LinuxRouterProject, FreeSCO, E-smith, or some other option... Help me decide.

[LickEmSmack]

Here's my setup: 5 networked comps in a house all running off Cat5 and hubs. I have a Pentium I 166 w/ 64MB RAM to use as the Gateway for the LAN. I will be using a cable modem with a static IP.

Requirements: Obviously, net access for all boxes simultaniously. Ability to allow an IRC DCC server to be accessed thru the Gateway to one of the NAT'd boxes. Ability to run Apache on the Gateway as a web-server (probably). Ability to play games online simultaniously (i.e. UT, Quake, Starcraft, etc.).

In my current apt. I am running the Gateway with RH 6.2 with dual NICs and doing IPChains NATing and firewalling with this box using PPPoE on DSL. I can't meet all the requirements with the way I have it set up right now and am looking for a better solution. Remember, this will be a static IP on a cable modem. Thanks!

 

[n0cmonkey]

<< Here's my setup: 5 networked comps in a house all running off Cat5 and hubs. I have a Pentium I 166 w/ 64MB RAM to use as the Gateway for the LAN. I will be using a cable modem with a static IP.

Requirements: Obviously, net access for all boxes simultaniously. Ability to allow an IRC DCC server to be accessed thru the Gateway to one of the NAT'd boxes. Ability to run Apache on the Gateway as a web-server (probably). Ability to play games online simultaniously (i.e. UT, Quake, Starcraft, etc.).

In my current apt. I am running the Gateway with RH 6.2 with dual NICs and doing IPChains NATing and firewalling with this box using PPPoE on DSL. I can't meet all the requirements with the way I have it set up right now and am looking for a better solution. Remember, this will be a static IP on a cable modem. Thanks! >>



So you are not looking for security right? Just something to NAT all your machines behind? The linux box should be just fine if you set it up to NAT everything correctly. I cant help you with it, I use ipfilter. What are you having problems with? What is not working in your current setup?

 

[LickEmSmack]

I am looking for some security (my roommates don't give a damn that their boxes are wide open but I do, so I prtect myself and firewall as best I can for the network without limiting their ability to use the internet). The problem with my current setup is that I haven't set it up to do the IRC DCC server thing on a NAT'd box and I can't get the ident request through when connecting to IRC from a NAT'd box. Oh and online games don't seem to work very well... More details on that if you want.

IPfilter is only in the 2.4 kernel right? On the RH 6.2 I am running 2.2.x so I am currently using IPchains. Is IPfilter easier? I have one hell of a time trying to get IPchains to work how I want.

 

[n0cmonkey]

<< I am looking for some security (my roommates don't give a damn that their boxes are wide open but I do, so I prtect myself and firewall as best I can for the network without limiting their ability to use the internet). The problem with my current setup is that I haven't set it up to do the IRC DCC server thing on a NAT'd box and I can't get the ident request through when connecting to IRC from a NAT'd box. Oh and online games don't seem to work very well... More details on that if you want.

IPfilter is only in the 2.4 kernel right? On the RH 6.2 I am running 2.2.x so I am currently using IPchains. Is IPfilter easier? I have one hell of a time trying to get IPchains to work how I want. >>



If you want security you will not put a webserver or any unnecessary services on your gateway. But ipfilter is not in the 2.4 kernel. As far as I know linux does not use it. You would have less problems if you did upgrade to the 2.4 kernel. netfilter/iptables would be a lot easier. Redirect port 113 from the nat box to your machine. That will solve the ident problems.

 

[LickEmSmack]

That's the only service I'd put on that would be accesible to external IPs (except ssh2 ) If I portfw port 113 to the other box, would every box on the network get the forwarding or would I have to hardwire it for *my* computer? (I'm not sure if that was clear or not). You suggest upgrading to the 2.4 kernel, and going with IPtables, correct? I would have to redo all of my firewall rules then with this new format wouldn't I? That sounds pretty painful. What about the online gaming type stuff? Any tips?

 

[n0cmonkey]

<< That's the only service I'd put on that would be accesible to external IPs (except ssh2 ) If I portfw port 113 to the other box, would every box on the network get the forwarding or would I have to hardwire it for *my* computer? (I'm not sure if that was clear or not). You suggest upgrading to the 2.4 kernel, and going with IPtables, correct? I would have to redo all of my firewall rules then with this new format wouldn't I? That sounds pretty painful. What about the online gaming type stuff? Any tips? >>



iptables *MIGHT* be compatible with your old rules, I am not sure. The port forwarding would only be for one machine. I am not sure of a way to forward it to multiple machines. Do a search on www.geocrawler.com in one of the mailing lists there. They may have info on it. I dont really play games so I cant answer many gaming questions. I am sure similar questions have been asked so search for info on the site I mentioned earlier.

 

[LickEmSmack]

Could these things be solved by using one of the other options I suggested, i.e. FreeSCO and others? Have you ever used one of these?

 

[n0cmonkey]

<< Could these things be solved by using one of the other options I suggested, i.e. FreeSCO and others? Have you ever used one of these? >>



I have never tried any of them. I am not a big linux fan and I am quite happy with OpenBSD + ipf. Others have been quite happy with FreeSCO and LRP from what I have heard. One of the more important things though is stateful packet inspection. IPChains does not have this. IPTables/netfilter and IPFilter do.