a 486 with 32mb of ram is plenty.

CC is a nice package of Gateway/router/firewall/server all in one. It's up to the user to decide what features they want to use.