I am quite new to Linux and have moved (almost) from a windoze NT4 environment. My present configuration is running SuSE V 8.0 with KDE3.0.5 desktop on two machines, connecting with Samba to an NT4 PC, and an occasional laptop or other PC that connects locally to the network. After a deal of searching, researching, and seeking advice I have decided to use Shorewall as my firewall. Presently, my internet connection is via the NT4 PC and as you would expect is subject to shutdowns for little changes or for the dreaded BSOD''s which is a pain in the neck.>From reading the support documents it appears that the basicconfiguration I would start with is the Two Zone setup. I don''t believe that I have any need at this stage for a DMZ. (I would listen to any advice though!) My questions therefore relate to hardware and the firewall arrangement. 1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both with minimum RAM, as well as a couple of small HDD 450 & 850MB. Which of these would be the better to use as the FW, and how does this FW PC impact on the performance of my small network (basically Pentium 111 PC''s). Or are these PC''s inadequate for the task? I can upgrade if necessary. 2. I am also going to change my external faxmodem which I use to send & receive faxes from the windows pc to run under Linux probably using Hylafax. Should this be installed on the FW pc, or on a PC within the local zone. Your advice would be appreciated. -- John Blue, PO Box 542 Mawson ACT 2607 Australia email: jblue@bestpond.com Fax: +61 2 6291 1119 This email has been pre-scanned using the latest Anti Virus software for your peace of mind. Please remember to maintain your own anti virus up to date with the latest reference files.
On Tuesday 14 January 2003 09:01 pm, John Blue wrote:> My questions therefore relate to hardware and the firewall > arrangement. > > 1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both > with minimum RAM, as well as a couple of small HDD 450 & 850MB. > Which of these would be the better to use as the FW, and how does > this FW PC impact on the performance of my small network > (basically Pentium 111 PC''s). Or are these PC''s inadequate for the > task? I can upgrade if necessary.Even the 486 could pass tghe packets, thats not too big of a job. The difficulty is getting a good linux install on that box, as most distros don''t really ship a plain jane i386 kernel anymore. I''d go with the p200, and you might just be able to get it all to fit on the 850 meg disk, but use them both if you got no other use for them (and most folks have no use at all for disks that small, I got a stack of them here). Scrounge 64meg of memory, at least or its tricky to get it installed, 96meg works fine as long as you don''t install X. Typically you end up with a few more things running on your gateway, such as squid and maybe a family web server, and a mail server etc. At home I have a P133 sitting in a corner running a minimal SuSE installation, sendmail, ssh, and Shorewall. Other boxes inside that firewall surf the web just as fast as those outside the firewall. It doesn''t take much to shuffel packets. A pentium 90 might even suffice.> 2. I am also going to change my external faxmodem which I use to > send & receive faxes from the windows pc to run under Linux > probably using Hylafax. Should this be installed on the FW pc, or on > a PC within the local zone.It matters not a bit where hylafax is installed unless you want it to be reachable from outside so that other windows machines can print to fax using WHFC or some such. If only pc''s on the inside of the firewall are going to use it, then it can either be IN the firewall box itself, or on another linux box somewhere inside. I''ve done it both ways, but it is recommended that you do not let outsiders access it via WHFC because of insecurity problems. Hylafax is a bit tricky to get working right, but seems to work fine once you do get it setup. Hint: The modem configuration script where you answer 20 questions does at best a halfassed job of configuring the modem. Review its output line by line with the hylafax documentation or it will never work. -- John Andersen - NORCOM http://www.norcomsoftware.com/
Hi John,> On Tuesday 14 January 2003 09:01 pm, John Blue wrote: > > > My questions therefore relate to hardware and the firewall > > arrangement. > > > > 1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both > > with minimum RAM, as well as a couple of small HDD 450 & 850MB. > > Which of these would be the better to use as the FW, and how does > > this FW PC impact on the performance of my small network (basically > > Pentium 111 PC''s). Or are these PC''s inadequate for the task? I can > > upgrade if necessary. > > Even the 486 could pass tghe packets, thats not too big of a job. The > difficulty is getting a good linux install on that box, as most > distros don''t really ship a plain jane i386 kernel anymore. > > I''d go with the p200, and you might just be able to get it all > to fit on the 850 meg disk, but use them both if you got no other use > for them (and most folks have no use at all for disks that small, I > got a stack of them here).Yes I have a couple of those floating around, but if I get stuck I have a spare 20Gb (very much overkill!) I recall being rather shocked when my original CP/M computer released a new model with a huge 5Mb Hard disk :)>Scrounge 64meg of memory, at least or its > tricky to get it installed, 96meg works fine as long as you don''t > install X. >I think I have 128Mb ram floating here that should fit the pentium, so I will go that way.