I would have to recommend OpenBSD on your 800MB HDD (you can easily get it installed in 300MB). IP Filter is an awesome firewall and OpenBSD is arguable the best OS to run your firewall on (the development team takes extra care to make sure the system is secure). Netfilter/IPtables is too new and in my opinion too complicated (I have only heard good things about IPtables, but most people say they are going to stay with IPfilter). IPchains is not even an option since it is not stateful. Plus OpenBSD is very easy to administer. for info on OpenBSD: http://www.openbsd.org (network install is easy) http://www.nomoa.com/bsd (great for getting everything running) I love Linux, but for a firewall I can only recommend OpenBSD. Dusty ----------------------------------------------------- > > Does anyone know how to advertise a certain service on a port and not on > > others? For example, say I want to have DHCP running on my firewall for > my > > internal network but don't want it to accept DHCP requests coming from the > > external ethernet port. Is there any way to do this other than to create > > rules in the iptables/ipchains setup? > > http://www.mplug.org/phpwiki/index.php?DHCPServer > There is a way to specify what to advertise within the dhcpd.conf file > itself, but I personally specify the dhcpd ethernet device in the > /etc/init.d/dhcpd service launching script. Read that URL for details and > my sample dhcpd.conf file. > > > > > Also, what is the smallest size Linux distribution I can use for a > firewall > > setup? I currently only have 2 spare HD's to use, one is an 800MB and the > > other is a 20GB. 2 lousy choices since the 20 GB is too large to waste on > a > > firewall that won't do anything except masquerading and the other is too > > small too be able to accept the most current versions of Redhat or > Mandrake. > > > > Your 800MB hard drive would be plenty enough space for a Red Hat based > firewall following my BasicFirewallRouter guide. > http://www.mplug.org/phpwiki/index.php?BasicFirewallRouter > I wouldn't use Mandrake for this setup because it would be harder to strip > out the X graphical stuff, bells and whistles, and Red Hat's package > updating process in pure text mode much easier with "up2date -u" or "Red Hat > Update" that you can download from freshmeat. If you use text mode, your > Red Hat installation with very minimum packages necessary would be somewhere > between 150-300MB I think. The rest would leave plenty of space for > firewall monitoring tools, security tools, and the syslogs. I'll be writing > guides on the security and monitoring stuff sometime soon. > > > Are the "firewall on a floppy" setups pretty secure? Any place where I > can > > get current information, not some how-to that has all sorts of out-of-date > > warnings and disclaimers on it? > > IMHO the floppy based setups are not very secure. You get zero monitoring > features and much less configurability and flexibility. You also don't get > to take advantage of the 2.4 kernel with Netfilter/iptables and all the > great things that allows you to do. > > Warren Togami > warren@togami.com > Mid-Pacific Linux User's Group > http://www.mplug.org > > > > --- > You are currently subscribed to luau as: dusty@sandust.com > To unsubscribe send a blank email to $subst('Email.Unsub')