I got about halfway through the instructions on LEAF, and it was going very well. Then I realized: I just killed my last Windows box recently, and my stations are all now more tightly secured than my (decrepit) firewall was. With all secure machines, there's no need to go to something as hardcore as LEAF. I'm just going to use Debian. On Tue, 6 Aug 2002, Robert Bushman wrote: > You mention Debian, to which I have just converted. > It is fantastic. apt-* makes command line > administration a breeze, which is a bonus for > keeping your gateway secure. > > That said, there are a number of projects > specifically targetting this application. > Have you looked at, for example LEAF (Linux > Embedded Appliance Firewall)? > > http://sourceforge.net/projects/leaf/ > http://linuxjournal.com/article.php?sid=4772 > > Basically, you create a bootable media with > the correct ethernet drivers and configuration > parameters. Remove the hard drive from the > machine you'll be using, pop in the bootable > media, and let her rip. > > Since the media is read-only, it's harder > to get a virus or worm. Upgrading is harder > than Debian - requires burning a new CD - > but corruption is impossible. I'm guessing > the initial configuration is going to require > more work, but once you have the basics down, > keeping it current should be easy. > > I've just become frustrated with my current > firewall (based on Mandrake 8.0), and am going > to give this a try in the near future. > > On Tue, 6 Aug 2002, Alaric Fox wrote: > > > Hello, this is my first post to the list, but I have been reading for a few > > weeks now (specifically, since about the time of the Maricopa County meeting). > > > > I am going to use a standard x86PC as an intelligent switch/gateway/router, and > > (at least for my first iteration -- I may transition to Free/OpenBSD later) I > > am planning on using Linux (specifically Debian, probably the new release). I > > have used/developed on unices for several years now, but I haven't done much > > administration/configuration with nonstandard setups. I plan to use 5 PCI > > ethernet cards (probably miscellaneous based on what spare parts are available) > > to connect four nodes and to an internal network using typical Linux software. > > My questions are: > > 1) Will this work 'out-of-the-box', or will I need to compile a custom kernel to > > support all 5 adapters? > > 2) Does anyone see any problems I may run into with this setup that, as a new > > user, I might not know exist? I assume I'll have to create new devices > > (/dev/eth0-4 or whatever). > > > > Thank you, > > Alaric > > > > > > ________________________________________________ > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -------------------------------------------------------------------- > 'Microsoft also warned today that the era of "open computing," the > free exchange of digital information that has defined the personal > computer industry, is ending.' > > http://www.nytimes.com/2002/07/25/technology/25NET.html > > Will Microsoft permit you to use your mission critical data when > you need it? Linux will, and you have the source to prove it. > -------------------------------------------------------------------- > > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -------------------------------------------------------------------- 'Microsoft also warned today that the era of "open computing," the free exchange of digital information that has defined the personal computer industry, is ending.' http://www.nytimes.com/2002/07/25/technology/25NET.html Will Microsoft permit you to use your mission critical data when you need it? Linux will, and you have the source to prove it. --------------------------------------------------------------------