• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

good linux OS to run a smoothwall router?

ViviTheMage

ViviTheMage

Lifer
I have red hat on 3 CDs, but they are about 3 years old now, so I would love to get a newer version of linux, anyone know what I could use to do that for me?

I want to deplete my stupid linksys router, I am sick of it, so I am going to run smoothing wall on an old 450mhz computer here with linux (what os should I grab to run this on?) and have my p4 2.8ghz 1gig ram 'server' run as the DHCP/domain etc and have that connected to a 8 port switch then have a wireless wap connected to that for wireless.

Only thing I need to know is what OS to get for my smoothwall?! could I have the smoothwall be the DHCP for my cable conenction instead of my p4 2.8ghz server? I would rather do that, take some load off the 2.8ghz server.

Any thoughts welcome!
 
Smoothwall is a "version" of Linux just like Red Hat; IP Cop is a "version" of Linux just like Red Hat.

Both Smoothwall and IP Cop are distrobutions of Linux that are specifically designed to be run as dedicated firewalls. Either of them should work fine for you.
 
I can vouch for clarkconnect as well. I use my clarkconnect server as a dhcp, dns, mail, webmail, gallery, print, and web server and of course it's a firewall too.
 
I switched from Smoothwall to IPCop because the latter is more actively developed. Either let you download an ISO image, burn to CD, boot and install on an old PC pretty painlessly.
 
Well some distros like Fedora Core ship with a firewall on by defualt. I don't know about Suse, but I know that Debian doesn't have a firewall by default.

on a side note:
Firewalls truly suck though. You only realy want to have one if you have to have one. It's better to go at your security by disabiling and locking down network services rather then blocking them off in the firewall. But for some settings, such as anti-DOS or anti-phishing or virtual private networking, then firewalls are very usefull.
back on track now...


In Linux you have all this network capability built into the kernel. Iptables is part of this and it provides basic building blocks for directing and controlling ip packets and whatnot.. As well as some simple routing stuff. Then there are some basic command line tools for setting rules and such up.

You can use these things directly to setup your firewall and such, but for the most part people use other programs to do it. There are various firewall scripts and firewall programs you can install that are designed to make setting up a firewall much simplier. Google around and you should be able to find a few. See if you can find one pre-packaged for your distro with a support page and such you can ask questions to. I don't have a paticular recommendation though... probably other people do.

Also there are other add-ons you can do that will turn a Linux PC into a full fledged router and everything. Just like any sort of fancy Cicso gear. Internet routing protocols, and support for stuff like RIP and OSPFv1 and v2 and all sorts of stuff like that.
 
If you have a stand-alone machine, yes

On the other hand if you have a network behind it with resources shared internally a firewall is a good thing so that you can be sure those resources are not available from the internet.
 
Originally posted by: spyordie007
If you have a stand-alone machine, yes

On the other hand if you have a network behind it with resources shared internally a firewall is a good thing so that you can be sure those resources are not available from the internet.
Click to expand...


Oh of course. I was just talking about a individual machine.

Having a firewall to seperate internal networks from more external ones are the only way to do this sort of stuff that makes sense.
 
Originally posted by: Quinton McLeod
I was talking about using a Linux machine as a firewall/router.
Click to expand...

Oh. Well in that case it's easiest to setup a distro specificly for that sort of thing. Like smoothwall or clarkconnect and whatnot. Taking a standard purpose distribution and locking it down to make it into a external router is perfectly possible.. but I know I prefer to have somebody who is actually a expert in security and iptables to do it for me.

I personally used a floppy-based Linux distro from http://leaf.sourceforge.net/ for my home router for many years. Actually I want to go back to it once I figure out a way to make the pc that ran it silent.

I'd pop in the floppy.. do a configuration change, write back to the floppy and then eject the floppy. The entire thing ran completely from RAM. In the years that I ran it the ONLY reason I ever had to reboot it was if I moved it physically or I had a black out. I had something like 99.98% service aviability with that sucker. The crappy part about it was that it was a old compaq that required that you had a monitor and keyboard plugged into it when you rebooted or it would error out in the BIOS. I had neither a keyboard or monitor plugged into it.. so when I had a brown out it was a pain to get it booted back up again. But I'll use a slightly less crappy pc next time... (a mini-itx machine would be ideal. they even make ones with dual nics)

It was certainly much more reliable and provided much much higher performance then the current linksys P.O.S that I use right now. And that was only on a 200mhz pentium-1 machine with 32megs and dual nic cards.
 
Originally posted by: Quinton McLeod
I was talking about using a Linux machine as a firewall/router.
Click to expand...

You have to (of course have two or more NICs) turn on routing support. I used to know the config file it is in, but since discovering webmin, I've gotten lazy. Then you have to pick a nic for your outside interface ('net-facing) and your internal interface (lan-facing). Configure the ip address or dhcp for the outside interface however your provider wants it, and configure your internal interface with whatever ip you want. You'll then have to manually set up dhcp and dns. ALL of this, by the way, can be done from webmin.

