Hello All,
I have several Centos boxes I am very pleased with. I run another box with the Clarkconnect distribution as a dedicated firewall. Since the Clarkconnect distro is built from Centos I was wondering if anyone knows what needs to be installed on this box so that I could use yum to keep it up to date? Apologies if this is not the proper venue for this question.
-Arkwolf
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Franklin S. Werren webmaster@bagpipes.net www.bagpipes.net www.chautauqualake.net www.franksradio.net
All messages sent from this computer are scanned by more than one Virus Scanner and are Certified to be Virus Free.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of w.arkwolf Sent: Tuesday, March 28, 2006 1:58 PM To: CentOS mailing list Subject: [CentOS] OT Clarkconnect Firewall/Router updates
Hello All,
I have several Centos boxes I am very pleased with. I run another box with the Clarkconnect distribution as a dedicated firewall. Since the Clarkconnect distro is built from Centos I was wondering if anyone knows what needs to be installed on this box so that I could use yum to keep it up to date? Apologies if this is not the proper venue for this question.
-Arkwolf _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tuesday 28 March 2006 16:18, Franklin S Werren wrote:
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
Thanks for your reply.
Not a bad idea, but I've been using Clarkconnect for about 4 years and it has always worked perfectly. If I can keep it updated using yum it would be great.
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Franklin S. Werren webmaster@bagpipes.net
-Arkwolf
w.arkwolf spake the following on 3/28/2006 1:44 PM:
On Tuesday 28 March 2006 16:18, Franklin S Werren wrote:
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
Thanks for your reply.
Not a bad idea, but I've been using Clarkconnect for about 4 years and it has always worked perfectly. If I can keep it updated using yum it would be great.
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Franklin S. Werren webmaster@bagpipes.net
-Arkwolf
It already has apt, shouldn't be too difficult to keep up to date.
On Tuesday 28 March 2006 16:18, Franklin S Werren wrote:
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Sounds like a good idea but I already have the Clarkconnect box running. I've been using this distro for 4 years and I like it. I have seen it mentioned on this list before so I thought I'd ask.
-Arkwolf
I see on the internet a distro BSD monowall, ans the next advanced distro based monowall , pfsense (www.pfsense.com), i read all features and i think is the dream of administrators!
This features found only with checkpoint and nokia, but pfsense say have
sync configuration sync states sync vpn tunnels
have a lot of utilities...(ntop, and others)
the proyect state are release candidate 2, but the final version 1.0 is comming!!
i like linux , but the iptables not have sync states for failover... or something like for vpn, i heard of one proyect for sync states, but pfsense have a lot of thing...
what others distro linux have these things? Red-Wall is other say a lot , but the distro based rh9 worse...
in the future i think to migrate to pfsense.
w.arkwolf wrote:
On Tuesday 28 March 2006 16:18, Franklin S Werren wrote:
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Sounds like a good idea but I already have the Clarkconnect box running. I've been using this distro for 4 years and I like it. I have seen it mentioned on this list before so I thought I'd ask.
-Arkwolf _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 2006-03-28 at 16:18 -0500, Franklin S Werren wrote:
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Me too, so that's 2 rocks. Well, 1 and 1/2 since you top-posted. :-( Runs fine on very old minimal eqpt. I have it on an AMD 5x86 (486 in a 386 socket) 100MHz, 3 3Com 3C509 (half duplex unfortunately) 32MB DRAM (remember what that is?) and junk Champ 1GB old slow drives.
Through my cable modem, *effective* ultimate throughput of 583MB/sec from decent sites. gkrellm shows 617Mb or better on my target.
Don't laugh though, I have it on a much more powerful node too: 200MHz 586 with some better 100BaseT cards, etc. Haven't measured that one yet. I suspect the cable modem is about to become the bottleneck, unless one of my 1000BaseT cards sucking on it would help. But I'll replace that 586 with my wife's old Aptiva (66MHz 486) so I can use that power where it's really needed.
Install w/bootable CD, boot from floppy (image on CD as if El Torito spec CD, might boot on systems supporting that spec too?) and can install from network if you make drivers disk w/your net card included.
Franklin S. Werren webmaster@bagpipes.net
Bill
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Mar 28, 2006 at 09:39:59PM -0500, William L. Maltby wrote:
On Tue, 2006-03-28 at 16:18 -0500, Franklin S Werren wrote:
Why not use http://www.ipcop.org/ I know it does not use the latest OS but why re-invent the wheel....
It has all sorts of goodies like Open VPN and other plugins available.....
I am using it and it ROCKS!!!!!
Me too, so that's 2 rocks. Well, 1 and 1/2 since you top-posted. :-( Runs fine on very old minimal eqpt. I have it on an AMD 5x86 (486 in a 386 socket) 100MHz, 3 3Com 3C509 (half duplex unfortunately) 32MB DRAM (remember what that is?) and junk Champ 1GB old slow drives.
Motorola WR850g + OpenWRT here :) Nice, silent, low energy requirements (11W PSU), small, and has WiFi.
And if you want to create DMZs with it, you can configure each of the 4 LAN Ethernet ports on a different VLAN.
I'm getting some Linksys WRT54GL tomorrow too.
My WR850g went in to replace my CentOS based firewall box (based on K6, 128M RAM).
[]s
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
On Tue, 2006-03-28 at 19:14 -0300, Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Mar 28, 2006 at 09:39:59PM -0500, William L. Maltby wrote:
On Tue, 2006-03-28 at 16:18 -0500, Franklin S Werren wrote:
<snip>
Me too, so that's 2 rocks. Well, 1 and 1/2 since you top-posted. :-( Runs fine on very old minimal eqpt. I have it on an AMD 5x86 (486 in a 386 socket) 100MHz, 3 3Com 3C509 (half duplex unfortunately) 32MB DRAM (remember what that is?) and junk Champ 1GB old slow drives.
