Hi all, Currently at work we use a commercial product called "Gnatbox", which, I believe, is a BSD derivative running on a floppy disk. They have a pretty UI and all, but I''d feel much safer/happier with a GNU/Linux box and Shorewall doing the same thing. In fact, I''m doing something very close to this at home using Openwrt and Shorewall on my WRT54G router, but I need something that''ll run on a PC (more umph and more interfaces). I looked at Bering, but from the looks of it, the project is slow and possibly not active. In theory, I''d like something that''s designed to be placed on a CD or USB Pen Drive then loaded into RAM. Then I could consider putting other things on it, like a DHCP server (like the home router). I''m not against putting my own together, but this seems like something so obvious that someone else must have done it already. - Serge Wroclawski
On Friday 05 November 2004 08:39, Serge Wroclawski wrote:> Currently at work we use a commercial product called "Gnatbox", which, I > believe, is a BSD derivative running on a floppy disk. They have a pretty > UI and all, but I''d feel much safer/happier with a GNU/Linux box and > Shorewall doing the same thing. > > In fact, I''m doing something very close to this at home using Openwrt and > Shorewall on my WRT54G router, but I need something that''ll run on a PC > (more umph and more interfaces). I looked at Bering, but from the looks of > it, the project is slow and possibly not active.The LEAF project, of which Bering is one component, is very much active. Most Bering development effort has transitioned over to Bering-uClibc: http://leaf.sourceforge.net/mod.php?mod=userpage&menu=910&page_id=36 I''m using LEAF Bering-uClibc at home and at work. Home: 486DX 100Mhz shoebox PC with 4MB DiskOnChip, 32 MB RAM -- Three interfaces (2 wired, 1 wireless) running Shorewall, dnsmasq, squid Work: Pentium 150MHz, 2GB HDD, 32 MB RAM -- Two interfaces (both wired), running Shorewall. The system at work is the firewall for our DMZ. Behind it sits another PC running a full(er) Linux with Shorewall doing masquerading for our users. Bering-uClibc is great, and the mailing list is active. I encourage you to check it out. Cheers, Scott
Scott Merrill wrote:> The LEAF project, of which Bering is one component, is very much active. Most > Bering development effort has transitioned over to Bering-uClibc: > http://leaf.sourceforge.net/mod.php?mod=userpage&menu=910&page_id=36 > > I''m using LEAF Bering-uClibc at home and at work. > Home: 486DX 100Mhz shoebox PC with 4MB DiskOnChip, 32 MB RAM > -- Three interfaces (2 wired, 1 wireless) running Shorewall, dnsmasq, squid > Work: Pentium 150MHz, 2GB HDD, 32 MB RAM > -- Two interfaces (both wired), running Shorewall.I concur with Scott, Bering + Bering-uClibc are about the most flexible, for their size, one will ever find around. Personally, I''ve been running Bering on my old Compaq 486 DX4 for years, without any hitches at all. Getting a poor floppy to fit a 2.4.x kernel, with Shorewall + netfilter, ssh + sshd, tinydns + dnscache for DNS, dhclient, along with netutils, is by and far an achievement all its own by the developers. My WinXP, Slackware/Win98 and OpenBSD boxes have never, ever complained with that 486 acting as the traffic cop, check out those two mini-distros more closely, it''s certainly worth your while.... Regards, -- Patrick Benson Stockholm, Sweden
Serge Wroclawski wrote:>Hi all, > >Currently at work we use a commercial product called "Gnatbox", which, I >believe, is a BSD derivative running on a floppy disk. They have a pretty >UI and all, but I''d feel much safer/happier with a GNU/Linux box and >Shorewall doing the same thing. > >In fact, I''m doing something very close to this at home using Openwrt and >Shorewall on my WRT54G router, but I need something that''ll run on a PC >(more umph and more interfaces). I looked at Bering, but from the looks of >it, the project is slow and possibly not active. > >In theory, I''d like something that''s designed to be placed on a CD or USB >Pen Drive then loaded into RAM. Then I could consider putting other things >on it, like a DHCP server (like the home router). > >I''m not against putting my own together, but this seems like something so >obvious that someone else must have done it already. > >- Serge Wroclawski > > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > > >Hi! Have you seen Devil-Linux? http://www.devil-linux.org It is a CD based live distro that includes Shorewall, FreeSWan (soon to be OpenSWan) for IPSEC VPN,SSH, DHCP server, and lots more. It runs in RAM (no hard drive needed), and all config files are on floppy, usb pen drive, or if you are really sure you have your final configuration, they can be burnt onto the cd, too. I work for a hotel, and I use Devil-Linux for our router/firewall. We have 1.5MB business DSL with a static IP addy, 5 NICs in the router, 1 for the internet, 1 each for 2 local subnets (1 for the hotel guest rooms, 1 for the hotel staff network, and both subnets have their own DHCP server), and 2 NICs in DMZs for whatever I can dream up uses for in the future. I used this to replace a Cisco 2611. This was my very first router build, and it worked perfectly on the first try, almost.... Devil-Linux worked perfectly on the first try; I am a Linux noob, so my abillities to properly config worked almost perfectly on the second or third try. Or the fourth..... I am the maintenance man for this hotel. I plunge toilets and change light bulbs, and have learned to maintain the LANs and computers the hard way, ie, I am entirely self taught . If I can make a penguin fly, using DL, anyone can. I am really happy with this distro for a live (no HDD) router / firewall. Charlie Turner
