[CentOS] Using a CentOS 6 Machine as a gateway/router/home server

Mon Jun 29 18:08:31 UTC 2015
Bill Maltby (C4B) <centos4bill at gmail.com>

On Mon, 2015-06-29 at 08:17 -0700, david wrote:
> <snip>

> >
> >Yup. For, um, about a dozen years, I ran RH 7.1,7.2, 7.3, and eventually 9
> >on an old box that was nothing but a firewall router. I was seriously
> >paranoid - no gcc or any development tools, no X, not much of anything. To
> >the best of my knowledge, we never had a breakin.
> >
> >I'm running DD-WRT on an ASUS router these days, and I'm *NOT* wildly
> >impressed. I mean, it seems ok, but the project is run in what I can only
> >describe as "amateur", in the worst sense of the word. The several
> >official developers release a build, and you can choose which one of
> >who's; people on the mailing list have "favorite builds", which is not a
> >phrase I have *ever* heard used with an o/s before, and I'm afraid to
> >update, as some of their "documentation" is out of date, or wrong.
> >
> >At some point, I may just get a PI, and run CentOS, or some
> >firewall/router distro, though that would mean not having WiFi for guests.
> >
> >        mark
> Mark
> The WiFi solution I use still uses a Centos 6 
> firewall/router/gateway, but one of my inside devices is a WiFi 
> router.  Rather than doing double routing, I connect one of the 
> WiFi's LAN connections via a switch to my Router via a switch, 
> leaving the WiFi Router's WAN conection unused.  That way, my gateway 
> (and not the WiFi router) is the DHCP server, and can enforce 
> whatever firewall rules I want to apply.
> No need to give up your guest WiFi if you stick with a Centos gateway.
> David 
> <snip>

I get good results with IPCop on an older box. I happened to already
have my WAP set up, similar to David, with ethernet cable into my
Netgear gigabit switch. But IPCop has a zone now for wifi and I could
hook it into my IPCop and and get all it's benefits.

I haven't bothered because I'm in the boonies with little traffic,
meaning less "drive-by" traffic/chance of someone trying to break in via
that route, and my security key is very long and follows all the usual
guidlines re case, numbers, etc. Everyone that I've authorized has had
to attempt multiple times to finally get in, even me, until the device
in use (IPHone, Android phone, Kindle Fire, ...) remembers a successful
access completion.

I'm very pleased with IPCop - going on near a decade by now I guess.