Yes, any distro can certainly be configured as a firewall.
The primary advantage I see in using a "firewall distro" is that it's
just plain easier, meaning that you don't need as high a level of
expertise in order to make it work. Personally, I'd rather let the
people who do IPCop worry about the intricacies of iptables and other
aspects of firewall functionality (i.e. VPNs). There's also less of a
chance of me screwing something up that way. Using a tailored distro is
a way to leverage OPK (Other People's Knowledge). Why re-invent the
wheel? Then again, if you're comfortable and proficient with iptables
and OpenVPN (or IPSec or whatever), I expect you'd be perfectly
comfortable "rolling your own".
Paul Mooring wrote:
> Maybe most people would disagree with me on this but I don't think
> there's too many advantages to runnning IPcop over a standard linux
> distro in the first place if you're only looking to use it as a router.
> Any router or firewall distro is more or less an iptables frontend
> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in
> /etc/sysctl.conf and there should be an iptables rule for nat, run
> iptables-save and look for a rule that says either -j SNAT --to-source
> or -j MASQUERADE, if your existing iptables rules don't have that run
> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE' where $EXTIF is
> your external interface (probably eth0 or eth1), and then you have a
> fully functional router.
>
> On Thu, 2009-06-04 at 12:57 -0700, Eric Shubert wrote:
>> Nadim Hoque wrote:
>> > Hey
>> >
>> > So I was wondering if I could use my fedora machine as a router for my house. I did find a pretty good guide on how to do it but I think it assumes u are using 1 ethernet card. I know I should disable dhcp on my router and install and start dhcp on my fedora box. I also know that I should connect the ethernet cable from the modem to one of the ethernet ports on my fedora box and the other cable to a switch. The reason why I am doing a dhcp using fedora instead of ipcop is because I don't have another box to spare. Also is there a good web based gui front end as well similar to ipcop. By the way I do have a regular router that works but I would like to try this and if not I could go with ipcop or m0n0wall.
>> >
>> > Nadim
>> > Nadim Hoque
>> > Cell: 480-518-6235
>> > Address: 6302 West Kent Drive
>> > Chandler, Arizona 85226
>> > Sent via BlackBerry from T-Mobile
>> >
>>
>> That would be possible of course, but not recommended. Too many mixed
>> kinds eggs in the same basket, so to speak.
>>
>> To do so, you'll need to have IP forwarding turned on, and you'll need
>> to set up NAT as well. I must admit that I did this with a samba server
>> before installing my first IPCop box. I'd only do it again if absolutely
>> necessary.
>>
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss