Using fedora instead of ipcop

Eric Shubert ejs at shubes.net
Thu Jun 4 16:54:11 MST 2009 

There wasn't much of a change from 1.4.20 to 1.4.21, so they didn't make 
an iso. You can build the 1.4.21 iso yourself (LFS), or simply install 
1.4.20 and upgrade to 1.4.21. Upgrading is a breeze, so I'd go that route.

Eric Cope wrote:
> is it just me, or is the 1.4.21 version iso of IPCop not available yet?
> http://sourceforge.net/project/showfiles.php?group_id=40604&package_id=35093 
> <http://sourceforge.net/project/showfiles.php?group_id=40604&package_id=35093>
> 
> Eric
> 
> On Thu, Jun 4, 2009 at 3:51 PM, Eric Shubert <ejs at shubes.net 
> <mailto:ejs at shubes.net>> wrote:
> 
>     I guess this would make IPCop is a bit geeky. It's based on LFS, and you
>     can compile the whole thing if you'd like. ;) (Instructions are on the
>     web site)
> 
>     kitepilot at kitepilot.com <mailto:kitepilot at kitepilot.com> wrote:
>      >>> Any extra/unwanted packages which come in a standard distro,
>      >>> but which aren't needed for a router, have been removed
>      > The best (GEEKY) firewall is an LFS installation running iptables.
>      > You just NEVER install "any extra/unwanted package" to begin
>     with.  :)
>      > I understand it is not for everyone though, but I couldn't
>     resist...  8)
>      > ET
>      >
>      > PS: For the "uninitiated":
>      > LFS=http://www.linuxfromscratch.org/
>      >
>      >
>      >
>      >
>      > Alex Dean writes:
>      >
>      >> On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote:
>      >>
>      >>> Maybe most people would disagree with me on this but I don't think
>      >>> there's too many advantages to runnning IPcop over a standard linux
>      >>> distro in the first place if you're only looking to use it as a
>      router.
>      >>> Any router or firewall distro is more or less an iptables  frontend
>      >>> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in /
>      >>> etc/sysctl.conf and there should be an iptables rule for nat, run
>      >>> iptables-save and look for a rule that says either -j SNAT
>     --to- source
>      >>> or -j MASQUERADE, if your existing iptables rules don't have
>      that run
>      >>> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE'  where
>     $EXTIF is
>      >>> your external interface (probably eth0 or eth1), and  then you
>     have a
>      >>> fully functional router.
>      >> If you know what you're doing, I agree there isn't any
>     difference.   But
>      >> the set of people who might want a good firewall/router is much
>      larger
>      >> than the set of people who are really comfortable with
>      iptables, and
>      >> that's where IPCop & other distros like it fit in really  well.
>      >>
>      >> There are other benefits besides iptables ease.  Any extra/unwanted
>      >> packages which come in a standard distro, but which aren't
>     needed for  a
>      >> router, have been removed (and are therefore not exploitable).
>      >> Configuring multiple interfaces for multiple networks is really
>      simple.
>      >> Etc...
>      >>
>      >> alex
> 
> 
>     --
>     -Eric 'shubes'
> 
>     ---------------------------------------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> 
> 
> -- 
> Eric Cope
> http://cope-et-al.com
> 


-- 
-Eric 'shubes'

More information about the PLUG-discuss mailing list