localized firewall distro

D

dorris

Well-Known Member
Joined
Nov 3, 2003
Messages
476
Reaction score
0
Location
.
Hey guys.

Just statting if there would be any ineterest in a localized firewall distro?

it will stand out from international distros as its main function will be to connect 2 accounts to 1 dsl line, 1 for local (IS) and another for international (saix/IS) ,handle the routing and list of local routes, and share the internet amongst network clients.
(AND WILL HAVE AS MUCH ANTI-telkom sentiment as possible, perhaps it will be called hellkomux)

I am currently running such a system, which gets an updated list of local routes daily, and modifies the routing tables at each reconnection.
and is capable of portforwarding and port holes.

Anyways, currently, its not the most user friendly (all text based configs), and no installer scripts.
If there is a demand, I'll consider hacking a version of the debian installer, to configure a fresh debian system geared to this type of routing, as well as some php consoles to manage the services/accounts etc.

Anyways, like I say, I'm willing to do it, but currently it suits my needs as is, If I do renovate it, it will be for the community, but it will take quite abit of my time, so ... if theres enough people willing to donate some moola for such a tool, I will go ahead with it.

saying this, I do not mean I will be charging for it, it will be opened up to the greater community, freee of charge, source too. but would like to create something , and if it comes to good use, would like something in return.

so...is it worth my while?
 
Last edited:
I could help

I can can help you, though use Ubuntu rather than debian, more people in RSA people know how to use it. I think RSA IP ranges are static, an iptables rule can discern international from local. What I would like is for my router to be able to switch accounts for local and international usage while allowing my 2 other flatmates to continue their activties without me screwing with their ICQ or downloads which cant resume.
 
my vote goes to a SUSE distro :D

suggestions - include Squid, SquidGuard, bind, sendmail (and automatically deliver mail to the correct SMTP server i.e. IS's SMTP if on an IS account, Telkom's if on a Telkom account, etc) and fetchmail.

Maybe investigate writing a WebMin module (for the less technically inclined users) ?
 
Yeah would be great, I also wanted to do something similar a couple of months back, I also used SUSE as was mentioned by masticore, all the requirements he mentioned are wise, a good caching proxy like squid would be a must. The idea you have is great most people, would rather donate time than money, I believe!

So i would help too. How does your setup work at the moment? IPCHAINS routing getting the ip's with netcat?

Any way if you want to do this give a shout out, I think allot of people would be interested. You can then maybe even call it mylinux or myrouter as in myadsl? :)

EDIT: damn I only just saw when you posted that original post! almost a year ago! lol anyway still think it is a good idea!
 
Way ahead of the curve to have been thinking about this a year ago already. :)

This would be useful to people that a, share a connection, or b, have routers that don't allow routing to one connection and bridging to another.

Had someone just yesterday for whom this would have been very handy indeed - they're thinking about getting an IS account for usenet access but their router only does routing or bridging - not both.
 
Excellent idea! However Ubuntu and SuSE are both great distributions I'd say stick with Ubuntu. It already does a great job as it is and is widely renowned not only in RSA :D .
 
If you want to do this on a pc I wouldn't go for ubuntu/suse/or any of those fancy distros. Gentoo, slackware or debian would be the best imho. Maybe it would even be better to do this on a router, and bring out a couple of firmwares for the more popular ones that are linux based (d-link, linksys, etc).

That way users can download your firmware load it on their router and not bother about the hassles of installing / partitioning a machine.

- twiga
 
The thing is if you make a custom firmware for a router only one type of router would be supported. and it would most probably be the WRT54GL or some linksys :) I think if we should stick to using a distro people can install. I do agree, after some thought that maybe slackware or gentoo would work in the original post doris mentioned debian, both debian and gentoo are cool, I only suggested suse as its installer scripts are soo easy to config and selecting the correct packages would be easy and yast.

The only thing that really is needed that you won't find in package lists is the script that would physically handle the setting up of routes and initializing both connections. Then all that is needed is to edit an install script to install the base linux system and config kernel with all the needed support and install the packages as mentioned above, squid, bind, dans-guardian, mail etc.

It would be very helpful to allot of people using adsl.
 
Good Idea

This is a really good Idea.

