• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

best distro for firewall?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
kevmarks

kevmarks

Member
Joined
Mar 3, 2002
Location
Chicago
I know the basic theory of firewalls is that 'less is more' The less software on this machine the less chance of a security breach. However, this is a bit of a problem, as most distros come with everything but the kitchen sink.

If you didn't read my sun sparc thread I ended up buying this from ebay. I am planning a linux firewall and a samba server.

I can't run smoothwall as it does not support SCSI disks :( . What is a nice lite distro that I can use on this monster? I just need a command line with samba and iptables (well I will just recompile the kernel for this). And ssh for telnet sessions :D
 
..as most distros come with everything but the kitchen sink.
Click to expand...

Yeah, but most distros also give you the option of choosing an expert installation, and you can pick and choose what you want to install. If you don't want *, don't install *.

So, basically any distro would work, but I'd go with Slackware, or Debian (just because I like them better).

There are also a lot of minimalist distros that are just for the purpose of firewalls, so you might check out some of these links for more info about them.
http://www.frazierwall.com/
http://www.fli4l.de/english/e_fli4l.htm
http://www.gibraltar.at/
http://www.keeper.org.uk/
 
I like to use Debian on anything that needs the bare minimum to be running. It's very easy to do just a base install, then use apt-get to install everything else, then you know you're not running anything extra. So for a firewall you just need the base and iptables (or is it chains now? I always forget). Might want sshd so you don't have to leave a monitor connected to it. You can get a firewall running on about 50mb of hard drive space including the OS. If you want gui tools and such I would suggest running a config tool on a different box then just copying the config files to the firewall.

I guess there's also some sort of a pix iso you can get, and it makes your linux box run exactly like it. Although this is illegal.
 
I have tried a bare minumum install with redhat on another machine. Bare minimum = 513 mb!!! And when I looked on the system I found elements of gnome, KDE and X.

I was looking at Gentoo this morning, it looks good but looks like it is going to be tricky to setup. I will take a good look a debain, and thanks for the links guys. The monster will be here sometime next week. Hopfully it shipped today, so I will keep you updated.
 
I have checked out everything. I have boiled down to 2 choices. I can install gentoo and setup the firewall using iptables. roaring penguin, maquarading etc. This could take a whole weekend :).

Or I can install smoothwall and try to recompile the kernel for scsi support. Which could be easier if I had the kernel config file to start with.

I think I will go with gentoo. Most of the floppy ditros are based on the old 2.2 kernel. The same goes for the cdrom based ones. At least with gentoo I can install a small distro and setup 2.4.19
 
Well if you want to go Gentoo might I recommend getting a Stage 3 tarball. Stage 3 has a precompiled base system, much quicker than going from a Stage 1 or 2 (1 you have to bootstrap as well as compile the system, 2 you just have to compile the system). Gentoo you still have to compile the kernel from scratch.

Gentoo personally is my favourite distro, I'm running it right now.

-DarkArctic
 
Does the Smoothwall distro work on Sparc?
Click to expand...

I don't think so. I ended up buying an old Pentium Pro based server in the end. The only thing that is worrying me about gentoo is the amount of time it will take to compile the kernel on a pentium pro 200.

I shuld be able to strip the kernel down to nothing. No IDE support, No sound, No USB. The only thing I need is support for my NIC's and the SCSI controller. :). How log do you think it will take to compile?
 
I still say debian is the best for a firewall. It's quick, small, and easy to upgrade. You wont have to recompile anything.
 
debian is very nice. It a close call. I think I will recompiling the kernel anyway, just to take out alot of the stuff I don't need
 
How long do you think it will take to compile?
Click to expand...

I have a loptop with a P133MMX, and that took a maybe 3 hours, that is including the time it took to starting with 'make menuconfig' to installing the modules. Keep in mind that that was with ide, sound, pcmcia, etc.

I'd say a striped down kernel on the Pentium Pro, would run maybe an hour, if that.
 
I've got a dual PPro 200/512k and it takes maybe 5-10mins to compile my kernels for it, but mine are a bit small and its been a long time since I've done it so my figures can be off.
 
ok, we are up and running with gentoo. I just need to compile a kernel for it. I am going to do it on my tbird 1.4 and trasnfer it over on floppy. I can't stand menuconfig after being spoiled with xconfig :D

One problem is I can't get my pair of davicom 9xxx network cards working. I will try again after I compile the kernel. I am using an old network card that came with the server at the min.

So, tonights project is to throw together a kernel and install
rp-ppoe.

Tomorrow night, try and get it to masquarde the network addresses and get it to sit in the network permenantly.

Friday night, start filtering network traffic! (providing I compile the kernel properly tonight :D

p.s this thing is LOUD. I am going to replace the extreme fan in the psu with something a little more appealing. Also, diconnect the 3 120mm fans and elastic band a small fan on to the top of the heatsink. Once it is setup, it is going in the cuburd with the vacum cleaner and the ironing board. I kid you not :D
 
Mandrake has their own Network Security Firewall (or something like that) made especially for... well.. a linux based Firewall ;) Free download, so might want to give it a try.
 
gentoo and iptables is the way it is going now. Just having a little trouble with my default routes. This NAT thing is a little confusing compared to RIP
 
You must log in or register to reply here.

Similar threads

jivetrky
Best option/value for router that can handle 1 Gigabit connection?
Replies
6
Views
1K
jivetrky
jivetrky
HankB
Interesting difference between distros.
Replies
3
Views
1K
morshed
M
Stratus_ss
[Build Log] Building out a home lab
Replies
4
Views
2K
Stratus_ss
Stratus_ss
SwartHack
RAIDy Or Not!
Replies
9
Views
1K
SwartHack
SwartHack
T
How do you create this simple Firewall Rule for Windows 7 Firewall?
Replies
3
Views
604
Tea_J
T
Back