Linux-based gateway via floppy
Results 1 to 10 of 10

Thread: Linux-based gateway via floppy

  1. #1
    Member
    Join Date
    May 2002
    Posts
    82

    Linux-based gateway via floppy

    http://www.zelow.no/floppyfw/
    http://www.freesco.org/

    Is anyone using (and/or has anyone found compromises in) either one of these? If so, what's the diagnosis? Are they secure enough to protect a box for web services (on one network) and also my LAN with a second NIC? Or would I be casting my pearls?

    If it is safe, I'll yank the FreeBSD gateway I'm using now and set it up for another project that I'm wanting to experiment with (DNS Services on OpenBSD). If not, I'll have to cough up the green and get another system (which I'd rather not do because this is only a temporary project ... probably won't last more than four months or so).

    Any thoughts on this? I'm just trying not to learn things the "too hard" way.

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Hmmm... basically Link-Sys Router on a floppy? Well... I haven't had direct experience with these, but I've done nasty things (in the past) and burned BSD-like OS' to a CDROM and run them off of there. Yeah, it's a bit of a trick - and might be more than you wanted to do in this instance (you get to do neat little things like relocate swap, /var and other highly dynamic stuff in to memory - or at least to a writeable disk (much better for the preservation of said logs... LOL)). This tends to have a side-effect, however, of needing two systems... one to come up with the system on and the other being the actual system.

    I'd further venture that you could likely do the same with an OpenBSD floppy... though I think that still wants two floppies to get its kernel and RAM disk loaded.

    Blah, it's late... I should be thinking like this at this hour (or at least trying to make sense out of my writing)
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  3. #3
    Junior Member
    Join Date
    Jun 2002
    Posts
    17
    Coyote Linux is worth consideration.

    http://www.coyotelinux.com
    Where\'s the booze? -- Harry Dunne Dumb and Dumber

  4. #4
    Member
    Join Date
    May 2002
    Posts
    82
    Draziw,

    Thanks... I should have known that it would be a bad idea, I just didn't give it enough thought (by brain was fried, I think )... So I guess I'll cough up another 75 to get enough parts to get another system set up... Oh well... That's all part of the game, so it's cool.

    You're response did inspire a question or two, however...

    Let's say I was to go ahead and burn my OS onto CDROM, get 128 megs of RAM (allocate 36 megs to system, 73 to /swap, and then 19 to /var... How difficult would it be to create a process that would send all the logs to an email address once the available space on /var reaches a certain point (and then flush each log, clearing up space for the process to start over)?

    You mentioned something about needing a second system (why? or is that only if I wanted to use disk space, but didn't have a spare drive?)

    If this is workable setup, then thats something that I would like to learn to do (maybe a future experiment in the planning).

    I've heard about this once before, but it was way over my head at the time (two years playing with FreeBSD, and it seems that I've still only scratched the surface ). Is there a specific name for setting up a system like this (ie, how would I go about researching it)? Know of any good books on it?

    Much thanks! (still soaking it in)

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    If you are running one system(firewall) off of a CD, and you have your main system behind it, you could just run a syslog server of some type(yes they are out there for windows) on your main system and have your firewall send all important messages to that system.... There is no need to get so complex with email logs, etc.. etc..

    Good Luck,

    IchNiSan

  6. #6
    Member
    Join Date
    May 2002
    Posts
    82
    IchNiSan,

    I had considered that, but it would present nasty problems if my main system (I'm assuming you're talking about my web/mail server) had to be shut down or disconnected (for updating purposes, etc...).

    I could be wrong, but it seems to me that the more independant a system is, the better it is for the entire LAN. The only desireable "co-dependancy" on my LAN is in regards to Internet access. It just seems that is the best way (like I said, I could be wrong because I know there's a world of possibilities out there, and I still consider myself a newbie to *NIX).

    Thanks for the input, though. (besides, it's not like this is something I'm going to do right away... I definately want to learn how, but it will have to be a future project...)

    Best regards,

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    There's a linux-based-firewall-router-on-a-floppy called BBIAgent. That would do everything you need and you don't need much of anything to run it.

    The page is www.bbiagent.com .
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I use Freesco at home it's really very good.

    The config is simple enough for anyone who knows enough about IP to be setting up a router anyway, no Linux knowledge is required (and indeed few Linux commands actually work)

    It takes a while to boot from a floppy, and there doesn't seem to be any provision for backing the floppy up (except while the router is shut down), which is a pity (if you eject the disc, the router will start misbehaving in some respects as it needs to access this disc occasionally)

    It has very low hardware requirements (8Mb 486), is pretty secure "out of the box" and works on most systems (Quite a few common ethernet cards are supported). A bit tricky to get right if you have non-plug and play ISA ethernet cards, but otherwise ok.


    I run mine as a NAT router, DHCP server, DNS primary (for internal zone only!), and DNS cache. It also supports port forwarding but that's a bit ropey to set up.

  9. #9
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,540
    Originally posted here by Vorlin
    There's a linux-based-firewall-router-on-a-floppy called BBIAgent. That would do everything you need and you don't need much of anything to run it.

    The page is www.bbiagent.com .
    hehe... Vorlin, that's usually my reply... promoting BBIagent.

    Indeed BBIagent is like freesco (perhaps even easier to use). It's pretty secure.
    But for the particular problem in this thread, if I understand correctly, BBIagent is not the best choice cause it has less features then Freesco. Freesco can act as a simple bridge with up to 3 Ethernet segments or as a router with up to 3 Ethernet segments. While BBIagent only acts as a router / firewall / bridge between 2 ethernet segments.
    WAN ----> LAN

    Here the problem is:
    Code:
    WAN ---> LAN1
        ---> LAN2
    However thx to promote BBIAgent

  10. #10
    Member
    Join Date
    May 2002
    Posts
    82
    Thx, all...

    I spent a couple of hours playing with freesco, but decided to stick with that I have (FreeBSD) for the following reasons:
    • blackhole settings?
    • tripwire, AV scanner, sendmail daemon, etc (although I could install on HDD and have the necessary realty, but that would defeat my purpose)
    • DoS attack "condom"
    • securelevel?

    Not that there's anything wrong with freesco, but I like the features I have set up now... It's no "biggie." Thanks again for the responses (esp draziw... You gave me lots to think about and definately inspired a future project)

    Best regards,

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides