Would this machine be worth it to make a small fileserver/firewall/router

[alm99]

Here are the specs:
AT Form Factor
250 watt AT Power Supply
Pentium 150mhz-166
16mb edo
2gb hard drives
1mb Ark video
Ethernet (varies on make/model of cards)
CD-Rom
Floppy
Motherboard has
Socket 7
3-4 pci and 3-4 isa depending on which one.
Supports 2 Dimms, 4 72-pin slots.
2 25 pin parallel, one serial.
One AT Keyboard connector.


Would I be waisting my time? Should I just build a cheap celeron ~300-500mhz system instead to do this purpose?

 

[FUBAR]

That would do fine as a firewall/router box. If you're going for fileserver, you probably want a whole buttload more disk space, since that's what fileservers are for. Now if you want other types of servers, web, ftp, mail, that can depend. Web and mail generally don't take up too much disk but ftp can. Your hardware is plenty fast enough for basic serving of all those things, as long as you don't plan on getting linked from slashdot that is

 

[alm99]

what software would I use? Is there a tutorial or anything I could follow?

 

[Iron Woode]

You have a number of choices for your intended use. In the long run you would be better off using some form of Linux.

More ram should be added too.

Choices:

Freesco: a great firewall/router also does web server/print server/DNS/DHCP and will run on a floppy. I use this on my P166 router.
Smoothwall
LRP
Madrake Single Network Firewall 7.2

A good alternative would be to use a full Linux distro. Install something like PMfirewall on it. It is a great router/firewall program. Then setup the network for lan file sharing.

If you insist on Windows, you can use ICS. Enable file sharing and use zone alarm pro on the routing PC. It has to be on constantly, and will need rebooting on a regular basis.
Symantec has Norton Internet Security for windows as well.

try this web site out for lots of info: link

 

[FUBAR]

Personally, I would go for some sort of a full distro. To get your feet wet, go for something that can get you up quick like redhat or perhaps mandrake (shudder). A lot of votes will probably come in favor of debian as well. To get rid of most of the bloat that come with a full distro, don't install X-Windows. It would probably be really slow on that box and you'd probably eat up an extra 500MB of disk.

And of course, look at the ip-masquerading howto at Linuxdoc

 

[Mucman]

Hi alm99, that machine would make a fine file server. I have a P150 32M 60Gig Maxtor drive running FreeBSD. It is running Samba to share my 55Gigs of mp3s amongst the nodes in my home network. It runs Pure-ftpd so I can access my mp3s when I am away from home. It also runs DJBDNS so I can have a fast caching nameserver and not have to worry when the darn ISP's nameservers going down more often than a cheap whore!

If you need help, just PM me...

If you don't know how to use a unix like OS then it might be a bigger project than you expect though.

 

[Heisenberg]

That would work just fine as either a firewall/router or fileserver. The one suggestion I would make to either make it either a firewall or a fileserver, but not both. Your firewall should be a dedicated machine. Using a firewall for something else just opens up a lot of potential security holes.

 

[alm99]

This will be my first shot a networking other than just a few computers together, am I going to expect a lot of headaches?

 

[DirtylilTechBoy]

good headaches

 

[FUBAR]

I prefer to think of them as growing pains in this particular context...

 

[sml]

I highly recommend the Closed BSD project for this type of an implementation Closed BSD Project It is a small firewall product that can boot off a CD-ROM, requires no hard drive at all, and has a very neat curses-based configuration a la netconfig for slackware from back in the day It's fairly easy to use, and I'm friends with the authors, I've used it quite a bit and I'd definately check it out if you're looking at a firewall machine deployment of a machine with those specs; you could mount the hard drives as a /var partition and a /tmp partition or something and turn it into a syslog server for some of your other machines as well.

 

[alm99]

Using a firewall for something else just opens up a lot of potential security holes.

So its not a good idea to use this as a firewall and router and fileserver, what kinda big security issues could I run into?

 

[gaidin123]

So its not a good idea to use this as a firewall and router and fileserver, what kinda big security issues could I run into?

