[KLUG Members] Firewall packages & DHCP related question.
Bruce Smith
members@kalamazoolinux.org
09 Jun 2002 19:08:23 -0400
For home I'm currently a happy IPCOP firewall user. However lately I've
been investigating some other firewall packages. The reasons I'm
looking are: 1) Upgrade to iptables. 2) Eliminate the hard drive.
My requirements for a home firewall are simple. Besides IP-masq. & IP
forwarding, a DHCP server running on the firewall. Simple is good too.
After some searching, I came up with a couple good iptable candidates:
1) Devil Linux. Lives on, and boots from CDROM. Config files are
stored on floppy. No hard drive needed. Lots of services available.
2) "floppyfw" Completely self contained on a single floppy. No cdrom
or hard drive required. Has a small DHCP server, but not much else.
I started playing with "floppyfw" and was very impressed. It meets all
of my requirements quite nicely, but while reading some of the floppyfw
howto's, I had the brilliant idea to add a 3rd NIC. This is NOT for a
DMZ to run servers from, but I want to attach my wireless access point
to it's own subnet and protect my computers from any wireless attacks.
The WAP would have internet access, but not access to my local LAN.
Hacking a 3rd NIC into floppyfw was quite easy (thanks to the howto),
but I now want to run a DHCP server on each of the two local NIC's.
That's where I hit the snag. It comes with "udhcpd", a mini DHCP
server. I cannot get it to run twice, once for each NIC, or to serve
up different info to the two NIC's.
Anyone know a way to get udhcpd to serve up info for two subnets? Or
maybe I should try and replace udhcpd with the dhcpd that comes on
Redhat, but the floppy free space is very limited. Or maybe it's time
to move on to Devil Linux . . . Any thoughts?
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------