I was wondering if anyone has been through the process of configuring their linux box as a gateway (not something I've attempted yet), ie to have a setup as follows: 2 x NICs, one attached to a cable modem, one attached to the local network with DHCP, IP masquerading and a firewall. I'm getting a cable modem installed in a couple of weeks (broadband, at last!) and I want to prepare - I've heard that there are differences between the distributions as far as ease of setup of a setup like this. If anyone has any advice towards distributions, versions, or recommended components or setup, I'd be very glad to hear from them. The most recent distribution I have is from eridani and is based on the red hat 6 distribution.
I would strongly recommend that you look at the e-smith distribution ( http://www.e-smith.org/ ) for this. It is a version of Red Hat 7 explicitly built to be a gateway/firewall and an internal file/web/email server. It's very easy to install and set up, has a nice web configuration front-end and takes security seriously. I have one set up as exactly the system you describe and it works really smoothly.
Looks good. I'll have to wait until I have the cable modem before I can download the CD images. I haven't used a gateway at home before; e-smith say on their website that a P90 is the minimum requirement for the kind of setup I'll have. I have a spare P133 PC at home with 80Mb of RAM that I wanted to use - I don't know whether this will suffice as the gateway - is speed a critical issue for the gateway box? If speed is important for the gateway I have a K6-233 with 64Mb I could use instead, but there are only likely to be 2 or 3 other machines on the network routing traffic through it so it would hardly be under a heavy load. Did you use a fast machine for your router? It's just that considering that the internet connection itself is potentially a bottleneck will it matter if the router is not so fast ?
Speed is not really an issue, unless you have heavy traffic (particularly if you use "squid" for proxy caching), but the web interface for configuration will obviously be a bit leaden. When trying it out I installed it on a P133 with 48MB of Ram and it ran fine for everything i could throw at it (although I only had a 56k modem at the time). I've since upgraded to a C700 with 128MB and that's solid as a rock too. I only needed the extra "oomph" because I've installed Java and Resin on it, and use it as a testbed for some of my dynamic websites.
just a progress update to this post... I downloaded e-smith, and found it to be a really nice distribution, making it easy to deploy extra custom apps. However, there was a handshaking problem between dhcpcd and the blueyonder dhcp server which meant it would always time out and never connect to my provider. I experimented with other distributions and it went as follows: mandrake 8.0 standard distribution -- worked well but was excessively large and wasn't set up to route packets properly - I wasn't about to spend ages coaxing it, so I moved on. Would be great as a standalone workstation though - I found it much more stable than mandrake 7.0 smoothwall 0.9.8 stable -- great firewall/gateway, compact distro with minimal HW requirements and a small footprint but used the same version of dhcpcd as e-smith and had the same handshaking problem. mandrake SNF 7.2 -- Mandrake's Single Network Firewall, a nice although large distribution to act as a firewall/gateway, connected just as well as mdk 8 but was very restrictive out of the box (now that's a good thing for a firewall I admit, but I wanted to get a good setup out of the box, not wanting to spend too long fiddling about). So... lastly I tried smoothwall 0.9.9 beta, patched it up, and it is superb. I'm very impressed with it, and so far it is very fast, seriously secure and allows my home network to access the internet freely. What impressed me first of all was the fact that the iso image for install is only about 20Mb in size, so burning a CD and installing takes next to no time. It also has an excellent web admin setup, better than any I've seen so far. It lacks e-smith's i-bay setup, but I can cope with that for now. The stable release is due at the end of this month so I'll upgrade to that then. [This message has been edited by George Brown (edited August 21, 2001).]
Very interesting. I never tried smoothwall, because I needed the webserver/shared drive/shared printing features of e-smith. If I was setting up a dedicated firewall/gateway in the future I'd definitely give it a try. Glad you've finally found something you can use.