On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote:
> Maybe most people would disagree with me on this but I don't think
> there's too many advantages to runnning IPcop over a standard linux
> distro in the first place if you're only looking to use it as a
> router. Any router or firewall distro is more or less an iptables
> frontend anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in /
> etc/sysctl.conf and there should be an iptables rule for nat, run
> iptables-save and look for a rule that says either -j SNAT --to-
> source or -j MASQUERADE, if your existing iptables rules don't have
> that run 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE'
> where $EXTIF is your external interface (probably eth0 or eth1), and
> then you have a fully functional router.
If you know what you're doing, I agree there isn't any difference.
But the set of people who might want a good firewall/router is much
larger than the set of people who are really comfortable with
iptables, and that's where IPCop & other distros like it fit in really
well.
There are other benefits besides iptables ease. Any extra/unwanted
packages which come in a standard distro, but which aren't needed for
a router, have been removed (and are therefore not exploitable).
Configuring multiple interfaces for multiple networks is really
simple. Etc...
alex
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss