On Sunday 17 February 2002 07:34, Clayton Cornell wrote:

On Sunday 17 February 2002 07:50, Alex Daniloff wrote:

...

Hello SuSE folkz, I've got an old 486 DX 75MHz PC with PCI and ISA slots. I'd like to to utilize this dinosaur as a firewall box using two 100MB/sec PCI NICs.

There are a number of factors... how are you planning on using the 486 as a firewall? Are you going to invent your own configuration and install? Or, have you found some firewall software package you plan to use?

Smoothwall, for example, is a nice firewall package that will turn an old PC like you have into a router/firewall. If you use this package on a 486 with 100mb NICs on a small home network - 2 or 3 machines - you will not notice any speed issues.

The general bottlenecks you will have, using the Smoothwall example, are: Processor - trying to filter more packets than the processor can handle. You can use a 386, but 486 or higher is better. Drive space - too small HD (under 100 MB), and using your firewall machine as a web proxy means lots of drive access delays. RAM - not enough RAM... less than 8MB is a problem Internet connection - slow dialup connection is always limited. Use the fastest that is available/affordable. Front bus speed - never looked at this as a possible speed limiing factor.

Basically performance depends on how you are planning on using the old machine (configuration, firewall application etc.), and what kind of network it's going to serve.

If you havn't yet decided on a specific approach, I'd suggest you have a look at Dachstein: http://lrp.steinkuehler.net/DiskImages/Dachstein.htm The general idea is to have everything on a floppy, load the system into RAM, and thus eliminate the need for harddrives (minimizing powerconsumption/ noise). At the site are downloadable images (various configurations available) that you basically slap onto a floppy, boot, fill in stuff about your network(s) (ip-addresses//whatever) save to the disk, reboot, done... (unless, of course, you run into trouble ;-) One thing is, that since the whole system lives in RAM, you'd want to have plenty of that (16 MB works, though more is better). But the upside to that is, that once you've tweaked it to the point where it's doing what you want, you can write-protect the floppy. So that if you ever get the feeling something's not 'right', you just boot the machine, and *everything* goes back to the way it's set on the disk. There's support for a DMZ, so if you need to have any publicly accessible servers, you can put them on a separate net. And lately a CD based version has been introduced, so you can go beyond the (after all) pretty limited space available on a floppy. All in all, a very nice way to go, IMHO. Lots of different features, and a friendly mailing-list, to help you out of a tight spot... Me like'um ;) HTH Jon

On Sunday 17 February 2002 10:26, Togan Muftuoglu wrote:

* Jon Clausen; on 17 Feb, 2002 wrote:

...

And lately a CD based version has been introduced, so you can go beyond the (after all) pretty limited space available on a floppy.

All in all, a very nice way to go, IMHO. Lots of different features, and a friendly mailing-list, to help you out of a tight spot...

The only thing that I do not like is the glibc version which means you can not use a binary package from your SuSE CD since the glibc is different. :-(

Sentryfirewall is CD based as Gibraltar with Sentry being Slackware born and Gibraltar Debian. It would be realy nice if there was a version based on SuSE ( yes I know the SuSE Firewall product).

There is that, but since I've only used the floppy based version as yet, pretty much any binary, off of any distro would be too big to fit ;) Jon