You may or may not also want to check out Smoothwall as a solution. Although it doesn''t include shorewall, it is a CD-based linux firewall distribution with a lot of useful features and a fairly intuitive GUI interface. On Fri, 05 Nov 2004 23:42:36 +0100, Patrick Benson <benson@chello.se> wrote:> Scott Merrill wrote: > > > > > The LEAF project, of which Bering is one component, is very much active. Most > > Bering development effort has transitioned over to Bering-uClibc: > > http://leaf.sourceforge.net/mod.php?mod=userpage&menu=910&page_id=36 > > > > I''m using LEAF Bering-uClibc at home and at work. > > Home: 486DX 100Mhz shoebox PC with 4MB DiskOnChip, 32 MB RAM > > -- Three interfaces (2 wired, 1 wireless) running Shorewall, dnsmasq, squid > > Work: Pentium 150MHz, 2GB HDD, 32 MB RAM > > -- Two interfaces (both wired), running Shorewall. > > I concur with Scott, Bering + Bering-uClibc are about the most flexible, > for their size, one will ever find around. Personally, I''ve been running > Bering on my old Compaq 486 DX4 for years, without any hitches at all. > Getting a poor floppy to fit a 2.4.x kernel, with Shorewall + netfilter, > ssh + sshd, tinydns + dnscache for DNS, dhclient, along with netutils, > is by and far an achievement all its own by the developers. My WinXP, > Slackware/Win98 and OpenBSD boxes have never, ever complained with that > 486 acting as the traffic cop, check out those two mini-distros more > closely, it''s certainly worth your while.... > > Regards, > -- > Patrick Benson > Stockholm, Sweden > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Another CD based and cfg on a floppy is M0n0Wall http://m0n0.ch/wall/. On Fri, 5 Nov 2004 19:08:20 -0600, Gary Buckmaster <inherently.evil@gmail.com> wrote:> You may or may not also want to check out Smoothwall as a solution. > Although it doesn''t include shorewall, it is a CD-based linux firewall > distribution with a lot of useful features and a fairly intuitive GUI > interface. > > On Fri, 05 Nov 2004 23:42:36 +0100, Patrick Benson <benson@chello.se> wrote: > > Scott Merrill wrote: > > > > > The LEAF project, of which Bering is one component, is very much active. Most > > > Bering development effort has transitioned over to Bering-uClibc: > > > http://leaf.sourceforge.net/mod.php?mod=userpage&menu=910&page_id=36 > > > > > > I''m using LEAF Bering-uClibc at home and at work. > > > Home: 486DX 100Mhz shoebox PC with 4MB DiskOnChip, 32 MB RAM > > > -- Three interfaces (2 wired, 1 wireless) running Shorewall, dnsmasq, squid > > > Work: Pentium 150MHz, 2GB HDD, 32 MB RAM > > > -- Two interfaces (both wired), running Shorewall. > > > > I concur with Scott, Bering + Bering-uClibc are about the most flexible, > > for their size, one will ever find around. Personally, I''ve been running > > Bering on my old Compaq 486 DX4 for years, without any hitches at all. > > Getting a poor floppy to fit a 2.4.x kernel, with Shorewall + netfilter, > > ssh + sshd, tinydns + dnscache for DNS, dhclient, along with netutils, > > is by and far an achievement all its own by the developers. My WinXP, > > Slackware/Win98 and OpenBSD boxes have never, ever complained with that > > 486 acting as the traffic cop, check out those two mini-distros more > > closely, it''s certainly worth your while.... > > > > Regards, > > -- > > Patrick Benson > > Stockholm, Sweden
> Another CD based and cfg on a floppy is M0n0Wall http://m0n0.ch/wall/.But it''s not Linux and not Shorewall based. Simon> > > On Fri, 5 Nov 2004 19:08:20 -0600, Gary Buckmaster > <inherently.evil@gmail.com> wrote: >> You may or may not also want to check out Smoothwall as a solution. >> Although it doesn''t include shorewall, it is a CD-based linux firewall >> distribution with a lot of useful features and a fairly intuitive GUI >> interface. >> >> On Fri, 05 Nov 2004 23:42:36 +0100, Patrick Benson <benson@chello.se> >> wrote: >> > Scott Merrill wrote: >> > >> > > The LEAF project, of which Bering is one component, is very much >> active. Most >> > > Bering development effort has transitioned over to Bering-uClibc: >> > > http://leaf.sourceforge.net/mod.php?mod=userpage&menu=910&page_id=36 >> > > >> > > I''m using LEAF Bering-uClibc at home and at work. >> > > Home: 486DX 100Mhz shoebox PC with 4MB DiskOnChip, 32 MB RAM >> > > -- Three interfaces (2 wired, 1 wireless) running Shorewall, >> dnsmasq, squid >> > > Work: Pentium 150MHz, 2GB HDD, 32 MB RAM >> > > -- Two interfaces (both wired), running Shorewall. >> > >> > I concur with Scott, Bering + Bering-uClibc are about the most >> flexible, >> > for their size, one will ever find around. Personally, I''ve been >> running >> > Bering on my old Compaq 486 DX4 for years, without any hitches at all. >> > Getting a poor floppy to fit a 2.4.x kernel, with Shorewall + >> netfilter, >> > ssh + sshd, tinydns + dnscache for DNS, dhclient, along with netutils, >> > is by and far an achievement all its own by the developers. My WinXP, >> > Slackware/Win98 and OpenBSD boxes have never, ever complained with >> that >> > 486 acting as the traffic cop, check out those two mini-distros more >> > closely, it''s certainly worth your while.... >> > >> > Regards, >> > -- >> > Patrick Benson >> > Stockholm, Sweden > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >