Re: Using fedora instead of ipcop

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Shubert
Date:  
To: plug-discuss
Subject: Re: Using fedora instead of ipcop
There wasn't much of a change from 1.4.20 to 1.4.21, so they didn't make
an iso. You can build the 1.4.21 iso yourself (LFS), or simply install
1.4.20 and upgrade to 1.4.21. Upgrading is a breeze, so I'd go that route.

Eric Cope wrote:
> is it just me, or is the 1.4.21 version iso of IPCop not available yet?
> http://sourceforge.net/project/showfiles.php?group_id=40604&package_id=35093
> <http://sourceforge.net/project/showfiles.php?group_id=40604&package_id=35093>
>
> Eric
>
> On Thu, Jun 4, 2009 at 3:51 PM, Eric Shubert <
> <mailto:ejs@shubes.net>> wrote:
>
>     I guess this would make IPCop is a bit geeky. It's based on LFS, and you
>     can compile the whole thing if you'd like. ;) (Instructions are on the
>     web site)

>
>      <mailto:kitepilot@kitepilot.com> wrote:
>      >>> Any extra/unwanted packages which come in a standard distro,
>      >>> but which aren't needed for a router, have been removed
>      > The best (GEEKY) firewall is an LFS installation running iptables.
>      > You just NEVER install "any extra/unwanted package" to begin
>     with.  :)
>      > I understand it is not for everyone though, but I couldn't
>     resist...  8)
>      > ET
>      >
>      > PS: For the "uninitiated":
>      > LFS=http://www.linuxfromscratch.org/

>      >

>      >

>      >

>      >
>      > Alex Dean writes:

>      >
>      >> On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote:

>      >>
>      >>> Maybe most people would disagree with me on this but I don't think
>      >>> there's too many advantages to runnning IPcop over a standard linux
>      >>> distro in the first place if you're only looking to use it as a
>      router.
>      >>> Any router or firewall distro is more or less an iptables  frontend
>      >>> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in /
>      >>> etc/sysctl.conf and there should be an iptables rule for nat, run
>      >>> iptables-save and look for a rule that says either -j SNAT
>     --to- source
>      >>> or -j MASQUERADE, if your existing iptables rules don't have
>      that run
>      >>> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE'  where
>     $EXTIF is
>      >>> your external interface (probably eth0 or eth1), and  then you
>     have a
>      >>> fully functional router.
>      >> If you know what you're doing, I agree there isn't any
>     difference.   But
>      >> the set of people who might want a good firewall/router is much
>      larger
>      >> than the set of people who are really comfortable with
>      iptables, and
>      >> that's where IPCop & other distros like it fit in really  well.

>      >>
>      >> There are other benefits besides iptables ease.  Any extra/unwanted
>      >> packages which come in a standard distro, but which aren't
>     needed for  a
>      >> router, have been removed (and are therefore not exploitable).
>      >> Configuring multiple interfaces for multiple networks is really
>      simple.
>      >> Etc...

>      >>
>      >> alex

>
>
>     --
>     -Eric 'shubes'

>
>     ---------------------------------------------------
>     PLUG-discuss mailing list - 
>     <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

>
>
>
>
> --
> Eric Cope
> http://cope-et-al.com
>



--
-Eric 'shubes'

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss