What distro..

Discuss Applications
User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

What distro..

Post by Basher52 » Thu Dec 23, 2004 4:46 pm

I want the smallest distro out there.

What I need is:
iptables
compiler
Dont need X

I tried DSL, but I couldnt find a compiler and I have no idea what to install :(
otherwise its kinda nice :D
I needed a compiler so I could install iptables, so if this is a choice, let me know what version of compiler to install :D

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Dec 23, 2004 7:30 pm

The smallest linux distro I run with iptables is OpenWRT:

http://voidmain.is-a-geek.net:81/

That runs on a Linksys wireless router which only has a total of 16MB of memory that is used for both disk and running programs which means the distro itself only consumes around 4-8MB. Of course the linksys router has a MIPS processor, not an x86 based like what you probably want to run on. You could retarget the distro to x86 easy enough but it sounds like you are looking to just set up a firewall in which case there are several firewall distros out there. You could even run your firewall off of a CD and not even have a hard drive. Smoothwall is such a CD firewall distro and it's redhat based. I think there is a single floppy based distro for use as a iptables based firewall, router and more called FREESCO:

http://www.freesco.org/

If these are not what you are looking for maybe you can provide a few more details on what you plan on doing.

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Fri Dec 24, 2004 1:21 pm

Void,

If the linksys router has a MIPS processor, how then is the distro running? and how does a retarget work?

thanks..

User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Dec 24, 2004 4:04 pm

Ive read up on Smoothwall and its good... except :(
it dont have SCSI support.
I read the forum and found that its possible to recompile the kernel to add
SCSI support, but thats something I wont be doing since I know I just sc***
is up :(

I looked at ur 'OpenWRT' too, but i cant find where to read about it.
does this one support SCSI?

or do you have any other suggestions?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Dec 26, 2004 11:03 am

agent007 wrote:Void,

If the linksys router has a MIPS processor, how then is the distro running? and how does a retarget work?

thanks..
Linux runs on many different processor types, x86, MIPS, ALPHA, SPARC, etc, etc, etc. Obviously there isn't enough memory on a Linksys router for the compiler or the ability to compile the kernel on the device itself so you have to compile the kernel on a machine that has more resources and then install the binary kernel on the Linksys box (actually you bundle it in the file system image (firmware) that you will build for the linksys box). Now, since the machine that you are compiling the kernel on probably isn't running a MIPS processor (I do it on my x86 based machine) you have to target the kernel to MIPS since that is what it will be running on. This is called "cross compiling" when you compile on one architecture but intend the binaries to run on another architecture.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Dec 26, 2004 11:05 am

Basher52 wrote:Ive read up on Smoothwall and its good... except :(
it dont have SCSI support.
I read the forum and found that its possible to recompile the kernel to add
SCSI support, but thats something I wont be doing since I know I just sc***
is up :(

I looked at ur 'OpenWRT' too, but i cant find where to read about it.
does this one support SCSI?

or do you have any other suggestions?
Again, I can give you better advice if you tell me what you are trying to accomplish. :) Give me details. From what I can guess from the few details you have given so far is that you want a full distribution and are going to run it on a machine with a hard drive but this is just a guess. I have no idea what you plan on using this for.

User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Sun Dec 26, 2004 2:57 pm

I want to install a small firewall just to show at work how easy(:P) it is and that you can use old hardware for it.
The compiler is there, just incase some new features are needed.
X wont be necessary just to show how small the installation can be and that you will be able to controll it through commandline via shell logon.

If they like it, this machine may be installed for professional use.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Dec 27, 2004 1:00 am

What's the specs on the hardware (processor, memory, disk space, etc)? My firewall (that this web server is behind) is an old Pentium 100 that I built many years ago as my main desktop (was a hot machine at the time). It has 128 MB of RAM and has 3 network cards in it so I have a DMZ (where this web server resides). 128MB of RAM is actually more than it needs but I also use it as a proxy, content filter and a few more things. The machine is actually a little slow to be doing the proxy/filtering but it's good enough for what I need and certainly enough for a firewall. You can see a simple network drawing of roughly my layout:

http://voidmain.is-a-geek.net/si/?i=net ... work%20Map

The machine is currently running Fedora Core 1 (without X installed of course) but when I first made it a firewall I think I had Red Hat 5.2 on it which was the latest version of Red Hat at the time. Of course Red Hat/Fedora comes with iptables, as does most other distros out there. I used to just have a firewall script that did the ipchains/iptables commands and you can still do it that way but now I prefer to use a utility called Shorewall which is not much more than a set of scripts that allow you to put all your firewall statements in a few config files, a little more firewall like. Here's shorewall:

http://www.shorewall.net/

The nice thing about using a regular distro is that customization is a little easier. For instance if you want to run squid all you have to do is "apt-get install squid", configure it and add your firewall rules. Of course if you want to keep it a true firewall and keep it minimal and more secure you would not have it perform these other functions. I personally would probably use FC3 or Debian if I were to install one today. I will probably upgrade my current one to FC3 at some point. I usually don't upgrade it every new release that comes out but do keep the version I am running up to date with all the latest updates nightly. I usually do a "custom" install and deselect most everything (including X, etc) so it's a minimal install. Then after the first boot I do a "rpm -qa | sort" and list all the packages and remove more things that it installed as a minimum that I do not need "apt-get remove xxx". I turn off all unnecessary services and configure iptables (with shorewall in my case). You can probably get a little smaller with Debian though as the packages are broken down a little more finely. Just my 2 cents.

EDIT: Actually, when my current P100 dies I will probably use my spare Linksys wireless access point as my firewall. It makes a great firewall because it has three interfaces (two ethernet and 1 wireless) plus a 4 port switch built in, it runs Linux, has no hard drive and costs less than $70 brand new. It's a perfect little firewall really. I would use OpenWRT as my distro as I mentioned (which I am currently running my wireless web server site on):

http://www.openwrt.org/

User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Mon Dec 27, 2004 4:27 am

Hardware: CPU: Pentium Pro 266MHz, Memory=96M, Disk: SCSI 1.4G

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Dec 27, 2004 8:41 am

You can surely get Debian installed on a disk that small and I would think you could get a minimal install of Fedora on it. I have another FC1 machine that only has a 1GB disk in it with only 600MB in use (use it as my dhcp, dns, domain controller).

User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Tue Dec 28, 2004 12:55 am

I guess i could try those out, but i also would like to see this Smoothwall for my self... i cant believe its that small :P

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Dec 28, 2004 7:51 am

But Smoothwall is nothing but a stripped down Red Hat with some extra GUI firewall configuration added from what I recall. I don't know if they are still using Red Hat 9 as a base or if they have moved to Fedora, or maybe something else.

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 » Wed Dec 29, 2004 5:15 am

I used to run Slackware 9.1 on a computer slower than that, with X!

If you haven't heard of ZipSlack, you ought to check it out. A full-featured Slackware version that fits on a 100MB Zip disk.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Dec 29, 2004 7:46 am

I still wouldn't run X on it regardless of what distro you use as a base. No need for it, especially on a firewall box. If I did want a GUI I certainly wouldn't want it to be X based. It would be web based or ncurses based. I don't even install X on Servers with 4 processors and 4GB of RAM, mainly because I usually don't ever touch the console except for the initial installation and I don't use X based tools for configuring so... On the extreme side of things on my Linksys unit you even have to do the install from remote because there is no console, no keyboard, and no drives. Better not mess that install up or you could end up with a blue paper weight. :)

User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Dec 30, 2004 12:57 pm

I installed TSL today at work, worked perfect and its only about 200M or so :D

thx again for the replies :D

Post Reply