I'd have to recommend IPCop as an awesome distro for a firewall. It's easy to administer via a browser, and pretty much does everything you'd want it to right out of the box.
The newest version (Dec 26th), is even better than previous versions. It'll run easily on even a 486. And includes Squid Proxy, FreeSwan VPN, DHCP, etc. Kev. ----- Original Message ----- From: "Shawn Grover" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, January 19, 2003 5:50 PM Subject: RE: (clug-talk) Personal experiene: Mandrake 9 on servers > Did you happen to notice if the ICS will allow port forwarding from the > external network to a server on the internal net? > > In my efforts to build a Linux firewall for my home network, I tried a few > of the floppy router packages (specifically Coyote and Freesco). These > packages were easy to setup and get going - if I only wanted to share my > internet connection with all the pc's on my internal network. However, I'm > trying to also host a web/ftp/mail server, so need to allow external > requests of an internal server. Unfortunately, the ease of use broke down > for these floppy packages once I tried to do port forwarding. > > End result is that I'm now running RH8 with a minimal server install (no X > or other such stuff) - the only exra packages I specifically wanted was Bind > and VIM. After some pains trying to learn iptables (I still have a long > ways to go...), I have the router I'm after. Just need to fix up my DNS > issues now (I'll probably post more on this in the near future - I'm sure > I'll need help). > > So, seeing your post Aaron, I'm curious if port forwarding is an option for > ICS? > > Thanks for any info. > > Shawn > > -----Original Message----- > From: Aaron J. Seigo [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 18, 2003 11:58 PM > To: [EMAIL PROTECTED] > Subject: (clug-talk) Personal experiene: Mandrake 9 on servers > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi... > > in the last couple weeks some people have asked about sharing internet > connections and setting up appropriate security measures on linux machines. > well, last night i decided to try out Mandrake 9 as a server. i've never > used > it for a server before, just desktop stuff, so i was interested in how it > would do. > > and it did wonderfully IMHO, and i would recommend it way above Red Hat for > new users looking to set up a server. why? well, connection sharing and > security are two good examples: > > ICS: to set up internet connection sharing you go to the Mandrake Control > Center, click on Network and then click on Internet Connection Sharing. this > > lets you launch a wizard that sets it up for you in 3 easy steps, 2 of which > > are informative messages letting you know what it is about to do. couldn't > be > simpler and it worked instantly. now, you can do this by hand of course, but > > this is often more than a new user is ready to learn and more than a busy > person such as myself really cares to deal with. > > Security settings: Sean Dockery commented how many UNIXes do things such as > put su in the wheel group, allowing you to easily control such things, and > noted that he hadn't noticed such settings. I replied that since such things > > are really only appropriate for production servers with sensitive data on > them (for everyone else it's just a nuisance ;), most linux distros don't > ship with those defaults. Enter MDK9.... I hadn't played much w/Mandrake's > security level settings previously, but I decided this time to muck around a > > bit. By setting the security level to "high", I could control on a > user-by-user basis who had access to rpm, su, /etc, service control and > more... you can even add your own rules. there is a nice GUI to manage all > this in the control center, but behind the scenes it works in a way that > will > be most familiar to most UNIX admins: namely, su is owned by the wheel > group, > and similar privsos are put on other resources. > > so while MDK doesn't allow you to do anything you couldn't do on other > distros > such as RH, it does make it painfully easy and quick. > > and the install is quite small, too. w/out any desktop stuff (though i did > keep X on there so i can futz around with the control center tools some > more) > it used 450MB of disk. with a bit of urpme'ing i got that down easily to > 380MB. still not the slimmest of the slim, but not bad for a user friendly > distro. i'm sure if i ditched the X stuff it would've fallen close to, if > not > under, 300MB. > > the urpm[ieq] tools deffinitely made managing the software a breeze compared > > to doing it with plain ol' rpm (much like doing things on debian w/out apt > is > a bother) > > caveats to MDK9: > > o since their tools are written in perl and therefore a bit slow and prone > to > the general shodiness of script language tools, it seems there are some race > > conditions. you don't want to be multitasking admin jobs while using their > tools, otherwise you may end up hanging apps (e.g. i managed to stall the > ICS > control panel this way and had to xkill it) > > o rpmdrake doesn't show ALL the packages installed in the "remove software" > > control panel. this was annoying since they install a bunch of useless stuff > > like GNOME libs when i had not asked for them. i didn't want anything more > than X + icewm + the MDK utils. things like ORBit didn't show up in the > Remove Software panel, but did show up using rpm from the command line. i'm > sure there's a way to tweak this (i just haven't looked into it yet), but > it's a bit annoying that this is the default mode. bah. > > o the text mode install is broken beyond belief. many of the steps get > missed > over, parts of screens (explanatory text and options) are missing, it's > confusingly laid out, and there is no obvious way of backing up a step or > two. obviously this isn't a priority to MDK, which is unfortunate. i > wouldn't > recommend installing MDK on a box that can't handle the GUI install mode. > but > that's ok: i used the GUI install and the system is a paltry P90 w/32MB of > RAM and an S3 video card w/1MB of VRAM. not a hotrod, but perfect for a > firewall / fileserver. the GUI install worked beautifully w/out a hitch. > > so i'd deffinitely recommend MDK9 to anyone looking to install and get > learning as it really eases the learning curve and shortens the time needed > to spend before having something useful... > > - -- > Aaron J. Seigo > GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 > > "Everything should be made as simple as possible, but not simpler" > - Albert Einstein > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE+Kkxh1rcusafx20MRAnmrAJ9u5i/rQ96RCo6xI0QrErHR0+2XSACgippf > 7VVvF1gesGk36vpGthVcsnw= > =qmeN > -----END PGP SIGNATURE----- > >
