Re-doing my router box

[Soybomb]

Okay so I've got a old p120 that I've been using as my NAT machine on my home network connected to my cable modem. Its been running a pretty tweaked out redhat 6.2 for a while now. Well after a few power outages and such, the ext2fs is getting pretty corrupted in some places 😀 I think its just time to start again.

Its' been years really since I've played with slackware and thought this time I'd go back to my roots and am downloading slack 8.0 now. Anyway I've got some questions that I thought I'd pop at your guys and see what you think.

I've been debating between reiser fs and ext3fs. I think so far from what I've read I'd like to try ext3fs, but am I going to have problems getting slack to use it?

So what utilities do you think are must haves? I consider ssh, tripwire and something to kill the port scanners. In the past I've always used portsentry but I know lots of people like snort as well. Any personal preference and why?

Finally how about a good ip tables rule set? My box is running a 2.4 kernel but I compiled in ipchains support since thats what all my rules are for. Are there any nifty rule configuration pages or something out there, or even a page with a basic "framework" set for a NAT/firewall box that would get me started until I can read more about it?

Thanks as always!

 

[n0cmonkey]

I wont be a big help but here we go:

IPTables rules are VERY similar to IPChains rules. That shouldnt be too much of a problem. Look up netfilter/iptables.

snort is a full fledged Network Intrusion Detection System. It will not "kill portscans", it will however pick them up and log them. Do not run this on your firewall unless you bind it to an extra nic without an IP address. Plus, snort can be hardware intensive, and on a busy line a p120 or whatever will not keep up with firewalling, NIDS, and logging. Not to mention I imagine the HDD is kinda small 😉

Anyhow, go with portsentry and install snort on another machine if you need NIDS.