On Monday, January 30, 2012 09:54:46 PM, Allen Weiner wrote: > I own a year-2000 Dell Dimension L PC (Celeron 533 MHz, 512 MB RAM, 10 > GB HDD) that I'm not using. Due to some dissatisfaction I have with my > DSL modem/router, I thought it might be a worthwhile learning exercise > to set up this PC as a Linux router.
It's worthwhile to start with a PC for the learning experience, but not worthwhile to stick with desktop PCs due to hardware reliability issues. > I have two main questions: > > Q1: Which distro to choose For a firewall it doesn't matter, because it mainly boils down to iptables and kernel modules for iptables, which any distribution has. I'd say either use what you know and like already, or try the distrubution you think you would like to know better. > Q2: How do I proceed after the distro is installed You can either study iptables (or pf as you mention) and make your own script to build the firewall rules directly (which oddly enough is the most popular option), or you can try using a firewall package like shorewall, smoothwall, or many many others. > I hope to attend Wednesday's meeting and will try to arrive well before > 6 PM. Perhaps someone would be willing to discuss these questions with > me at that time. > > Background: My Internet connection is 1 Mbps DSL. My LAN consists of two > PC's. Usually only one PC is in use at a time. The LAN is wired only, no > wireless. None of the above matters. An embedded 486 is enough to run a Linux firewall. Iptables rules are run inside the kernel, and the CPU usage is minimal. [Running 'top' will typically use a lot more CPU than iptables rules will.] > The main reason I'm considering a Linux router is to have a firewall > external to my PC. My DSL modem/router (Westell 6100) offers a firewall. > However, the firewall uses a proprietary interface (instead of iptables > or pf) which is poorly documented and which I don't understand. > Secondly, my DSL modem/router continually does network discovery. All > day long it probes ports on my PC and these probes are intercepted and > logged by iptables. The network discovery thing can be a bit ugly. I've seen that before also -- some print servers do that too for some reason. If you like watching the blinking lights on the firewall/router/switch and like them to make sense, constant network discovery messes that up. > Which distro?: pfsense seems tailor made for my needs. However it uses > the pf firewall interface rather than iptables. I've invested a lot of > effort trying to learn iptables. Chris Knadle installed Debian on his > Alix router. However, Chris was already a long-term Debian user. Right. I was using Slackware for Linux firewalls before that, starting in 1998. I switched to Debian in 2000 because Slackware was too difficult to keep up-to-date. [And in 1998 I was doing network address translation to share a 28.8k modem link with 4 computers in a house.] > Another possibility is the X86 port of DD-WRT. This seems more appropriate > for a wireless LAN. WRT or DD-WRT is a good alternative (regardless of wired or wireless), and you can get a WRT54GL for $50 which has extra RAM to allow running some of the larger versions of DD-WRT. http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190&Tpk=WRT54GL I don't personally run DD-WRT (yet) but friends that do like it. Includes the ability to log in via ssh and get a command line, from what I understand, as well has a web GUI. Should be able to do most of what you'd want. > A known disadvantage of using an old PC as a router is high power > consumption. According to wikipedia, the TDP of the Celeron 533 MHz is > 28 watts (not too bad). Power comsumption is higher but not the real problem: the real issue is reliability. Fans collect dust and eventually get bearing failure, and both hard disks and power supplies tend to fail. For whatever reason, when I used PCs for firewalls they typically lasted only maybe a year or two before it would die. Happened often enough that I'd keep a spare computer next to the first one so that when it died I could just switch. /That/ is actually the reason I switched over to using embedded Linux boxes with no moving parts -- and not simply because they are lower in power and quieter -- that's just a nice side benefit. As it happens in the last few days I've been upgrading the install procedure for installing Debian onto the Alix2c3 boxes I have, and I've been running into problems with a couple of the fast CompactFlash cards. Installing the bootable portion of Grub2 seems to corrupt the ext2 filesystem after installation, and sometimes the ext2 filesystem gets superblock corruption during file installation. I suspect this has something to do with the CF card internal wear-leveling reordering sectors, but don't have a way of verifying it. I've also in the past few days set up BOOTP to allow doing an Linux install over PXE boot and using a serial console for the install, which is kind of neat. Haven't documented that part yet but I can point you to resources for how to set this up if you need it. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Feb 1 - Home Networking Made Simple with Amahi Home Server Mar 7 - Desktop Shootout - 9th Anniversary of MHVLUG Apr 4 - An Intro to Chef
