is it just me, or is the 1.4.21 version iso of IPCop not available yet? http://sourceforge.net/project/showfiles.php?group_id=40604&package_id=35093 Eric On Thu, Jun 4, 2009 at 3:51 PM, Eric Shubert wrote: > I guess this would make IPCop is a bit geeky. It's based on LFS, and you > can compile the whole thing if you'd like. ;) (Instructions are on the > web site) > > kitepilot@kitepilot.com wrote: > >>> Any extra/unwanted packages which come in a standard distro, > >>> but which aren't needed for a router, have been removed > > The best (GEEKY) firewall is an LFS installation running iptables. > > You just NEVER install "any extra/unwanted package" to begin with. :) > > I understand it is not for everyone though, but I couldn't resist... 8) > > ET > > > > PS: For the "uninitiated": > > LFS=http://www.linuxfromscratch.org/ > > > > > > > > > > Alex Dean writes: > > > >> On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote: > >> > >>> Maybe most people would disagree with me on this but I don't think > >>> there's too many advantages to runnning IPcop over a standard linux > >>> distro in the first place if you're only looking to use it as a > router. > >>> Any router or firewall distro is more or less an iptables frontend > >>> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in / > >>> etc/sysctl.conf and there should be an iptables rule for nat, run > >>> iptables-save and look for a rule that says either -j SNAT --to- source > >>> or -j MASQUERADE, if your existing iptables rules don't have that run > >>> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE' where $EXTIF > is > >>> your external interface (probably eth0 or eth1), and then you have a > >>> fully functional router. > >> If you know what you're doing, I agree there isn't any difference. But > >> the set of people who might want a good firewall/router is much larger > >> than the set of people who are really comfortable with iptables, and > >> that's where IPCop & other distros like it fit in really well. > >> > >> There are other benefits besides iptables ease. Any extra/unwanted > >> packages which come in a standard distro, but which aren't needed for a > >> router, have been removed (and are therefore not exploitable). > >> Configuring multiple interfaces for multiple networks is really simple. > >> Etc... > >> > >> alex > > > -- > -Eric 'shubes' > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Eric Cope http://cope-et-al.com