On Fri, 14 Mar 2003 08:27, Norberto BENSA wrote: > Hello, > > I need some info to setup a Gentoo box as a firewall/router. I'm currently > running Win95+Winroute here, but I'd like to replace that machine.
I currently have a very old - but hardened RedHat machine as my firewall/NAT/proxy/VPN machine. I've been looking at replacing it with a Gentoo machine for quite a while; however, whats stopping me is the fact that to keep things up-to-date you either have to have gcc on the firewall! or go the precompiled binary package route. My original plan was to have User Mode Linux on my server and have the firewall image as a virtual machine; whereby it can be kept up-to-date. Then the image is transferred over to the firewall machine. The advantage as I understand UML is that I can actually run and test the whole system including the kernel (If I have this wrong can someone please point me in the correct direction). However, this to me seemed a lot of work for someting that would sit in the carboard for the next year. My next thought was to have a chrooted environment on the server that would allow the base system to be updated where appropriate. The disadvantage is that the image couldn't be tested until it is moved to the firewall machine. Has anyone attempted this before? How have you dealt with the updating of the firewall and keeping the system secure and locked down? Has anyone been able to automate the process? How is the system tested upon every upgrade? Has anyone worked out how to roll-back an upgrade if something happens? I realise these are a few questions but I'm seriously thinking of attempting this and am interested in what other people have done. A -- [EMAIL PROTECTED] mailing list