Re: Linux firewall on P166
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: Thu, 14 Aug 2003 09:16:52 -0700
> Varun Sinha wrote:
>> I was planning to run an ipchains/iptables based firewall for my
Which is it, ipchains or iptables? The two are mutually exclusive. If
you don't know, go for iptables, which is much simpler to learn and
gives you a much stronger firewall.
>> for it to be - a bare bones Linux install (Debian/RedHat) that runs a
Which is it, Debian or Red Hat? You would probably want this box to run
full-time, so dual-booting is not a good idea.
There are many other distro choices. Many users of old junk opt for
Slackware. I've run Slack on many machines much older than yours. My
present firewall is on a P166, but I recently retired a 386DX33/8MB.
(Retired not for reasons of poor performance; quite the contrary, that
machine did a perfect job of everything it was asked to do. The problem
was that I did not have enough UPS outlets. The P166 was required for
other reasons and already had 2 NIC's, so it took over the 386's
In article <qiI_a.email@example.com>,
Luca Sasdelli wrote:
>> network on a P166, 64MB RAM with 3 SCSI2 HDDs. I was wondering,
>> however, if that was enough of a machine to run it. That's all I plan
> I'm not fully sure that such as a setup could be enough, especially
It certainly is. The minimum requirement for a Linux firewall is the
minimum hardware requirement for the Linux kernel itself: 386 CPU, 4MB
RAM. It's difficult to do much with 4MB RAM, but 8MB is adequate and
16MB is overkill.
> find some spare SIMMs or - better - use IpCop www.ipcop.org, that makes use
> of a specially-tailored kernel.
A customised kernel is a good idea regardless of distro. The older the
machine, the more it is likely to benefit. Of course you would not want
to use an old machine to *compile* a kernel! Use a better machine, then
copy over the kernel and modules.
> I've installed one on a 486DX4-100 and 32MB
> RAM and it works; is quite slow with the admin webpages, but no impact on
Admin webpages? What's all this? You're talking about running another
service. A 386 with 8MB can manage bash and iptables fine. Mine also did
dhcpd and ntpd for all my local machines.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply