# help with proxy server/firewall.

## zoldrin

Sorry for putting this in the wrong section but it seems as though none of the other catagories are very active, anyway:

First of all, what are your thoughts on gentoo linux. I am planning on installing it on my personal pc, is this wise? When I get my personal pc (a few weeks) it will be connected to a network as follows:

proxy server and firewall, hub, LAN= family's pc and my pc.

I am aware this is not neccesary but I want to gain skills with networking and Linux/Unix.

Second of all, what o/s should I install on my proxy server/firewall? At the moment the computer I have set aside to be the proxy server/firewall is as follows:

An AMD 486 dx2-80,

one stick of ram (unknown, probably min.)

two hdd's, each approximately 80 mb

up to two 3.5" floppy drives

up to two ethernet cards

I am yet to get the hub and networking gear (will get with my new system). I can probably get more ram if i need to but I should imagine it would be a bit un-common as it is fairly old.

An after thought, could I set up such a network configuration using crosswired network cables (eliminating hub)?

thanks all for your help, zoldrin

EDIT: I am having dinner, will check responce later.

----------

## Target

I'd get the hub... crossover cables in a daisy-chain configuration would require masquerading everywhere and be a nightmare to set up & administer.

I'm not sure what distro to reccomend for a machine without a cdrom drive nowadays. Maybe the Linux Router Project, or an ftp install of SuSE or RedHat... but I'm not sure how well they'd perform on old hardware since they've become quite fat, if they install at all.

For the personal PC, whatever works for you. A source-based distro like Gentoo will be very fast with the optimizations set... But expect to have to get used to some eccentricities and quirks. Each package maintainer for portage has his or her own idea of how the package should be built and what the default configuration should be.

For example: In Gentoo, Apache is called apache and not httpd. As well, the configuration files have been split up to make them more modular. The maintainer's idea of what configuration directives should be in the "common" config file and what should be in the modular files probably won't mesh with yours.

Gentoo requires more work to set up and configure to your liking, but it's worth it.

----------

## wheatstraw

I definately agree with the hub.  If nothing else, it is way easier to connect another pc to your lan.

I am running Freesco on my router.  It is a Pentium 100 with 32M RAM and no hard drive.  It is not a proxy server, just a gateway and firewall.  It has a nice web interface that I can log onto from my lan and do admin stuff.(read: mess with it when I shouldn't)  The entire system is on a floppy.  It runs via ramdisk.  Another cool thing is to shut down, you just turn it off.  No hard drive,  no trouble.  

Check out LRP and Coyote also.  They are more feature rich and might suit your needs better.

----------

## zoldrin

Thankyou very much all, I am looking at lrp and coyote as we speak.  These may not be chosen however, because I can install a cd-rom drive if I feel it is wort it.

----------

## taskara

check out this little thing of beauty

www.bbiagent.net

it runs a firewall / dns / router off a single floppy disk

might be perfect for what you need

----------

## klieber

For a firewall/router appliance, you might also check out Devil Linux.  It's got all the benefits of a low-overhead linux distro, but has more capacity than single-floppy distros since it boots from a CD.  Plus, since it boots from a CD, you never have to worry about your core OS files getting hacked, rootkits getting installed, etc.  If you're suspicious about anything, just reboot the machine and you're back to a virgin install.  Very cool little distro.

--kurt

----------

## taskara

make the floppy disk of a "single floppy disk router" (like bbiagent) un-writable (using the little slide clip) - and no-one can hack in and change a thing

----------

## klieber

 *taskara wrote:*   

> make the floppy disk of a "single floppy disk router" (like bbiagent) un-writable (using the little slide clip) - and no-one can hack in and change a thing

 

Absolutely true.  However, your options are limited with a single-floppy distro since you only have ~2MB worth of space to work in.  With a CD-based distro, you have 800MB of space to work in, which means you can have a more full-featured firewall device, such as one that allows incoming VPN connections, doubles as a dhcp server, GUI-based config options, etc.

It all comes down to what is important to you.

--kurt

----------

## taskara

yeah I agree - have been using smoothwall for my broadband at home.

but this guy only has 80 mb space ?

and no cd-rom drive

i can setup all those things you mentioned with bbiagent floppy  :Smile: 

plus setup dns, dhcp, wins router

specify connections to allow / reject

tell it to ignore certain scans from the wan

auto connect, dial on demand

all sorts of stuff.. definately worth a look for this guy I think.

----------

## zoldrin

What is this auto connect and dail on demand you speak of?

I am keen to nkow and from what I imagine is exactly what I need for a dial-up router/firewall.

For you information I now have about 120 megabytes over two hdd's and I am intending upon getting a big ass hdd later on and upgrading to a proxy server also.

Thanks again for your help.

----------

## taskara

auto connect just connects at startup, and dial on demand causes the server to dial the internet if someone wants to use it on your lan, when the connection is down.

if you have hd space now, you might want to try smoothwall.. it's really good.

in the mean time if you want a simple solution try bbiagent

----------

## klieber

 *taskara wrote:*   

> if you have hd space now, you might want to try smoothwall.. it's really good.

 

Smoothwall is a great product from a technical standpoint.  There are a lot of people who are very upset with the developer/project leader, Richard Morrell.  He has a very abrasive, rancorous demeanor.  He has no appreciation for the GPL and has, in fact, stopped licensing Smoothwall under the GPL.  He's also famous for not offering any sort of support unless you've paid him money.  

But don't take my word for it:  Search Google, read some of the posts there and decide for yourself.

All in all, there seems to be a lot of Bad Karma surrounding smoothwall.  Enough so that folks have forked the code and created IPCop.  I haven't used IPCop, which is GPL, but I've heard it's very good.   Given the uncertainty surrounding the future of smoothwall, I would hesitate to use it in any sort of production capacity.

--kurt

----------