Motorola WR850g + OpenWRT here :) Nice, silent, low energy requirements (11W PSU), small, and has WiFi.
My next goal for it is to find a decent source of fan-less low-power supplies. I'll never WiFi at home. I only have a few brain cells left and don't want them invaded by high freq waves. Besides Bush (our protector of constitutional liberties) might be eavesdropping on the waves that exit from my brain cells and I'd get put in Gitmo with all the bene's that accrue from that.
And if you want to create DMZs with it, you can configure each of the 4 LAN Ethernet ports on a different VLAN.
I've just Red/Orange/Green to try to learn all the stuff that didn't exist when I was working for others. Trying to learn the proper DNSing for private net that also accesses I'net etc.
I'm getting some Linksys WRT54GL tomorrow too.
I've been using the SMC stuff for my Gigabit. Been happy with it. But I don't need managed, so I don't know how that stuff compares. I just use the E'net cards and unmanaged switches.
My WR850g went in to replace my CentOS based firewall box (based on K6, 128M RAM).
Yep. Don't want to waste "the big guns". My 2nd most powerful machine is an AMD-K6-2 (currently @ 380MHz, 450 on the horizon I think) on a PC- Chips M-571 main-board, 256M. Access to a good net, couple disks and discs and it makes a real decent workstation or server. I'm using that one as my server, being built via CLI one package at a time so I can really learn this stuff. I wish my memory of what I read was as good as when I was much younger. :-(
Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
I'm going to try and buy folks' old machines and get them into peoples homes when they do cable. Cable co. charges them for each extra computer hookup. I make my own cat-5 cables, install and the homeowner saves $$. And cable co. charges biz customers $300 for each node install and big bucks extra for firewall monthly.... I see an opportunity to save them some money.
Thinking of "HomeGroanNet.*" as a decent name which aptly describes ^^^^^ how hard it is to learn all net related stuff piecemeal. And how hard to survive decent puns in civil society. ;-)
I think after I get my wife's office and tenants set up, I might contribute some code to IPCop.
Be good.... if you have no other choice! =:-O
Bill
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Mar 28, 2006 at 11:16:01PM -0500, William L. Maltby wrote:
Me too, so that's 2 rocks. Well, 1 and 1/2 since you top-posted. :-( Runs fine on very old minimal eqpt. I have it on an AMD 5x86 (486 in a 386 socket) 100MHz, 3 3Com 3C509 (half duplex unfortunately) 32MB DRAM (remember what that is?) and junk Champ 1GB old slow drives.
Motorola WR850g + OpenWRT here :) Nice, silent, low energy requirements (11W PSU), small, and has WiFi.
My next goal for it is to find a decent source of fan-less low-power supplies. I'll never WiFi at home. I only have a few brain cells left and don't want them invaded by high freq waves. Besides Bush (our protector of constitutional liberties) might be eavesdropping on the waves that exit from my brain cells and I'd get put in Gitmo with all the bene's that accrue from that.
Well, just disable WiFi. Pretty easy to do on OpenWRT:
# wl radio off
I'm getting some Linksys WRT54GL tomorrow too.
I've been using the SMC stuff for my Gigabit. Been happy with it. But I don't need managed, so I don't know how that stuff compares. I just use the E'net cards and unmanaged switches.
This WRTish boxes are pretty near. Geral spec is 1 Wifi + 1 Ether (WAN) + 4 + 1 Ethernet Switch (LAN, 4 ports on the outside, the 5th being the router itself).
My WR850g went in to replace my CentOS based firewall box (based on K6, 128M RAM).
Yep. Don't want to waste "the big guns". My 2nd most powerful machine is an AMD-K6-2 (currently @ 380MHz, 450 on the horizon I think) on a PC- Chips M-571 main-board, 256M. Access to a good net, couple disks and discs and it makes a real decent workstation or server. I'm using that one as my server, being built via CLI one package at a time so I can really learn this stuff. I wish my memory of what I read was as good as when I was much younger. :-(
There WRTish boxes are based on MIPS processors (Little Endian, usually Broadcom chip). It is good to switch platforms once in a while :)
I'm going to try and buy folks' old machines and get them into peoples homes when they do cable. Cable co. charges them for each extra computer hookup. I make my own cat-5 cables, install and the homeowner saves $$. And cable co. charges biz customers $300 for each node install and big bucks extra for firewall monthly.... I see an opportunity to save them some money.
Using WRT boxes can save a lot of money, since they are pretty cheap. You can even get used one off e-bay for nearly nothing.
A WRT54GL is priced at $69.99 at Amazon.com and $61.99 at Newegg.
There are plenty of other models/brand you can use for that too.
And now I'm stopping, since this is getting WAY off topic :)
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
William L. Maltby wrote:
I think after I get my wife's office and tenants set up, I might contribute some code to IPCop.
Be good.... if you have no other choice! =:-O
Bill
I always thought it would be awesome if IPCop could pole SNMPd running on local servers and provide some graphs for LAN workstations too.
On 29/03/06, William L. Maltby BillsCentOS@triad.rr.com wrote: [SNIP]
Me too, so that's 2 rocks. Well, 1 and 1/2 since you top-posted. :-(
[SNIP]
Only -0.5 for top posting?? ;-^
-- Sudev Barar Learning Linux
-
Cesar Lagarrigue -
Franklin S Werren -
Rodrigo Barbosa -
Ryan -
Scott Silva -
Sudev Barar -
w.arkwolf -
William L. Maltby