Re: which distribution to choose
From: Dan Wittenberg (daniel-wittenberg_at_uiowa.edu)
To: Bob Jones <email@example.com> Date: Fri, 03 Dec 2004 16:57:32 -0600
Just minor points, but freeswan is no longer supported, you'd want to
use openswan instead. Also Fedora Core 3 comes with openswan natively,
so makes it real easy to use.
On Fri, 2004-12-03 at 11:36, Bob Jones wrote:
> I can only vouch for 2 distributions that are new and have good
> community support and updates. Fedora Core 3 (http://fedora.redhat.com)
> downloadable at
> and Mandrake 10.1 Community Edition available at
> http://www.mandrakelinux.com/en/ftp.php3#10.1c. A good firewall package
> that works very well (at least it does for me on the 4 systems I
> administer) is Firestarter available at http://www.fs-security.com. For
> ipsec vpn serving, look at Freeswan at http://www.freeswan.org.
> Fedora Core 3 comes pre-configured to run SELinux in enforced mode (will
> deny access rather than just warn of a problem) for enhanced security.
> Both of these distributions can be setup with the apps you are seeking
> (apache/squid for proxy, iptables with or without the firestarter
> enhancements and interface, tripwire, openVPN/Freeswan) quite easily.
> Additionally, both distributions support both a manual and an automatic
> update system -- manually with up2date and automatic with the yum daemon
> for FC3 and either a manual or scripted/CRON'ed urmpi command for Mandrake.
> I understand that SuSE 9.2 Professional (about $90.00 US) also has the
> same features. Having never used SuSE since ver. 5 or so (2.0.x kernel
> series), I don't know how it compares to FC3 or Mandrake.
> Hope this helps,
> Bob J
> Jochen Witte wrote:
> > Hello,
> > I would like to set up a firewall to protect a small company network. What
> > I would like to have is some kind of VPN solution (OpenVPN and ipsec),
> > iptables firewalling and a secure distribution with some additional
> > sec-related sofware (tripwire etc.). Also I need to run an Apache for
> > proxy-requests.
> > My question is, which distribution to choose for such a
> > setup. I would prefer a standard distribution for easy updates and
> > community support. A specific "security-enhanced" distribution would do it
> > also, if it is not too "pure" :)
> > Any suggestions?
> > Regards
> > Jochen
-- =========================== Daniel Wittenberg Senior Unix Admin University of Iowa - ITS