[CentOS] Firewall frustration

Tue Jan 1 03:45:25 UTC 2008
Mark Weaver <mdw1982 at mdw1982.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 31 Dec 2007 21:36:09 -0500
"Mark A. Lewis" <mark at siliconjunkie.net> wrote:

> 
> 
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Mark Weaver
> Sent: Monday, December 31, 2007 8:09 PM
> To: centos at centos.org
> Subject: Re: [CentOS] Firewall frustration
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, 31 Dec 2007 12:21:34 -0500
> Robert Moskowitz <rgm at htt-consult.com> wrote:
> 
> > William L. Maltby wrote:
> > > On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
> > >   
> > >> Peter Farrell wrote:
> > >>     
> > >>> "Problem is I want a REAL router/firewall with little work."
> > >>>
> > >>> Run a smoothwall installtion and replace your CentOS install.
> > >>>
> > >>> http://www.smoothwall.org/
> > >>>   
> > >>>       
> > >> well first challenge is my unit's USB ethernet dongles. Centos
> > >> uses
> 
> > >> the RTL 8150 driver for them. Smoothwall only lists the RTL
> > >> 8129, 8139, and 8169...
> > >>     
> > >
> > > I've used this at home for years. I don't know if it's suitable,
> > > but
> 
> > > it seems *very* flexible. Allows for NAT or not, has typical
> > > zones, reporting, IPTables modification support, ...
> > >
> > >    http://www.ipcop.org/
> > >
> > > Has run/tested successfully on various configurations here. It's 
> > > another "ditch your CentOS" solution though. But you can put it
> > > on any old junk laying around and it'ss probably work. Using
> > > cable modem in the boonies, 486DX/66 gives about 450KB/sec,
> > > Pentium 200MHz
> 
> > > pci gives <= 700MB/sec - both from decent sites. Tested using
> > > both ISA and PCI bus adapters through both twisted pair and thin
> > > coax.
> > As I thought about things this morning, trying to put up
> > smoothwall, I
> 
> > realized that one of my goals is to have a tool to turn a Centos 
> > system that I am using for foo, into a firewall for bar for a day.
> > I have Astaro for my serious firewall needs (see later post), but
> > need something 'portable'.  You see I have these plans with some
> > small itx systems....
> 
> have you considered linux that fits on a floppy disk?
> 
> http://mypage.uniserve.ca/~thelinuxguy/small_and_floppy_linux/
> 
> http://www.linuxlinks.com/Distributions/Floppy/
> 
> http://www.dmoz.org/Computers/Software/Operating_Systems/Linux/Distribut
> ions/Tiny/Floppy_Sized/
> 
> get one running and configured and save to floppy... things go south
> reboot the machine and everything is back. no hard drives to worry
> about...
> 
> - --
> Mark
> 
> "Drunkenness is not an excuse for stupidity. If you're stupid when
> you're sober then that's one thing, but if you're sober when you're
> stupid, then you're just plain stupid!"
> ============================================== Powered by CentOS5
> (RHEL5)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4-svn0 (GNU/Linux)
> 
> iD8DBQFHeZKZAHUWFbtwPigRAqlLAJ9NrXCoPuh0vyCET81GKQ7a27RQ0QCbBvkT
> Ez253XYLAOfSJS7u5ij36U4=
> =jb20
> -----END PGP SIGNATURE-----
> 
> 
> I have this vision of a live CD that would come up and pull down it's
> config via SCP or HTTPS and run. Or maybe a PGP encrypted file over
> TFTP. No writable media in the machine at all, no access to write to
> the configs, just a dumb device that knows where to get it's config.
> Any compromise could be fixed with just a reboot, the config could
> even be reloaded at some interval automatically, off machine logging,
> perhaps even without an interface. You could more than likely go one
> step further and use PXE to load everything over NFS or something,
> then you are at no moving parts. Unfortunately, I have the ideas but
> not the knowledge or time. In my opinion, this would be the ultimate
> evolution of things like IP Cop and Smoothwall.
> 
> I want to say that monowall had this on the roadmap, but I haven't
> looked lately. Appears someone has done some work on it:
> http://people.freebsd.org/~nik/m0n0wall/pxe+nfs/article.html

I seem to remember there being distro ISO tools out there that allow
one to roll their own distro, but for the life of me can't remember
what it's called.

Anyway, if you're feeling ambitious you could load an OS, season to
taste and then create your OS using the Live CD technology that's out
there. 

- -- 
Mark

"Drunkenness is not an excuse for stupidity. If you're stupid when
you're sober then that's one thing, but if you're sober when you're
stupid, then you're just plain stupid!"
============================================== Powered by CentOS5
(RHEL5)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFHebdaAHUWFbtwPigRAvj8AJ9oIHAwN4NEopzJFJ8q+mxtTsQEGwCfUk6N
6DnfuAGUJR6WYDi1HUlKcaI=
=rE1u
-----END PGP SIGNATURE-----