> Typically you end up with a few more things running on your > gateway, such as squid and maybe a family web server, and > a mail server etc. At home I have a P133 sitting in a corner > running a minimal SuSE installation, sendmail, ssh, and Shorewall. >My mail server is actually the NT box at present so I can see a move later with that.> Other boxes inside that firewall surf the web just as fast as those > outside the firewall. It doesn''t take much to shuffel packets. A > pentium 90 might even suffice. >That''s good to know I thought the FW may have been a potential choke on traffic flow.> > 2. I am also going to change my external faxmodem which I use to > > send & receive faxes from the windows pc to run under Linux probably > > using Hylafax. Should this be installed on the FW pc, or on a PC > > within the local zone. > > It matters not a bit where hylafax is installed unless you want it to > be reachable from outside so that other windows machines can print to > fax using WHFC or some such. If only pc''s on the inside of the > firewall are going to use it, then it can either be IN the firewall > box itself, or on another linux box somewhere inside. >Users would be inside the firewall, so I will see how my space ends up on the fw, I have plenty of disk space on other machines.> I''ve done it both ways, but it is recommended that you > do not let outsiders access it via WHFC because of insecurity > problems. Hylafax is a bit tricky to get working right, but seems to > work fine once you do get it setup. Hint: The modem configuration > script where you answer 20 questions does at best a halfassed job of > configuring the modem. Review its output line by line with the > hylafax documentation or it will never work.Thanks for that, sometimes I feel like I have been treading a path over broken glass, but I must confess I am overawed by the stability of Linux once each piece has been setup OK.>--> John Andersen - NORCOM > http://www.norcomsoftware.com/ >Your help and advice very much appreciated. Best wishes, John -- John Blue, PO Box 542 Mawson ACT 2607 Australia email: jblue@bestpond.com Fax: +61 2 6291 1119
Hi John At 17:01 15/01/03 +1100, John Blue wrote:>1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both >with minimum RAM, as well as a couple of small HDD 450 & 850MB. >Which of these would be the better to use as the FW, and how does >this FW PC impact on the performance of my small network >(basically Pentium 111 PC''s). Or are these PC''s inadequate for the >task? I can upgrade if necessary.Have a look at the LEAF project. http://leaf.sourceforge.net/ It''s a minimal version of Linux that''s especially suited to firewalling. The "Bering" version (available at http://leaf.sourceforge.net/devel/jnilo/) is well documented, uses Shorewall firewalling and would run adequately on either of those machines providing they have at least 16MB of RAM. I''m afraid I know nothing about the fax software you mentioned, and being blunt I think that might be a bit off topic for this list. regards Julian -- jc@ljchurch.co.uk www.ljchurch.co.uk
Hi Julian,> Hi John > > At 17:01 15/01/03 +1100, John Blue wrote: > > >1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both > >with minimum RAM, as well as a couple of small HDD 450 & 850MB. > >Which of these would be the better to use as the FW, and how does > >this FW PC impact on the performance of my small network (basically > >Pentium 111 PC''s). Or are these PC''s inadequate for the task? I can > >upgrade if necessary. > > Have a look at the LEAF project. http://leaf.sourceforge.net/ It''s a > minimal version of Linux that''s especially suited to firewalling. The > "Bering" version (available at > http://leaf.sourceforge.net/devel/jnilo/) is well documented, uses > Shorewall firewalling and would run adequately on either of those > machines providing they have at least 16MB of RAM. >Thank you for that information I will certainly have a look at the "Bering" version, I had noticed a reference to it on the Shorewall home page, but was unclear on what it was.> I''m afraid I know nothing about the fax software you mentioned, and > being blunt I think that might be a bit off topic for this list. >That''s OK, I really only put that in to give a better picture of what my set up arrangements might be. Your response is very much appreciated.> regards > > Julian > -- > > jc@ljchurch.co.uk > www.ljchurch.co.ukBest wishes, John-- John Blue, PO Box 542 Mawson ACT 2607 Australia email: jblue@bestpond.com Fax: +61 2 6291 1119 This email has been pre-scanned using the latest Anti Virus software for your peace of mind. Please remember to maintain your own anti virus up to date with the latest reference files.
John, I recently installed and configured (with the help of the Shorewall community) a small HP Vectra VL (Pentium 133, 96 Mb RAM) with three-interface setup. The disk space is: # df -k Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda5 650792 370972 246760 61% / /dev/hda1 48770 5924 40328 13% /boot none 39072 0 39072 0% /dev/shm and the memory utilization: # free total used free shared buffers cached Mem: 78144 74120 4024 0 13920 21284 -/+ buffers/cache: 38916 39228 Swap: 121932 0 121932 You can strip any of the latest distributions, to less than 400 Mb easily. Hope that helps, Trifon John Blue <jblue@bestpond.com> wrote:I am quite new to Linux and have moved (almost) from a windoze NT4 environment. My present configuration is running SuSE V 8.0 with KDE3.0.5 desktop on two machines, connecting with Samba to an NT4 PC, and an occasional laptop or other PC that connects locally to the network. After a deal of searching, researching, and seeking advice I have decided to use Shorewall as my firewall. Presently, my internet connection is via the NT4 PC and as you would expect is subject to shutdowns for little changes or for the dreaded BSOD''s which is a pain in the neck.>From reading the support documents it appears that the basicconfiguration I would start with is the Two Zone setup. I don''t believe that I have any need at this stage for a DMZ. (I would listen to any advice though!) My questions therefore relate to hardware and the firewall arrangement. 1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both with minimum RAM, as well as a couple of small HDD 450 & 850MB. Which of these would be the better to use as the FW, and how does this FW PC impact on the performance of my small network (basically Pentium 111 PC''s). Or are these PC''s inadequate for the task? I can upgrade if necessary. 2. I am also going to change my external faxmodem which I use to send & receive faxes from the windows pc to run under Linux probably using Hylafax. Should this be installed on the FW pc, or on a PC within the local zone. Your advice would be appreciated. -- John Blue, PO Box 542 Mawson ACT 2607 Australia email: jblue@bestpond.com Fax: +61 2 6291 1119 This email has been pre-scanned using the latest Anti Virus software for your peace of mind. Please remember to maintain your own anti virus up to date with the latest reference files. _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://mail.shorewall.net/mailman/listinfo/shorewall-users Visit my Web Site: http://www.dbaclick.com Tons of Oracle DBA''s scripts, articles, manuals and documents My profile: http://profiles.yahoo.com/clio_usa --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Hi Trifon,> > John, > I recently installed and configured (with the help of the Shorewall > community) a small HP Vectra VL (Pentium 133, 96 Mb RAM) with > three-interface setup. The disk space is: # df -k Filesystem > 1K-blocks Used Available Use% Mounted on /dev/hda5 > 650792 370972 246760 61% / /dev/hda1 48770 > 5924 40328 13% /boot none 39072 0 > 39072 0% /dev/shm > > and the memory utilization: > # free > total used free shared buffers cached > Mem: 78144 74120 4024 0 13920 > 21284 -/+ buffers/cache: 38916 39228 Swap: 121932 > 0 121932 > > You can strip any of the latest distributions, to less than 400 Mb > easily. > > Hope that helps, >Thanks for the advice, from the replies I have had and from my general reading I am very impressed with the general supportive atmosphere of the group. Thank you, John> Trifon > > > John Blue <jblue@bestpond.com> wrote:I am quite new to Linux and have > moved (almost) from a windoze > NT4 environment. > > My present configuration is running SuSE V 8.0 with KDE3.0.5 > desktop on two machines, connecting with Samba to an NT4 PC, > and an occasional laptop or other PC that connects locally to the > network. > > After a deal of searching, researching, and seeking advice I have > decided to use Shorewall as my firewall. > > Presently, my internet connection is via the NT4 PC and as you > would expect is subject to shutdowns for little changes or for the > dreaded BSOD''s which is a pain in the neck. > > >From reading the support documents it appears that the basic > configuration I would start with is the Two Zone setup. I don''t > believe that I have any need at this stage for a DMZ. (I would listen > to any advice though!) > > My questions therefore relate to hardware and the firewall > arrangement. > > 1. I have a spare 486-DX2-66, and a spare Pentium-200MMX both > with minimum RAM, as well as a couple of small HDD 450 & 850MB. > Which of these would be the better to use as the FW, and how does this > FW PC impact on the performance of my small network (basically Pentium > 111 PC''s). Or are these PC''s inadequate for the task? I can upgrade if > necessary. > > 2. I am also going to change my external faxmodem which I use to send > & receive faxes from the windows pc to run under Linux probably using > Hylafax. Should this be installed on the FW pc, or on a PC within the > local zone. > > Your advice would be appreciated. > > -- > John Blue, > PO Box 542 > Mawson ACT 2607 > Australia > email: jblue@bestpond.com > Fax: +61 2 6291 1119 > > > > This email has been pre-scanned using the latest Anti Virus > software for your peace of mind. > > Please remember to maintain your own anti virus up to date with > the latest reference files. > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://mail.shorewall.net/mailman/listinfo/shorewall-users > > Visit my Web Site: http://www.dbaclick.com > > Tons of Oracle DBA''s scripts, articles, manuals and documents > > > My profile: http://profiles.yahoo.com/clio_usa > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://mail.shorewall.net/mailman/listinfo/shorewall-usersThis email has been pre-scanned using the latest Anti Virus software for your peace of mind. Please remember to maintain your own anti virus up to date with the latest reference files.