In article <[EMAIL PROTECTED]>,
hans schneidhofer <[EMAIL PROTECTED]> wrote:
>hi again,
>have made a testinstallation with :
>15 MB on /
>25 MB on /usr
>64 MB on swap
>20 MB on /var
>
>but got a lot of errors of about too less diskspace. For shure, all doc-files,
>and such files are not interesting, but there are errors of about missing
>ld.so, some libs, i.e. After a short time the installation-procedure kills
>itself.
>
>how looks your fstab? which filesystems have you made ? Are my used
>filesystems and sizes unusuable ? Should I install the kernel-sources for
>setting up the kernel (have kernelversions 2.0.36, 2.2.5-22 as sources)
>Think for using two ethercards I have to setup the kernel as
>"optimize as router, not host", or is this unnecessary with a 2.2.5-kernel ?
My router's partition table looks like:
32 megs on swap
92 megs on /
There's ~50 megabytes of immutable (chattr +i) files on the disk, the
rest is space for logs.
If you have a fairly stable router configuration, you may choose to lock it
down by splitting '/' into two partitions: one read-write (/) and one
read-only (/boot, /usr). You can also get creative with RAM disks here
if you don't want even /etc and /dev to be modified on the disk. This has
the nice feature that if your disks or disk controller starts to die, it
has that much less probability of clobbering the disks with misplaced writes
and destroying all your security tools.
I speak from experience--there's nothing like watching a firewall
"forget" to run /etc/rc.d/init.d/firewall-setup when you're miles away
from it and there's not enough of the system running to shut it down
remotely. Fortunately, this system also "forgot" to run the parts of
its configuration that set up IP forwarding, so my network was safe at
the time, but that was pure luck :-/. This is why I put firewalls behind
sacrificial bastion hosts, instead of beside them--it provides another
machine that can be shut down to take a rogue firewall off the net.
--
Zygo Blaxell, Linux Engineer, Corel Corporation. [EMAIL PROTECTED] (work) or
[EMAIL PROTECTED] (play). Opinions above are my own, not Corel's.
Size of 'diff -Nurw [...] winehq corel' as of Thu Jun 3 13:14:00 EDT 1999
Lines/files: In 20094 / 98, Out 17319 / 152, Both 12093 / 142
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
