Using fedora instead of ipcop

kitepilot at kitepilot.com kitepilot at kitepilot.com
Thu Jun 4 14:56:14 MST 2009


>> Any extra/unwanted packages which come in a standard distro,
>> but which aren't needed for a router, have been removed
The best (GEEKY) firewall is an LFS installation running iptables.
You just NEVER install "any extra/unwanted package" to begin with.  :)
I understand it is not for everyone though, but I couldn't resist...  8)
ET 

PS: For the "uninitiated":
LFS=http://www.linuxfromscratch.org/ 

 


Alex Dean writes: 

> 
> On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote: 
> 
>> Maybe most people would disagree with me on this but I don't think  
>> there's too many advantages to runnning IPcop over a standard linux  
>> distro in the first place if you're only looking to use it as a  router.  
>> Any router or firewall distro is more or less an iptables  frontend 
>> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in / 
>> etc/sysctl.conf and there should be an iptables rule for nat, run  
>> iptables-save and look for a rule that says either -j SNAT --to- source 
>> or -j MASQUERADE, if your existing iptables rules don't have  that run 
>> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE'  where $EXTIF is 
>> your external interface (probably eth0 or eth1), and  then you have a 
>> fully functional router.
> 
> If you know what you're doing, I agree there isn't any difference.   But 
> the set of people who might want a good firewall/router is much  larger 
> than the set of people who are really comfortable with  iptables, and 
> that's where IPCop & other distros like it fit in really  well. 
> 
> There are other benefits besides iptables ease.  Any extra/unwanted  
> packages which come in a standard distro, but which aren't needed for  a 
> router, have been removed (and are therefore not exploitable).   
> Configuring multiple interfaces for multiple networks is really  simple.  
> Etc... 
> 
> alex


More information about the PLUG-discuss mailing list