on Wed, Nov 14, 2001 at 11:56:28AM +0000, Ricardo Campos wrote:
Hi all. I had an amazing time last weekend talking to some friends who are programmers. (One programs PS2 games for SONY, the other is porting "a web browser" to work on "a portable device"- all very hush-hush). Obviously, I thought- Linux needs these guys (well, guy and girl).
I think there's a linux and netbsd port to the ps2 and 1. Maybe they feel daring and want to use one of those? ;)
Anyhoo, they asked me to find out some info for them in regards to Linux servers, as they are getting broadband internet soon. It's roles would be: firewall/router and MP3 file server (they also make music). I guess they may want to serve MP3's using an FTP package, and resumable downloads may be a priority, as they would be serving dial-up users.
2.4.x would be nice, because stateful firewalls can make things soo much cleaner/easier if done properly. ipchains and ipfwadm don't support stateful rules, but iptables does. Stateful firewalls will keep track of connections in two directions. So a nonstateful firewall might have the following pseudo rules:
allow out on destination port 23 allow in on source port 23 block everything else
This means, to allow you to telnet to someone on port 23, you have to let them connect to you if they manage to set their source port to 23. With a stateful firewall however:
allow out on destination port 23 look for syn, keep state block everything else
Means the firewall will look for the initial packet of a tcp connection and then track that connection, allowing traffic in two directions for that connection. It won't allow someone with the source port of 23 to connect to you, and including the "look for syn" clause, you prevent various port scans (X/Ymas, ACK scans, etc) from seeing the rule.
There is quite a good book on firewalling; "Building Linux and OpenBSD Firewalls". Although the OpenBSD part now more applies to Free/NetBSD since OpenBSD dropped ipf in place of pf. The website for the book is http://www.openlysecure.org/
For mp3 (or ogg?), you may want to consider icecast (http://www.icecast.org). This will allow you to have an http mp3 stream. Although reencoding the stream from 128kbps to 16kbps can be quite cpu intensive. vsftpd is a good ftpd for most purposes.
[...]
Given these requirements, does anyone have any suggestions/opinions? I'm telling them to look at Smoothwall, Engarde, E-Smith, Trustix and Immunix, at the end of the day they'll have to decide...
or debian, or slackware. It might pay to have a more generic distro. (better support/more specific knowlege floating about)
Ricardo PS. Sorry I can't change my line wrapping, I use web-based mail, although I have asked the provider if they can...
If you view/edit mail with vi, this is quite useful for wrapping mail: :%!fold -s -w 72 | sed -e 's,^([^>]),> \1,'
(wrap lines longer than 72 characters on word boundaries, then replace the start of any line that doesn't begin with a >, with
)