configuration for a router

Can I make a router with a pII 400Mhz, 64Mo of RAM? , router for 3
computers?

flipper <(E-Mail Removed)> writes:

>Can I make a router with a pII 400Mhz, 64Mo of RAM? , router for 3
>computers?

sure. No problem. I do this at home. You also need two ethernet cards.

have eth0 connect to the outside world, and have routing to and from the
outside world through that. Make eth1 be the internal net, give it the IP
of 192.168.0.1 and route all 192.168.0.0/16 through that.
Make it the gateway for all the other internal computers, giving them
addresses of 192.168.0.{2,3,4}

Enable firewall ont he first and also NAT Enable IP forwarding on it, and
away you go. (I do this at home, no trouble)


Now if you have a 10Gb connection between the inside machines or with the
outside world, your PII will not be enough. It is is the usual 10 or 100
MHz it is fine.

Unruh wrote:
> flipper <(E-Mail Removed)> writes:
>
>
>>Can I make a router with a pII 400Mhz, 64Mo of RAM? , router for 3
>>computers?
>
>
> sure. No problem. I do this at home. You also need two ethernet cards.
>
> have eth0 connect to the outside world, and have routing to and from the
> outside world through that. Make eth1 be the internal net, give it the IP
> of 192.168.0.1 and route all 192.168.0.0/16 through that.
> Make it the gateway for all the other internal computers, giving them
> addresses of 192.168.0.{2,3,4}
>
> Enable firewall ont he first and also NAT Enable IP forwarding on it, and
> away you go. (I do this at home, no trouble)
>
>
> Now if you have a 10Gb connection between the inside machines or with the
> outside world, your PII will not be enough. It is is the usual 10 or 100
> MHz it is fine.
>
>
And can I put my web and ssh server on this machine or is it recomended
for security reason to have firewall on one separated
computer?...Because it s not easy to have like one desktop computer, one
firewall, another computer as a server....

flipper <(E-Mail Removed)> writes:

>Unruh wrote:
>> flipper <(E-Mail Removed)> writes:
>>
>>
>>>Can I make a router with a pII 400Mhz, 64Mo of RAM? , router for 3
>>>computers?
>>
>>
>> sure. No problem. I do this at home. You also need two ethernet cards.
>>
>> have eth0 connect to the outside world, and have routing to and from the
>> outside world through that. Make eth1 be the internal net, give it the IP
>> of 192.168.0.1 and route all 192.168.0.0/16 through that.
>> Make it the gateway for all the other internal computers, giving them
>> addresses of 192.168.0.{2,3,4}
>>
>> Enable firewall ont he first and also NAT Enable IP forwarding on it, and
>> away you go. (I do this at home, no trouble)
>>
>>
>> Now if you have a 10Gb connection between the inside machines or with the
>> outside world, your PII will not be enough. It is is the usual 10 or 100
>> MHz it is fine.
>>
>>
>And can I put my web and ssh server on this machine or is it recomended
>for security reason to have firewall on one separated
>computer?...Because it s not easy to have like one desktop computer, one
> firewall, another computer as a server....

Sure, why not. If you expect 1000000 hits a day, then it is almost certainly
insufficient. If you expect 1000 a day or fewer, it should be fine.

In fact you want that computer to be your entrance to the outside world, so
you can spend time hardening it and making sure that no stray services are
running on it.

Note that many ISPs will NOT allow you to run an http server on a machine
attached to the net through them. They may even block port 80 queries.

Unruh wrote:
> flipper <(E-Mail Removed)> writes:
>
>
>>Unruh wrote:
>>
>>>flipper <(E-Mail Removed)> writes:
>>>
>>>
>>>
>>>>Can I make a router with a pII 400Mhz, 64Mo of RAM? , router for 3
>>>>computers?
>>>
>>>
>>>sure. No problem. I do this at home. You also need two ethernet cards.
>>>
>>>have eth0 connect to the outside world, and have routing to and from the
>>>outside world through that. Make eth1 be the internal net, give it the IP
>>>of 192.168.0.1 and route all 192.168.0.0/16 through that.
>>>Make it the gateway for all the other internal computers, giving them
>>>addresses of 192.168.0.{2,3,4}
>>>
>>>Enable firewall ont he first and also NAT Enable IP forwarding on it, and
>>>away you go. (I do this at home, no trouble)
>>>
>>>
>>>Now if you have a 10Gb connection between the inside machines or with the
>>>outside world, your PII will not be enough. It is is the usual 10 or 100
>>>MHz it is fine.
>>>
>>>
>>
>>And can I put my web and ssh server on this machine or is it recomended
>>for security reason to have firewall on one separated
>>computer?...Because it s not easy to have like one desktop computer, one
>> firewall, another computer as a server....
>
>
> Sure, why not. If you expect 1000000 hits a day, then it is almost certainly
> insufficient. If you expect 1000 a day or fewer, it should be fine.
>
> In fact you want that computer to be your entrance to the outside world, so
> you can spend time hardening it and making sure that no stray services are
> running on it.
>
> Note that many ISPs will NOT allow you to run an http server on a machine
> attached to the net through them. They may even block port 80 queries.
>
>
what do I ned to install on it to have an efficient firewall, nat and ip
forwarding, and secure my desktop computer from trojans, spyware...and
run some servers... which linux distribution could be better?

On Tue, 05 Apr 2005 23:24:18 +0200, flipper <(E-Mail Removed)> wrote:
>Can I make a router with a pII 400Mhz, 64Mo of RAM? , router for 3
>computers?

yes. coyote linux, or MandrakeSecurity are two that come to mind.

coyote linux is floppy based, you hand edit files to set it up.

MandrakeSecurity uses shorewall for it's firewall and has a web based
interface.

To do three computers, you need either a hub/switch.
One network interface goes to the internet side
Other network interface goes to the hub/switch which then connects
to your three computers.

I guess you could use 4 Nics, but it might be a PiTA to setup interPC
communications.

flipper wrote:
>
> what do I ned to install on it to have an efficient firewall, nat and ip
> forwarding,

This is easy and it can be done with any decent Linux distribution.
(I'm using Debian stable a.k.a. Woody).

> and secure my desktop computer from trojans, spyware.

This is difficult to impossible. A clueless user with a
Windows computer can be infected even behind a restrictive
firewall, as long as the computer has any access to the
Internet. This kind of active contents are taking advantage
of the very careless way Microsoft systems handle any
executable files coming in. Just one careless click
in IE or Outlook Express is enough for an infection.
(There are news that even the click is not necessary).

...and
> run some servers... which linux distribution could be better?

Pick a distribution which some of the friends nearby
has - it will be easier to get help. All distributions
can be put to work as the firewall/router.

--

Tauno Voipio
tauno voipio (at) iki fi

On Tue, 05 Apr 2005 23:56:23 +0200, flipper wrote:
> what do I ned to install on it to have an efficient firewall, nat and ip
> forwarding, and secure my desktop computer from trojans, spyware...and
> run some servers... which linux distribution could be better?

If this is a dedicated machine that is not going to be used as a
workstation, I recommend you use a firewall system with an easy to
understand web interface.

My recommendation is ipcop, but I don't know how it is to run a
webserver on it. Clarkconnect is also good and easy to configure, but
the webserver together with the mailserver and other services running
by default in CC kept the load on my P-II 400MHz with 192 MB RAM too
high. So I switched to ipcop and moved the web and mailserver to
another machine inside my lan.

--
Rolf Arne Schulze
Trans-atlantic weightloss challenge: http://tawlc.net/
Min Weblog: http://rolfas.net/

Rolf Arne Schulze wrote:
> On Tue, 05 Apr 2005 23:56:23 +0200, flipper wrote:
>
>>what do I ned to install on it to have an efficient firewall, nat and ip
>>forwarding, and secure my desktop computer from trojans, spyware...and
>>run some servers... which linux distribution could be better?
>
>
> If this is a dedicated machine that is not going to be used as a
> workstation, I recommend you use a firewall system with an easy to
> understand web interface.
>
> My recommendation is ipcop, but I don't know how it is to run a
> webserver on it. Clarkconnect is also good and easy to configure, but
> the webserver together with the mailserver and other services running
> by default in CC kept the load on my P-II 400MHz with 192 MB RAM too
> high. So I switched to ipcop and moved the web and mailserver to
> another machine inside my lan.
>
is there some dedicated distribution to do a firewall

flipper wrote:

> is there some dedicated distribution to do a firewall

for starters, try here:
http://distrowatch.com/dwres.php?resource=firewalls
and
http://tinyurl.com/48o47


--
When you say: "I wrote a program that crashed Windows",
people just stare at you blankly and say: "Hey, I got those
with the system -- for free."
- Linus Torvalds -- (remove _eh to email)