Using fedora instead of ipcop

[Alex Dean]

On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote:

> Maybe most people would disagree with me on this but I don't think  
> there's too many advantages to runnning IPcop over a standard linux  
> distro in the first place if you're only looking to use it as a  
> router.  Any router or firewall distro is more or less an iptables  
> frontend anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in / 
> etc/sysctl.conf and there should be an iptables rule for nat, run  
> iptables-save and look for a rule that says either -j SNAT --to- 
> source or -j MASQUERADE, if your existing iptables rules don't have  
> that run 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE'  
> where $EXTIF is your external interface (probably eth0 or eth1), and  
> then you have a fully functional router.

If you know what you're doing, I agree there isn't any difference.   
But the set of people who might want a good firewall/router is much  
larger than the set of people who are really comfortable with  
iptables, and that's where IPCop & other distros like it fit in really  
well.

There are other benefits besides iptables ease.  Any extra/unwanted  
packages which come in a standard distro, but which aren't needed for  
a router, have been removed (and are therefore not exploitable).   
Configuring multiple interfaces for multiple networks is really  
simple.  Etc...

alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090604/9dad317a/attachment.pgp