finally getting around to setting up a firewall

[Colonel Sanders]

I'm interested in a version of Linux or such that would run with just a floppy drive and the usual RAM, NIC, maybe even video. I got a 100MHz Pentium with about 32MB RAM, I don't want to use a hard-drive if I have to, and it will of course have dual NICs. Do I need to use a hard-drive to turn this into a firewall, or is there anything that could run from the floppy drive?

TIA, Logan

[TMAN]

I think you'll need a hardrive. I haven't encountered a Kernel smaler than 4megs. The router/firewall software would be another 20 (I think(I haven't checked yet)). Just stick a small HD in there and make it a file server if the HD is over a gig.

[Colonel Sanders]

Darn, I was affraid of that. I got a 2.16GB drive which might have a lot of wasted space, unless I learn about network booting then I could try to boot other PCs from the *firewall*. Anyways, what should I use for the adress? I need one for the world to see, which I don't think is very impornant(?), than an internal adress which is more imporntant.

TIA, Logan

[MaXimum SMOKE]

http://lrp.steinkuehler.net/

Linux Router Project seemed to enjoy popularity, but I haven't seen any pages that still look very 'active' regarding the 1 floppy install type of router. Doing a search on (linux router project), perhaps, may show you some alternatives. The above link is a result of a similar search.

[jackjones]

Another solution could be sentry firewall, which does not need a harddrive.However, If you do not have any *nix experience, I would not recommend it, since it has no nice GUI program and you have to edit the textfiles by hand.

[Blakhart]

Smoothwall

[jackjones]

Yes, that would be the best choice if Colonel Sanders can get a small hard drive for the computer.

[ScurrilousPrune]

Check out Coyote Linux (http://www.coyotelinux.com) it runs off a floppy and has a Windows disk maker. Just make sure you have a compatible NIC. There's a video you can download at http://www.extremeoverclocking.com/a..._Router_1.html that goes through the install process using linux instead of the disk maker. There's also a tutorial for installing and configuring Linux Router Project (LRP) which can be found at http://techupdate.zdnet.com/techupda...3199-1,00.html I don't know if you have a hub, but it requires one.

[Colonel Sanders]

I have a 10-baseT 16-port hub, my step-dad picked it up for like $5 a long time ago, but then he upgraded to more-powerful(and thus fewer) PCs and 10/100, he said it should do fine for a cable-modem.

I'll look into some of those. Biggst problem is that my CBM locks up if I switch it between too many different PCs but I suppose that is good for security(but not good for changeing NICs, or when the main PC crashes ).

Anyways, I know very little about the internet. Good thing is Windows takes care of all that behind my back, and I hope it works. However, Linux tends to ask me what my IP adress is/or should be. What should I use for such numbers?

TIA, Logan

[ScurrilousPrune]

It depends if your cable modem has a static IP address or not. istrongly suggest you watch the video and read the documentations. Your cable modem can also have a static IP through DHCP. You can also configure it for 56k and other speed dial-up modems. Read the documentation and if you don't know what type of IP address you have call your ISP. As far as the LAN IP address it should be left to the default (192.168.0.X). There is also a certain way you should attach all the cables. One NIC in the linux box will be connected to the cat5 that goes to the modem, and will be handling incoming data, the other will be going out to the hub's uplink port I believe. If your hub doesn't have an uplink port, it should be going to a regular port but with a crossover cable instead of a cat5. Then you just connect the other computers to the regular hub ports.

[Colonel Sanders]

I'm not sure which card is which, but I got Dachstein on a floppy(suprisingly I had to mount the floppy *inside* the case in a hard-drive bay since the case was missing the drive cage where I would normally attach the floppy.) to work(I think).

Link to where I got Dachstein: http://lrp.steinkuehler.net/DiskImages.htm

There is an "AUI port" on the hub which looks the same as a similar port found on some ISA 10Base-T NICs. However, that would require another driver file added to the near full floppy. Would there be any noticable advantages to using this port?

Also on the hub, one of the ports has a switch for MDI or MDI X, under all the other ports it says MDI X. What does this mean, I think it means I should set the one port to MDI and connect that to the back of the router?

TIA, Logan

[ScurrilousPrune]

Well, stay away from the AUI port, as regular RJ-45 with cat5 is probably the most widely used, durable, and fastest. AUI is older I believe. As for the MDI/MDI X, I'm guessing this hub doesn't have an uplink port. I'm not 100% sure on this but: It basically means your ports can't distinguish between connecting to a hub/switch and connecting to an endstation. If you want to connect the port with the MDI/MDIX option to another hub or switch for expansion, make sure its on the MDIX option and use a crossover cable and connect to one of the other hub's regular ports(?) Since it doesn't have an uplink I think you have to use a crossover on the regular ports too. For the router, use a crossover and connect one end into one of the router's regular ports and the other end into a regular port on the hub. I would suggest getting a newer autosensing 10/100 hub if I were you, unless you can get it working with no problems. Can anyone clarify on the MDI/MDIX thing?

[Colonel Sanders]

Quote:

Originally posted by ScurrilousPrune I would suggest getting a newer autosensing 10/100 hub if I were you

I've seen the price of newer hubs, if this will handle my needs, it might be frustrating getting there but I'll learn something. I think it is time for me to look around for the manual on the old hub.

16 port 10/100 hub? I don't even want to think about how much that would cost....

[Hassmaschine]

I'd be careful about trying to boot the firewall off the net... makes your network hackable during that period of time, just like the cable modem hacking...

---

<sub>Your signature was edited out because it was too large and obtrusive. Please try to implement a more courteous signature in future.

Moderator</sub>