Any general purpose linux distro will work for this, though my personal favorite is CentOS with a minimal install, and it will be a bit more involved than using one of the router/firewall specific distros mentioned in this thread.
 
I'm thinking about using a mATX motheboard (Tyan Tomcat P3) with dual 10/100 ethernet ports, onboard video with m0n0wall (freeBSD) as a firewall. I'm also interested in finding an IDE to compact flash reader connector and using that as the boot/storage for the software.

Anybody tried this yet?

Any thoughts about what size of CF I will need?

Thanks!
 
Originally posted by: saabman
I'm thinking about using a mATX motheboard (Tyan Tomcat P3) with dual 10/100 ethernet ports, onboard video with m0n0wall (freeBSD) as a firewall. I'm also interested in finding an IDE to compact flash reader connector and using that as the boot/storage for the software.

Anybody tried this yet?

Any thoughts about what size of CF I will need?

Thanks!
Click to expand...

That's plenty of hardware. I was running Smoothwall on a Pentium 50 and have heard of folks using 486's. Someone really needs to start selling cheap, low power boards for this. Like an mini-ITX but actually cheap.

According to the FAQ (http://doc.m0n0.ch/quickstartpc/#id2535111) you need >= 8MB of hard drive space, so I'd say a 16MB CF just to be safe. Do they even still sell them that small? With CF, you'll want to minimize any writes to prolong the life of the media.
 
Originally posted by: doornail
Originally posted by: saabman
I'm thinking about using a mATX motheboard (Tyan Tomcat P3) with dual 10/100 ethernet ports, onboard video with m0n0wall (freeBSD) as a firewall. I'm also interested in finding an IDE to compact flash reader connector and using that as the boot/storage for the software.

Anybody tried this yet?

Any thoughts about what size of CF I will need?

Thanks!
Click to expand...

That's plenty of hardware. I was running Smoothwall on a Pentium 50 and have heard of folks using 486's. Someone really needs to start selling cheap, low power boards for this. Like an mini-ITX but actually cheap.

According to the FAQ (http://doc.m0n0.ch/quickstartpc/#id2535111) you need >= 8MB of hard drive space, so I'd say a 16MB CF just to be safe. Do they even still sell them that small? With CF, you'll want to minimize any writes to prolong the life of the media.
Click to expand...

Soekris boards aren't too expensive.

Mount your CF with the noatime option, it'll cut down on a lot of writes. You can also mount it RO and log to a memory based file system (or even over the network to a syslog server).
 
Originally posted by: n0cmonkey
Soekris boards aren't too expensive.
Click to expand...


I followed the link hoping you were right but those are more expensive than VIA ITX boards and a lot less powerful. It shouldn't be that make a pentium 1 class board for around $50.

-- Edit --

I see they include the ram and CF so it's a little better.


 
Damn Small Linux offers various Mini-Itx stuff through their website as a promotional thing. Those Mini-itx boards, even the slowest ones, offer more CPU power then even industrial routing equipment (of course the itx stuff is extremely I/O limited, but that's not much of a issue for home or small business). Unfortunatly the small diskless machines they offer pre-built have only one nic and no room for a pci card, you can order the parts yourself with a different case that will work just fine.

Down at logicsupply.com they offer a lot of mini-itx stuff. They offer pre-built 'monowall' (freebsd based) items. Also they have some pentium-4 and pentium-m mini-itx boards.

Some itx boards come with min-pci slots or support daughter boards to add wireless capabilities or more ethernet ports, among other things.

One cool thing that I at logicsupply there was these 'industrial' flash cards. They are little plastic things that plug directly into your IDE cable slot on your motherboard so that you can boot off of internal flash very easily on different boards. I like usb flash drives now though.. The modern version of a floppy. You can build your router on one of those, configuration then plug it into a box.. Boot it up off of that pen drive and when the system is loaded into RAM and such then unplug the flash drive. Of course this only works when you can run your entire OS from a ram-based drive.

Those Soekris stuff is also very cool. Those are popular routing items. Smaller, cooler (as in temp) and use much less electricity then even Mini-itx boards. And plenty fast.

Of course if your going for most cost-effective system... Then used PCs offer the best value.
 
Down at logicsupply.com they offer a lot of mini-itx stuff. They offer pre-built 'monowall' (freebsd based) items. Also they have some pentium-4 and pentium-m mini-itx boards.
Click to expand...

Thanks, but mini-itx sure seems expensive to me at $359 for their cheapest offering. I notice that the boards and case for a m0n0wall firewall at
mini-box
are about half the cost of mini-itx offerings.

I'm just trying to figure out what it will cost me to get something up and running as all I have currently is a old spare p3 ATX MB and 500MHz P3 with nothing else. Sounds like a mini-box setup MB (w/3 enet) and case for about $161 (fanless) is close to what it would cost me for the rest of the stuff to whip my p3 MB into shape.

Guess I could go try getting some complerte old system on ebay, but then reliability might be an issue.

Getting something fanless seems desirable, don't you think?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top