Firewall distro w/ dial-on-demand?

I'm looking for a Linux firewall distro with dial-on-demand PPP
as the external network interface. I realize I can take any of
the existing distros and add demand dialing, but why bother if
it's already been done.

I've googled for "firewall" and "dial-on-demand" and didn't
really find anything.

Can anybody recommend a firewall distro with:

NAT
Dial-on-demand PPP external interface

Nice to have:

DHCP server
DNS caching
Web admin

I'd probably run it on a Geode box booting from a Disk-on-chip
and then running entirely from RAM. [Roughly equivalent to a
150MHz Pention.]

--
Grant Edwards grante Yow! I'm ZIPPY the PINHEAD
at and I'm totally committed
visi.com to the festive mode.

On 20 Aug 2003 19:39:30 GMT, Grant Edwards <(E-Mail Removed)> wrote:
> I'm looking for a Linux firewall distro with dial-on-demand PPP
> as the external network interface. I realize I can take any of
> the existing distros and add demand dialing, but why bother if
> it's already been done.
>
> I've googled for "firewall" and "dial-on-demand" and didn't
> really find anything.

Yes, it has already been done by simply typing 'demand' (without quotes)
in /etc/ppp/options or connect script of ANY current Linux (man pppd).
It is not like you have to recompile anything.

> Can anybody recommend a firewall distro with:
>
> NAT
> Dial-on-demand PPP external interface
>
> Nice to have:
>
> DHCP server
> DNS caching
> Web admin
>
> I'd probably run it on a Geode box booting from a Disk-on-chip
> and then running entirely from RAM. [Roughly equivalent to a
> 150MHz Pention.]

So just worry about what works with your hardware and that you have a real
modem. The demand dialing is a non-issue (standard pppd option).

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

In article <(E-Mail Removed)>, David Efflandt wrote:

>> I'm looking for a Linux firewall distro with dial-on-demand PPP
>> as the external network interface. I realize I can take any of
>> the existing distros and add demand dialing, but why bother if
>> it's already been done.
>>
>> I've googled for "firewall" and "dial-on-demand" and didn't
>> really find anything.
>
> Yes, it has already been done by simply typing 'demand' (without quotes)
> in /etc/ppp/options or connect script of ANY current Linux (man pppd).
> It is not like you have to recompile anything.

I just figured that out. However, not all firewall distros actually support
that feature. Coyote Floppy Firewall, for example, no longer supports a
modem/PPP external interface -- though I'm thinking of trying to get it
fixed so that it does.

> So just worry about what works with your hardware and that you have a real
> modem. The demand dialing is a non-issue (standard pppd option).

Cool -- thanks.

--
Grant Edwards grante Yow! PEGGY FLEMMING is
at stealing BASKET BALLS to
visi.com feed the babies in VERMONT.

In article <(E-Mail Removed)>, David Efflandt wrote:
> On 20 Aug 2003 19:39:30 GMT, Grant Edwards <(E-Mail Removed)> wrote:
>> I'm looking for a Linux firewall distro with dial-on-demand PPP
>> as the external network interface. I realize I can take any of
>> the existing distros and add demand dialing, but why bother if
>> it's already been done.
>>
>> I've googled for "firewall" and "dial-on-demand" and didn't
>> really find anything.
>
> Yes, it has already been done by simply typing 'demand'
> (without quotes) in /etc/ppp/options or connect script of ANY
> current Linux (man pppd).

Unfortunately, it looks like the "demand" option is useless
unless you have a static IP address. Years ago, I used to use
diald with dynamic IP addresses -- how is that accomplished
today?

> So just worry about what works with your hardware and that you have a real
> modem. The demand dialing is a non-issue

According to the pppd man page, it _is_ an issue unless you
have a static IP address.

> (standard pppd option).


--
Grant Edwards grante Yow! QUIET!! I'm being
at CREATIVE!! Is it GREAT
visi.com yet? It's s'posed to SMOKEY
THE BEAR...

In article <3f44490c$0$161$(E-Mail Removed)>, Grant Edwards wrote:

>>> I've googled for "firewall" and "dial-on-demand" and didn't
>>> really find anything.
>>
>> Yes, it has already been done by simply typing 'demand'
>> (without quotes) in /etc/ppp/options or connect script of ANY
>> current Linux (man pppd).
>
> Unfortunately, it looks like the "demand" option is useless
> unless you have a static IP address. Years ago, I used to use
> diald with dynamic IP addresses -- how is that accomplished
> today?

Ah.

It looks like /proc/sys/net/ipv4/ip_dynaddr is the solution.

--
Grant Edwards grante Yow! This ASEXUAL
at PIG really BOILS
visi.com my BLOOD... He's
so... so... URGENT!!

On 21 Aug 2003 04:31:44 GMT, Grant Edwards <(E-Mail Removed)> wrote:
> In article <3f44490c$0$161$(E-Mail Removed)>, Grant Edwards wrote:
>
>>>> I've googled for "firewall" and "dial-on-demand" and didn't
>>>> really find anything.
>>>
>>> Yes, it has already been done by simply typing 'demand'
>>> (without quotes) in /etc/ppp/options or connect script of ANY
>>> current Linux (man pppd).
>>
>> Unfortunately, it looks like the "demand" option is useless
>> unless you have a static IP address. Years ago, I used to use
>> diald with dynamic IP addresses -- how is that accomplished
>> today?
>
> Ah.
>
> It looks like /proc/sys/net/ipv4/ip_dynaddr is the solution.

Yes. I have no trouble using a demand connection for dynamic pppoe. It
just initially sets dummy IPs for ppp0, and once it connects, uses the
negotiated IPs. The ip_dynaddr helps with that.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

In article <oprua0b20vii9c5d@news-(E-Mail Removed)>, Iassen Hristov wrote:

>> I'd probably run it on a Geode box booting from a Disk-on-chip
>> and then running entirely from RAM. [Roughly equivalent to a
>> 150MHz Pention.]
>
> I recommend you take a look at ipcop
>
><http://www.ipcop.org/>

That was the first one I looked at, but I was hoping to find
something that ran from RAM rather than a hard-drive, since I
don't have the DOC working yet.

Coyote looks like a pretty good candidate so far.

--
Grant Edwards grante Yow! Yow!! That's a GOOD
at IDEA!! Eating a whole FIELD
visi.com of COUGH MEDICINE should
make you feel MUCH BETTER!!

I realize that it operates off of a hard drive but
you might want to take a look at the firewall that
is called smoothwall. The web site is
www.smoothwall.org It has the capability of running
a dialup connection or an ethernet connection to the
Internet and then the other side uses a standard
NIC. It has all the items on your wish list and it
has additional features.

Virtual Private Network
Dynamic DNS using several different DynDNS organizations
Good logging to show the activity of the box
A good intrusion protection system
and a few others.

In article <ExD1b.232309$YN5.158143@sccrnsc01>, Allan Butler wrote:

> I realize that it operates off of a hard drive but you might want to take a
> look at the firewall that is called smoothwall. The web site is
> www.smoothwall.org It has the capability of running a dialup connection or
> an ethernet connection to the Internet and then the other side uses a
> standard NIC. It has all the items on your wish list and it has additional
> features.

Thanks -- if I get the Disk on Chip working, I'll take a look at it.

--
Grant Edwards grante Yow! HAIR TONICS, please!!
at
visi.com

> That was the first one I looked at, but I was hoping to find
> something that ran from RAM rather than a hard-drive, since I
> don't have the DOC working yet.
>

How about FloppyFW (http://www.zelow.no/floppyfw/)

Leo