Why not use an existing firewall type distro such as Smoothwall, IPCop or ClarkConnect or similar. Most required features will be there already. You can just modify the routing tables or whatever.

I think this will save time and bandwidth (Smoothwall is < 50MB) and the web-administrative (webmin) features are already included in these distros.

I would be more than happy to test this distro on my server machine which is currently running ClarkConnect so that I can have it as a print server etc.
 
masticore said:
my vote goes to a SUSE distro :D

suggestions - include Squid, SquidGuard, bind, sendmail (and automatically deliver mail to the correct SMTP server i.e. IS's SMTP if on an IS account, Telkom's if on a Telkom account, etc) and fetchmail.

Maybe investigate writing a WebMin module (for the less technically inclined users) ?
Click to expand...

Agree 100% SUSE ALL THE WAY!
 
xistenz said:
This is a really good Idea.

Why not use an existing firewall type distro such as Smoothwall, IPCop or ClarkConnect or similar. Most required features will be there already. You can just modify the routing tables or whatever.

I think this will save time and bandwidth (Smoothwall is < 50MB) and the web-administrative (webmin) features are already included in these distros.

I would be more than happy to test this distro on my server machine which is currently running ClarkConnect so that I can have it as a print server etc.
Click to expand...

Didn't think about that. Good idea! I am getting smoothwall now, i am running ipcop at the moment, works great configured my squid to allow use of openbrowse from openweb to only route international via the openbrowse proxy tried a while ago to get the routing and simultaneous connections to work but couldn't get it figured out 100% didn't really try hard.

So any one up for a challenge? This could be a worth while mini project, we still need to decide which distro to based it on, suggestions have been: Debian, Slackware, Gentoo, SUSE and then all the firewall type distros like smoothwall and ipcop. :cool:
 
xistenz said:
Why not use an existing firewall type distro such as Smoothwall, IPCop or ClarkConnect or similar. Most required features will be there already. You can just modify the routing tables or whatever.
Click to expand...

The trouble with Smoothwall is it relies on having multiple NICs and support only 1 external interface. IPCop is based on Smoothwall so has the same problem.

That said though, they should be possible to adapt. It will just be slightly trickier than people probably anticipate.
 
xistenz said:
I'll see if i can tie in the info from this thread over the weekend
Click to expand...

Yep think thats all you will need! We worked until late to get it all working, thanx to eremos and twiga's script, I got it working after some tweaking for my needs! I am writing up a howto, will publish as soon as I am happy with it, but for now I still have an exam to write tommorow, will be studing today so will only be able to put it up next week sometime, hopefully by then I have my degree! :D

Good luck shout if you need any help.
 
I think Ubuntu will work best, you want a functional system, my proxy doubles as a media center in the living room, not all people have an old PC about which they can use for shorewall and mini Linux distributions. I'm sure people would also want to run the "setup" on their desktops. The installation can be done with a script to apt-get install squid, related packages and configuration. Maintaining a single package is allot less work than maintaining a distribution. At best we might only need to update the package every 6 months with new Ubuntu releases.
While we are all talking about Linux, does anyone use a DC client to connect to saDC successfully? I tried to modify the source of linuxdcpp to reply with the same version string as saDC but no luck. The email address to contact the admins don't work either. Would appreciate the email or ICQ number of someone who can help me.
 
Another thing, a single package is a smaller download for capped users than a 50mb ISO. Most of the Linux users run squid anyway, packages we need in the install script are already in the archive cache. I run a proxy on my desktop with reload-into-ims ignore-no-cache ignore-private ignore-auth enabled and one in the living room for my 2 flatmates.
 
Okay, I am having trouble getting ClarkConnect to play ball.

I am going to try Ubuntu-Server now.

ftp://ftp.is.co.za/mirror/ubuntu/releases/edgy/ubuntu-6.10-server-i386.iso 452MB
ftp://ftp.is.co.za/linux/distributions/ubuntu/releases/6.10/ubuntu-6.10-server-amd64.iso 464MB

I have found a guide that allows you to turn the ubuntu-server into a firewall gateway at http://www.howtoforge.com/ubuntu6.10_firewall_gateway

I am going to go through this and see I can get it to work using Virtual PC first.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X