Re: Using fedora instead of ipcop

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mkitepilot@kitepilot.com at <-
MEric Cope at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Shubert
Date:  
To: plug-discuss
Subject: Re: Using fedora instead of ipcop
I guess this would make IPCop is a bit geeky. It's based on LFS, and you
can compile the whole thing if you'd like. ;) (Instructions are on the
web site)

wrote:
>>> Any extra/unwanted packages which come in a standard distro,
>>> but which aren't needed for a router, have been removed
> The best (GEEKY) firewall is an LFS installation running iptables.
> You just NEVER install "any extra/unwanted package" to begin with. :)
> I understand it is not for everyone though, but I couldn't resist... 8)
> ET
>
> PS: For the "uninitiated":
> LFS=http://www.linuxfromscratch.org/
>
>
>
>
> Alex Dean writes:
>
>> On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote:
>>
>>> Maybe most people would disagree with me on this but I don't think
>>> there's too many advantages to runnning IPcop over a standard linux
>>> distro in the first place if you're only looking to use it as a router.
>>> Any router or firewall distro is more or less an iptables frontend
>>> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in /
>>> etc/sysctl.conf and there should be an iptables rule for nat, run
>>> iptables-save and look for a rule that says either -j SNAT --to- source
>>> or -j MASQUERADE, if your existing iptables rules don't have that run
>>> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE' where $EXTIF is
>>> your external interface (probably eth0 or eth1), and then you have a
>>> fully functional router.
>> If you know what you're doing, I agree there isn't any difference. But
>> the set of people who might want a good firewall/router is much larger
>> than the set of people who are really comfortable with iptables, and
>> that's where IPCop & other distros like it fit in really well.
>>
>> There are other benefits besides iptables ease. Any extra/unwanted
>> packages which come in a standard distro, but which aren't needed for a
>> router, have been removed (and are therefore not exploitable).
>> Configuring multiple interfaces for multiple networks is really simple.
>> Etc...
>>
>> alex


--
-Eric 'shubes'

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-July HackFEST Special Guest Presentation FreeIPARe: Using fedora instead of ipcop->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)