Using fedora instead of ipcop
kitepilot at kitepilot.com
kitepilot at kitepilot.com
Thu Jun 4 14:56:14 MST 2009
>> Any extra/unwanted packages which come in a standard distro,
>> but which aren't needed for a router, have been removed
The best (GEEKY) firewall is an LFS installation running iptables.
You just NEVER install "any extra/unwanted package" to begin with. :)
I understand it is not for everyone though, but I couldn't resist... 8)
ET
PS: For the "uninitiated":
LFS=http://www.linuxfromscratch.org/
Alex Dean writes:
>
> On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote:
>
>> Maybe most people would disagree with me on this but I don't think
>> there's too many advantages to runnning IPcop over a standard linux
>> distro in the first place if you're only looking to use it as a router.
>> Any router or firewall distro is more or less an iptables frontend
>> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in /
>> etc/sysctl.conf and there should be an iptables rule for nat, run
>> iptables-save and look for a rule that says either -j SNAT --to- source
>> or -j MASQUERADE, if your existing iptables rules don't have that run
>> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE' where $EXTIF is
>> your external interface (probably eth0 or eth1), and then you have a
>> fully functional router.
>
> If you know what you're doing, I agree there isn't any difference. But
> the set of people who might want a good firewall/router is much larger
> than the set of people who are really comfortable with iptables, and
> that's where IPCop & other distros like it fit in really well.
>
> There are other benefits besides iptables ease. Any extra/unwanted
> packages which come in a standard distro, but which aren't needed for a
> router, have been removed (and are therefore not exploitable).
> Configuring multiple interfaces for multiple networks is really simple.
> Etc...
>
> alex
More information about the PLUG-discuss
mailing list