This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Wed, 25 Oct 2000 22:33:57 -0700 To: Stephen P Williams <stephen_p_williams@pacbell.net>, From: Ray Olszewski <ray@comarre.com> Subject: Re: [svlug] Re: firewall and disk space... Cc: svlug@svlug.org At 09:37 PM 10/25/00 -0700, Stephen P Williams wrote: >On Wed, Oct 25, 2000 at 03:39:58PM -0700, Todd Lyons wrote: >> Any further suggestions? >> >> An obvious solution is to install a newer distro. Well, here we go back >> to my original statement. It's on a 300 Meg HD. It is my firewall, so >> I suppose I could do a Debian/Mandrake/RedHat network install. It just >> remains to be seen if I can keep it in text mode and fit it all on a 300 >> meg HD with a _little_ room left over for the system to run. > >My 486/33 firewall has debian 'stable' on it, with just about the minimal >installation I could get away with to build my firewall: > >firewall:~# df >Filesystem 1k-blocks Used Available Use% Mounted on >/dev/hda6 1547728 146428 1322680 10% / >/dev/hda1 31201 1397 28193 5% /boot > >I don't have a compiler on it, but I haven't run into anything like the >incestuous inter-dependency trouble with Debian that I have experienced >with RedHat 5.x, 6.x and Mandrake 7.x. I am so favorably impressed >with the Debian packaging system I plan to migrate my desktop Mandrake 7.1 >machine as soon as I can spare the time. > >This machine has no CD-ROM, and some ancient HP ethernet cards, but >installing the base system off the 5 boot floppies had local ethernet up in >less time than it took write the floppy images from my Mandrake desktop. >The major portion of the install was done from a local mirror of the Debian >stuff on my desktop machine to get me to the point of PPPoE to PacBell. >Then dselect away from the main servers. Debian is *different*, but in >this case, different is *better*. Just wanted to jump in here - I routinely build firewalls based on Debian Potato (the current "stable") that occupy about 90 megs of filesystem space, not the 150 megs you (Stephen) used in your "minimal" installaion. And even this is laziness ... I could cut the image back to about 30 megs just by eliminating man pages, perl, and all the internationalization stuff that a router hardly needs (even a minimal Debian install is pretty larded up by embedded-systems standards) ... and less than that with some real effort. Several router/firewall distributions -- LRP, Coyote, and Freesco -- come as single-floppy systems, after all. But they use aggressive cutbacks to do so, replacing bash with ash, vi with ae or tiny-elvis, and a lot of standard commands with the "busybox" portmanteau application used on most boot/root disks. === Date: Thu, 26 Oct 2000 00:25:07 -0700 To: svlug@svlug.org Subject: Re: [svlug] Re: firewall and disk space... From: Rick Moen <rick@linuxmafia.com> begin Ray Olszewski quotation: > Several router/firewall distributions -- LRP, Coyote, and Freesco -- come as > single-floppy systems, after all. Interestingly enough, LRP is based on Debian -- 2.0 "hamm", when last I heard. http://www.linuxrouter.org/ But, even better, so is Gibraltar: http://gibraltar.vianova.at/ === Date: Thu, 26 Oct 2000 08:26:09 -0700 From: Stephen P Williams <stephen_p_williams@pacbell.net> Subject: Re: [svlug] Re: firewall and disk space... On Wed, Oct 25, 2000 at 10:33:57PM -0700, Ray Olszewski wrote: > Just wanted to jump in here - I routinely build firewalls based on Debian > Potato (the current "stable") that occupy about 90 megs of filesystem space, > not the 150 megs you (Stephen) used in your "minimal" installaion. And even > this is laziness ... I could cut the image back to about 30 megs just by > eliminating man pages, perl, and all the internationalization stuff that a > router hardly needs (even a minimal Debian install is pretty larded up by > embedded-systems standards) ... and less than that with some real effort. I realize that my 150 Mb install is not as small as *possible*, but since this was my first Debian machine, leaving out the man pages and documentation would have have left this Debian newbie in an unfamiliar system that was just a little too lean. However, now that you mention it, there sure is a lot of stuff in /usr/share that doesn't seem to be necessary for an English-only firewall in the America/Pacific timezone. 17 MB in /usr/share/locale? and another 5 in zoneinfo? As you say, that's "pretty larded up". Thanks for making me look around. === Date: Thu, 26 Oct 2000 09:01:12 -0700 To: Rick Moen <rick@linuxmafia.com>,svlug@svlug.org From: Ray Olszewski <ray@comarre.com> Subject: Re: [svlug] Re: firewall and disk space... At 12:25 AM 10/26/00 -0700, Rick Moen wrote: >begin Ray Olszewski quotation: > >> Several router/firewall distributions -- LRP, Coyote, and Freesco -- come as >> single-floppy systems, after all. > >Interestingly enough, LRP is based on Debian -- 2.0 "hamm", when last I heard. >http://www.linuxrouter.org/ Slink, actually, these days. And the site you refer people to lacks links to most of the LRP development work being done these days (by people other than the original developer of LRP, who tends to view independent developers as disobedient children), making http://lrp.c0wz.com (a very inclusive directory site) a better place to start. BTW, a big topic of discussion in LRP circles is what to do about the imminent move of Slink to legacy status; router/firewalls without security updates aren't my choice for Product of the Year, and LRP has pretty much depended on SLink here. The core issue is that LRP, like all floppy-based distros, can't move to glibc-2.1.x, due to its size, blocking a move to Potato. >But, even better, so is Gibraltar: http://gibraltar.vianova.at/ Why "better"? Have you tried this distribution? I haven't, simply because I don't have a CD-ROM burner, and it's CD based. But the site you refer us to says (in part): "At the moment there are only pre-releases. It seems quite stable on my test machines, but you should not depend on it for productions machines now." And the same page still discusses the expiration of the RSA patent as a future event, suggesting it is not being kept up to date very well. I do agree that this development is promising. But it's too raw, by its own description, to use in production environments, where LRP (and Coyote and Freesco) have been sufficiently stable for productions uses for well over a year. And a floppy-only system is cheaper to build than one with a CD as well as a floppy (needed for local configuration info); since all of these distros work on 486s, the cheapness of the equipment they can use is one of their selling points (compared to, say, the Linksys or Netgear residential-gateway boxes you can buy). If you are interested in CD-based routers, there is work being done by LRP developers along this line. Try http://lrp.steinkuehler.net, though I don't know if Charles has actually posted the CD stuff yet or just provides it privately to people who ask. So I think "better" is overoptimistic about this development. Unless you know more than what is on the Web site. === Date: Thu, 26 Oct 2000 09:34:07 -0700 From: Rick Moen <rick@linuxmafia.com> To: svlug@svlug.org Subject: Re: [svlug] Re: firewall and disk space... begin Ray Olszewski quotation: > Why "better"? Better because it's not as cramped as LRP, and because it appears to be much more modern, based on Debian 2.2 "potato" and including well-chosen components, stateful TCP filtering, etc. > But the site you refer us to says (in part): "At the moment there are > only pre-releases. Also: "The project has just begun." > I do agree that this development is promising. But it's too raw, by > its own description, to use in production environments, where LRP (and > Coyote and Freesco) have been sufficiently stable for productions uses > for well over a year. Well, I just found the description very interesting, and the design well-conceived. I figured interested parties would notice the project status for themselves. The point was that most people would not have been even aware of its existence. > So I think "better" is overoptimistic about this development. I meant it's good that LRP exists and is based on Debian, but even better that Gibraltar is likewise. I did not mean, and did not say, that the current Gibraltar codebase is better than the LRP one. ===