In general, the more services you run on any machine, the less secure it is. You would only be as secure as your most bug ridden piece of software that's always running. Just running the firewall software and not allowing any sort of external or internal (other than physical) access to the machine is the most secure your firewall's going to get. If you configure your other services correctly and only have them running on the internal NIC of your firewall, you will pretty much eliminate the security issues that go along with running more services on the firewall. This assumes that you can trust your internal computers which, in this case, you'd better or else you have bigger issues to worry about.

When you configure Samba or whatever filesharing software you want to use, just be sure to bind it to the internal NIC only (hint: listen address). You should be fine with that. Now for corporate use or whatever all this is thrown out the window and you shouldn't run anything on the firewall aside from the firewall services.

Gaidin

 

[Heisenberg]

Good summary gaidin.

Even for a home user, I still think the best way is to have a dedicated machine for a firewall (that's the way my setup is). I will say that most likely you won't have any problems using one machine for a fileserver and a firewall, provided you configure it properly. I just always prefer better safe than sorry (I'm probably a little paranoid, but I digress...). It's up to you, though. If you're extremely security-conscious, run a dedicated box. If not, don't worry about it, and you'll probably be fine.

 

[mobogasm]

so lets say I had a linux box as my firewall/router and I wanted to have a webserver, would it be best to house it on the firewall/router or a box behind the firewall/router?? what are some advantages/disadvantages of each? thanks for any help

 

[alm99]

So if I go with two systems, very similiar to one another, should I set it up like this?

internet connection to:

1. the primary firewall and router comp

then have it go

2. fileserver comp (similiar specs as the firewall comp)

3. to all networked computers(2 or 3)

 

[gaidin123]

mobogasm,

The "best" way is to house each service on a separate computer altogether and prevent them from talking to each other if possible. That way, if one is compromised, the others won't necessarily get taken down with it because of trust issues or same username/passwords, etc.

alm99,

With your setup, you just have the main internet connection going into 1 NIC on your router/firewall computer, and then have another NIC in that machine plug into a switch which the rest of your network is also attached. For your internal only fileserver you will just have to do a few things to block it off from the outside world. First, make sure it's IP cannot get outside the local network (ie only masquerade the 192.168.x.x IPs that you want to have internet access). Second, on the file server itself set up some kind of access list where only certain IPs/MACs can access the service. Finally, if you are really paranoid, stick a rule in your firewall settings that drops the route from the firewall to the internal file server. That way, even if your firewall was compromised, unless the attacker checks your routing tables they would never know your file server exists unless they compromised one of your internal machines as well.

Gaidin

 

[alm99]

wait so I would have to buy a switch outside of this router machine?

EDIT: Also if I use this machine for a fileserver only, will I be limited to the size of the HDD I put in it through the BIOS since it would be an AT machine?

 

[gaidin123]

Well if you want to share your net connection with more than 1 other computer then you will either need a switch or one additional ethernet card in your router per computer. You need to be able to attach them all into some kind of network. If you have just one other computer aside from the router you can use a crossover cable and plug it into the 2nd NIC on the router. If you have more than one it's really easy to just get a $25-35 5 port switch and hook everything up to that.

As for the hard drive size, you can have a drive as big as the BIOS can handle though it's possible that a more recent PCI IDE controller can address much larger drives despite the motherboard's BIOS limitations.

Gaidin

 

[mobogasm]

gaiden: i can't house my webserver on a different box and not have it talk to the router/firewall though b/c i only have one internet connection (cable, fed into the router). that would be an option if i had multiple connections though. so it's best just for me to have a firewall and that hooked up to a switch with a webserver and workstations behind the router? and just forward packets with the approprite port request to the webserver??? lemme know

 

[gaidin123]

Originally posted by: mobogasm
gaiden: i can't house my webserver on a different box and not have it talk to the router/firewall though b/c i only have one internet connection (cable, fed into the router). that would be an option if i had multiple connections though. so it's best just for me to have a firewall and that hooked up to a switch with a webserver and workstations behind the router? and just forward packets with the approprite port request to the webserver??? lemme know

Yes in your case that sounds like the best plan. You would of course only be able to drop routes on internal only servers. With any externally accessible server the best practice is to run server on a separate machine behind the firewall and just forward whatever ports you need.

Gaidin