RE: [sheflug] Suggestion of distro

[Barrie Bremner <xxxxx [at] xxxxxxxxxx>]

Hi all.

Please excuse the lack of ">" - I've had to copy and paste from a telnet 
session :-)
I'm stuck at work for another 4 hours and I wanted to get my 2p in :-)

=== James wrote: ===
Im going to change my Smoothwall firewall system into a workstation next
week sometime but im not sure which distro would be best.

so my requirements for this distro:

(1) must still act as a firewall - using GShield or PMFirewall? am not sure
which to go for, does anyone esle use these?


Use IPTables (or IPChains if you're planning on using a 2.2.x kernel).
Anything else is likely to be a frontend to those two systems.
The linux kernel contains the functionality needed for the machine to act as a 
firewall - you'll just need to make sure you install the userspace tools 
('iptables' or 'ipchains' commands).

As far as I can tell, most will happily run as a firewall.
The only differences are the bloat that they install by default, the services 
they have running by default and the amount of time you're going to have to 
spend securing the machine after the initial installation.

My own firewall is a heavily slimmed down Redhat 7.0 machine with all the 
updates).
I'll be updating my firewall machine shortly, and it's going to be either 
Debian 3.0 (Woody, as mentioned by Will), Free-/Open- BSD or Slackware in that 
order.
Redhat is just too much hassle to delete the excess packages, even from a 
minimal "custom" install. I suspect that SuSE, Mandrake and the like will be 
similar.


(2) software must be easily updated - like with suse where you just clcik on
update and it gets all the patches etc and installs them


Debian, FreeBSD (probably the other BSDs), even Redhat (up2date or Ximian's 
redcarpet) or any else that can run redcarpet.
On a stripped down machine, doing installs by hand isn't that hard. If you 
plan on having a lot of stuff on the machine, then you need an updater.


(3) reliable - my housemates are gonna be a tad pissed off if the internet
dies everyday, especially since im not here to fix it a lot of the time

Not Windows? Check :-)


(4) will also be running a webserver so i can host my own site with a dyndns
name or similar

Apache is your friend. Keep it up to date. Read and understand how to 
configure it.
If you're not sure, it shouldn't be on the Net.



(5) fairly simple for semi-newbie like me - ie. i can follow help files etc
on the net but not if its all non-standard directories and different config
files etc

You're probably going to have a fairly steep learning curve if you're looking 
to get everything set up properly.
Depending on the distro, you can have a server running from a blank disk to 
serving connections in under and hour.
About 2 minutes later it'll get hacked :-)

Understand at least the fundamentals on how to secure your system before 
putting it on the end of connection.

If you're looking at running an FTP server, avoid WU-ftpd. ProFTPd is popular 
and more secure, but there are probably still better choices.

Cheers.

Baz.

--
Barrie J. Bremner         OpenPGP public key ID: F78CEE08
TheEnglishman [at] ecosse.net   http://barriebremner.com/

   "Linux? Is that some kind of MacOS?"
      -- BT technical support

___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.