David Demland wrote: > > Has anyone installed Storm Linux. I am trying to put together a Firewall for > our T1. I wanted a Debian version of Linux because of what I have read here > about it for security. When installing all has seemed to go well until the > computer reboots. When the syslogd is started the computer hangs. I have > tried a custom install was well as the regular install. In all cases the > reboot hangs. > > Does anyone have an idea? I had a system that did that once, but it was overclocked to much for the temperature environment it was in. (I get cold easily, and so I often shut my vents... I know its horrible for the hardware, but 70F is just too cold for me unless I am active. Typing with purple hands sucks... so its often up to 85 or 90 in here, although I usually prefer about 78.. my aunt sets the A/C to 67 to 69 tho!!! Glad I am tall enough to shut the ceiling vents by just reaching up!) Other than hardware failures, theres a few remaining possibilities: Something that starts right after syslogd hangs the system (ldconfig?) Syslogd is the first thing that actually attempts to WRITE to disc, and there are issues with the driver/kernel you are now using instead. Try disabling UDMA in BIOS if you have it, UDMA probably wouldnt be too critical for a firewall anyways, right? -- Regarding the general issue of security, if the computer is ONLY to be used as a firewall, the best way to ensure that it is secure is to have absolutely ONLY what you need on it, and allow telnet logins only from the LAN side. Web server, X, and videogame security issues are nonexistant if these things are not installed on the system to start with! Internet Junkbuster is a pretty decent HTTP proxy (seems to work for HTTPS as well. Not sure if this is handled differently or not, or even if it needs to be) that also has the ability to block advertizements (or any other unwanted web content... if this is for a low-bandwidth network, block common extentions for large files..). You can use it to let people OUT of the firewall, if you dont wish to use transparent proxying (or masquerading, even). While security isnt its primary goal (being able to block URLs based on strings, to block advertizing and intrusive web-tracking IS its goal), since the source-code is available, its unlikely to contain any nasty surprises. It can be had at: http://www.junkbusters.com/ Also, the less interesting a machine is (less stuff installed), the less likely it is that it will be tampered with if a genuine hacker DOES "break" into it... while not the case for vandals, there are those that simply wander around, opening doors that arent locked tight, just to see what is inside... when the contents are interesting, the temptation to stick around and play for a bit exists. Unfortunately, it is possible that such access opens other doors to vandals, or can result in something being accidently broken, so discourage it with a boring box if possible. -- jkenner@mindspring.com __ I Support Linux: _> _ _ |_ _ _ _| Working Together To <__(_||_)| )| `(_|(_)(_| To Build A Better Future. |