Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
|  ROUTER
I searched the forum here before posting this and got about 5 hits, but the discussions went slightly off topic and or over my head.
Right now I have a ZyxelP310, due to some of the programs I'm running, the NAT tables are filling up and choking my connection.
I just (20 min ago) came into possession of a P2 233, 96MB RAM, 2 10bT NICS, Intel 440LX MB, 2x 3GB HD, 52xCD rom & floppy - it's all put together, nice case even. Even got a KB and monitor.
I'm looking for an easy to setup/get started router/firewall solution. Once I get it started, I'll be able to play and break it, but I'd like something easy to start. If it caches DNS, cool, if not I've already got them manually entered on each of my PCs. Other than that I just need to be able to forward several ports. Be nice if I could just telnet (or web, whatever) into it as well, vice leaving a KB & monitor hooked to it.
I've played with *nix before, nothing in depth though. Not a total virgin, this is like my second date.
I've seen a few refs to smoothwall and clarkconnect, I'm reading the Smoothwall docs as soon as I post this.
Thanks,
Mike
--
Drugs are bad....um'kay. |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| mike,
ill put my vote for clarkconnect!
its great, they keep it well up to date, and has everything you are asking for. Smoothwall is great too, but my main issue with it is that they arent very good in keeping it up to date. They still have their iptables version in beta.. if you dont mind using ipchains, they smoothwall will work as well..
clarkconnect, imho, offers more modules. That can be a good thing or a bad thing, depending on what you want the box to have.. a basic router and firewall, anyone will do just fine!
the 2.0 version just came out as beta. Id stay clear of it for a bit, so if you do try it, get the 1.3 version.
BTW, if you know linux or dont, you use very little bit of it admin'ing the box.. its mostly done via the website 
--
"Forewarned is forearmed..." -gwion |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA | reply to Mike_0580a
even better I just got ahold of 2 10/100 3com nics.
--
Drugs are bad....um'kay. |
|
Gigantopithi
join:2000-08-08
Homewood, IL
clubs: 
| reply to Mike_0580a
I've not used clarkconnect, but I trust phriday's opinion on this. Clarkconnect has a lot of features... however, I'm not sure how fast they come up with security patches. The extra features in clarkconnect come at the cost of security, if that is a big issue for you. I assume that you can disable features that may present a security risk (e.g. file and print sharing on clarkconnect).
A more secure alternative (and using less hardware) is bbiagent found at »www.bbiagent.net. Its a floppy-based router with iptables, nat, and some minimal bandwidth shaping. You won't need the hds, cdrom, video card with bbiagent. All post-configuration stuff is done thru a web-based form which you access from another computer on your lan. Downside is at a reboot, you loose your post-configuration stuff... but I just print out the configuration and set it aside for those unlikely instances where reboot is necessary. It may save the post-configuration stuff to disk... I'm not sure as I made my floppy read-only (for security reasons).
--
"Mathematics may be defined as the subject where we never know what we are talking about, nor whether what we are saying is true."--Bertrand Russell |
|
keno5net
join:2002-01-05
Milwaukee, WI
clubs:
| reply to Mike_0580a
Here is another single floppy distro that uses IP tables and Shorewall firewall. It can be set up to run from a floppy, HDD,floppy and cd, or a bootable rom device. I like it because once it is set up to boot from the fdd you can write protect the disk and it will restart with a fresh system any time it reboots. No drive shutdown improperly errors. That way I can run it without any keyboard or monitor and if there is a problem a simple reboot fixes it.
»leaf.sourceforge.net/mod.php?mod···ge_id=21 |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| reply to Mike_0580a
Does clarkconnect do NAT? I've been looking at their website all day and am not seeing a direct reference to NAT. I did find a DHCP server module.
Since I've got 2 HDs with this thing, I think I'll try smoothwall and clarconnect - one on each - just manually swap the cable.
Please keep the comments coming - I'll let you know how it goes.
Mike
--
Drugs are bad....um'kay. |
|
callihn4
join:2002-01-10
Space
| reply to Mike_0580a
Here are few I have found around the net, in no specific order, well maybe in interest:
»www.keeper.org.uk/
»www.bbiagent.net/
»www.zelow.no/floppyfw/index.html
»edge.fireplug.net/latest/dial.htm
--
If Operating Systems Were Women? : »www.sigkill.com/os/ |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| reply to Gigantopithi
yes, clarkconnect does do NAT, in fact most (if not all) of these distros use NAT behind them..
as others mentioned, floppy based distros are also a good idea! less to worry about and simple to run! Ya cant go wrong with an entire linux distro on 1.44mb that handles EVERYTHING!
clarkconnect is good if you want to tweak around the linux OS, but if you want something that works with less space, then a floppy based distro is your way to go.. clarkconnect also provides a free dynamic domain name for your computer if you register (totally free, so they can keep track of your name) and their forums are a good means of assistance. There is also an external support website that also provides great tweaks!!
clarkconnect is VERY good with updates. They release them within a week, ive seen as late as like 4 days (with the snort RPC issue) either way, its based on RH7.3, so you can update via RPM.
i would suggest using one of the distros, and leave the other HD for Squid proxy.. this way you can cache the websites you use and maybe run a banner ad killer or website filter on it as well? it needs the space, so you would format the other HD and mount it in the squid cache folder (im assuming).
--
"Forewarned is forearmed..." -gwion |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
|  reply to Mike_0580a
how stupid am i!!!
i forgot to mention OpenBSD!
i use it and its been great so far! Its well known for its security and (after time and time again) wasnt so bad to get ready for pppoe. My firewall rules provide ingress AND egress filtering AND openbsd comes with builtin support for bridging, ipsec, and apache and sendmail.. its on a floppy to boot, and took no more then 30 minutes to install on my first shot.. second took 20
i can provide you all of my files to get you started and working, if you'd like
--
"Forewarned is forearmed..." -gwion |
|
callihn4
join:2002-01-10
Space | I am sure someone would like them. Please do share.
Thanks |
|
Jetoni
Premium
join:2001-04-18
West Springfield, MA
| said by callihn4  :
I am sure someone would like them. Please do share.
Thanks
I second that !
--
When in doubt;
Windows; Reboot
Unix; RTFM!
If I have to explain, you wouldn't understand! |
|
ABR
Premium
join:2001-07-31
| reply to Mike_0580a
I tried IPCop and Smoothwall and liked them both. What I really wanted was a true linux box with routing capabilities but I could not get IPTables configured correctly. I d/l FireStarter this past weekend...reinstalled RH 8.0 and then installed FireStarter. I now have a linux box that routes and acts as a fw. Check this site out: »www.linux-firewall-tools.com/linux/ |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| reply to Mike_0580a
Here's where I'm at so far:
clarkconnect was giving me a hard time DLing the ISO (got it now), so I downloaded smoothwall and got it running
I ran into a problem though. I'm on cable, I need to be able to clone the MAC of this PC via the router. This is a feature of most SOHOs (my zyxel included), so as soon as I connect through the smoothwall, my connection drops.
Smoothwall is out the door anyway - allows all connections port 1024 and above (!?!). Can't determine via the docs is that's incoming, outgoing or both.
Anything that can meet and exceed my P310 is up for grabs, be it on a floppy or a fulll install - the machine I listed above is what I have and it's what I'm going to use, no other use for it - lol.
Gonna play with clark now and see if it can clone - no sign of that feature in the docs either.
Mike
--
Drugs are bad....um'kay. |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| reply to Mike_0580a
mike,
try openbsd.. @ »www.openbsd.org
check out this link. It should help you going.
»mlowe.phpwebhosting.com/pages/openbsd.html
i have my pf (firewall rules file) that ill post when you get it setup. You can easily tweak that for a real kick ass firewall. Like i said, you tell it what you want to access out and in, and you're all set! Its real stern, so you have to train it to what you use..
you also set up NAT, yourself. Its not too bad. I used this link as my reference, as i use PPPoE, but you can use it as well, and disreguard the pppoe stuff.. spoofing a MAC shouldnt be too hard either way, check out the first link and see if its useable for you!
--
"Forewarned is forearmed..." -gwion |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| reply to Mike_0580a
If you're not totally averse to paying for a solution, Astaro is pretty slick. Friend of mine at work has it running at home and it's pretty cool. Home use has a free license. Virus and surf protection modules cost extra.
-tom
--
You can be only -so- accurate with a sledgehammer. |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| reply to Mike_0580a
I am totally anti paying  especially since I have a router already (pretty cool one, just dated and getting overwhelmed).
Figured out how to spoof the mac "ifconfig ethx hw ether mac:address". Just need to figure out where to do it from - and make sure I hit the right NIC.
Clark is setting up right now, I'm making dinner, kinda doing 12 things at once.
Open BSD is next.
Mike
HEH
From the link:
Setting up an OpenBSD firewall is a straightforward process. OK This paper assumes that you have already installed OpenBSD 3.1 I'm sure I can do that and that you are comfortable in a UNIX environment DOH!.
[text was edited by author 2003-06-16 22:33:57] |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by Mike_0580a :
I am totally anti paying especially since I have a router already (pretty cool one, just dated and getting overwhelmed).
Notice that the for pay piece was only the anti-virus and web junkbuster. The major components are free.
But, any way.
-tom
--
You can be only -so- accurate with a sledgehammer. |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| reply to Mike_0580a
either way mike, my AIM name is the same as my login for DSLR.. if you have any q's im not a BSD pro, but i got it working
ive also used clarkconnect..
--
"Forewarned is forearmed..." -gwion |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| reply to Mike_0580a
It does look kinda kick ass but it's hardware reqs are higher than what I have.
Hardware Requirements
· 400 MHz CPU, 128 MB RAM
· 8 GB IDE or SCSI HDD
· Bootable CD-ROM Drive
· PCI Ethernet Networkcards (up to 20)
Throughput with a 1266 MHz CPU
· 730 MBit/s Packet Filter
· 115 MBit/s IPSec VPN
· 6,000 email/hour (10KB e-mails) with Virus Protection
Thanks for the link though.
Mike
--
Drugs are bad....um'kay. |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| reply to Mike_0580a
mike, thats the MAX it handled for that case!
your specs are fine.. my openbsd box is only 166mhz with 32mb of ram, and it works just fine!
--
"Forewarned is forearmed..." -gwion |
|
