Re: Linux firewall on P166

From: /dev/rob0 (
Date: 08/14/03

  • Next message: mooseshoes: "Re: How To Set IP Address of Machine For IPC?"
    Date: Thu, 14 Aug 2003 09:16:52 -0700

    > Varun Sinha wrote:
    >> I was planning to run an ipchains/iptables based firewall for my

    Which is it, ipchains or iptables? The two are mutually exclusive. If
    you don't know, go for iptables, which is much simpler to learn and
    gives you a much stronger firewall.

    >> for it to be - a bare bones Linux install (Debian/RedHat) that runs a
    >> firewall.

    Which is it, Debian or Red Hat? You would probably want this box to run
    full-time, so dual-booting is not a good idea.

    There are many other distro choices. Many users of old junk opt for
    Slackware. I've run Slack on many machines much older than yours. My
    present firewall is on a P166, but I recently retired a 386DX33/8MB.
    (Retired not for reasons of poor performance; quite the contrary, that
    machine did a perfect job of everything it was asked to do. The problem
    was that I did not have enough UPS outlets. The P166 was required for
    other reasons and already had 2 NIC's, so it took over the 386's
    firewall duties.)

    In article <qiI_a.43537$>,
      Luca Sasdelli wrote:
    >> network on a P166, 64MB RAM with 3 SCSI2 HDDs. I was wondering,
    >> however, if that was enough of a machine to run it. That's all I plan
    > I'm not fully sure that such as a setup could be enough, especially

    It certainly is. The minimum requirement for a Linux firewall is the
    minimum hardware requirement for the Linux kernel itself: 386 CPU, 4MB
    RAM. It's difficult to do much with 4MB RAM, but 8MB is adequate and
    16MB is overkill.

    > find some spare SIMMs or - better - use IpCop, that makes use
    > of a specially-tailored kernel.

    A customised kernel is a good idea regardless of distro. The older the
    machine, the more it is likely to benefit. Of course you would not want
    to use an old machine to *compile* a kernel! Use a better machine, then
    copy over the kernel and modules.

    > I've installed one on a 486DX4-100 and 32MB
    > RAM and it works; is quite slow with the admin webpages, but no impact on
    > traffic.

    Admin webpages? What's all this? You're talking about running another
    service. A 386 with 8MB can manage bash and iptables fine. Mine also did
    dhcpd and ntpd for all my local machines.

      /dev/rob0 - preferred_email=i$((28*28+28))
      or put "not-spam" or "/dev/rob0" in Subject header to reply

  • Next message: mooseshoes: "Re: How To Set IP Address of Machine For IPC?"