Re: Linux firewall on P166

From: /dev/rob0 (
Date: 08/14/03

  • Next message: mooseshoes: "Re: How To Set IP Address of Machine For IPC?"
    Date: Thu, 14 Aug 2003 09:16:52 -0700

    > Varun Sinha wrote:
    >> I was planning to run an ipchains/iptables based firewall for my

    Which is it, ipchains or iptables? The two are mutually exclusive. If
    you don't know, go for iptables, which is much simpler to learn and
    gives you a much stronger firewall.

    >> for it to be - a bare bones Linux install (Debian/RedHat) that runs a
    >> firewall.

    Which is it, Debian or Red Hat? You would probably want this box to run
    full-time, so dual-booting is not a good idea.

    There are many other distro choices. Many users of old junk opt for
    Slackware. I've run Slack on many machines much older than yours. My
    present firewall is on a P166, but I recently retired a 386DX33/8MB.
    (Retired not for reasons of poor performance; quite the contrary, that
    machine did a perfect job of everything it was asked to do. The problem
    was that I did not have enough UPS outlets. The P166 was required for
    other reasons and already had 2 NIC's, so it took over the 386's
    firewall duties.)

    In article <qiI_a.43537$>,
      Luca Sasdelli wrote:
    >> network on a P166, 64MB RAM with 3 SCSI2 HDDs. I was wondering,
    >> however, if that was enough of a machine to run it. That's all I plan
    > I'm not fully sure that such as a setup could be enough, especially

    It certainly is. The minimum requirement for a Linux firewall is the
    minimum hardware requirement for the Linux kernel itself: 386 CPU, 4MB
    RAM. It's difficult to do much with 4MB RAM, but 8MB is adequate and
    16MB is overkill.

    > find some spare SIMMs or - better - use IpCop, that makes use
    > of a specially-tailored kernel.

    A customised kernel is a good idea regardless of distro. The older the
    machine, the more it is likely to benefit. Of course you would not want
    to use an old machine to *compile* a kernel! Use a better machine, then
    copy over the kernel and modules.

    > I've installed one on a 486DX4-100 and 32MB
    > RAM and it works; is quite slow with the admin webpages, but no impact on
    > traffic.

    Admin webpages? What's all this? You're talking about running another
    service. A 386 with 8MB can manage bash and iptables fine. Mine also did
    dhcpd and ntpd for all my local machines.

      /dev/rob0 - preferred_email=i$((28*28+28))
      or put "not-spam" or "/dev/rob0" in Subject header to reply

  • Next message: mooseshoes: "Re: How To Set IP Address of Machine For IPC?"

    Relevant Pages

    • Re: Linux firewall on P166
      ... Which is it, ipchains or iptables? ... gives you a much stronger firewall. ... It's difficult to do much with 4MB RAM, ... > of a specially-tailored kernel. ...
    • Re: possible problem with iptables/ip_conntrack in 2.6.9-22 kernel
      ... It works fine with the firewall off. ... I have no problems with the 2.4.21-40 kernel ... I assume that you omited part of your iptables script. ... before packets are dropped. ...
    • Re: Anyone Networking there ?
      ... is in the configuration of the firewall. ... Laptop to connect with WPA, (using Fedora FC5 ans the LT does not have ... RAM to take Suse10.1 but its become a war now and I am obsessed. ... Yeah Malke, got all the WPA supplicant stuff, kernel modules, firmware ...
    • Re: Need advice about breakin attempt
      ... > firewall would do nothing for eliminating these bogus ssh requests. ... I don't use iptables as I prefer something more stable than software ... through re-doing of iptables and the kernel set up. ...
    • Problems recompiling Kernel with NetFilter
      ... We are trying to set up a firewall under linux for our office network, ... The firewall is IPTables (because it ... under Mandrake 8.1 with Kernel v2.4.8. ... We get the following error message after the ...