Well, it's fast, it's tough, it's Slack!!! It's so good that I'm building my next router appliance on it cause I'm sick of dealing with IPCop annoyances. Don't get me wrong, IPCop works really well, but doesn't let you partition your disks and the latest version doesn't work as fast as it should (there's something wrong with Squid that makes it slow while serving pages from cache). And remember what I said about web-gui's?
So now I'm experimenting with some SlackBuild scripts to tune Squid and get Squid-Guard to work on Slackware. Right now it's all working pretty well on my development virtual machine inside VMWare Server. The next step is to build Snort and Oinkmaster to have an IDS on place. The caching DNS is working out of the box and the same goes for the DHCP server and packet forwarding. For this experiment to work I chose a 2.6.18 kernel with CK patches and I'm adding the l7-filter patches to throttle *mule and torrent traffic on my LAN. If I get the time I'll recompile glibc fully optimized for i686, you see, this is actually very easy on a Slack box, just take a look at the source and you'll know what I mean.
On what hardware I plan to run this? Glad you asked, I'm running it on my own version of Frankenstein, which is and old Pentium III sitting on a semi dead motherboard (the south-bridge is died 2 years ago...). For the disks I chose an Adaptec 9040 SCSI HBA with two 4Gb drives, one for the system and one for Squid's cache and the swap partition. Did I mention it only has 256Mb of RAM? It has no keyboard or monitor and of course, the console is managed from a serial port or by a ssh session.
So why don't I try this on Gentoo you may ask, let me tell you that Gentoo is an excellent distro for a workstation, a server on Slackware just works.
If I buy my Sun Ultra 20 sometime during this month, I'll switch from Slackware to Solaris 10 the router appliance cause I'll be having an extra workstation with 512Mb of RAM to play with. But that's another story, and I think Slack will be alright. Just wished it had Solaris' FireEngine IP stack and ZFS for the Squid partition...
So now I'm experimenting with some SlackBuild scripts to tune Squid and get Squid-Guard to work on Slackware. Right now it's all working pretty well on my development virtual machine inside VMWare Server. The next step is to build Snort and Oinkmaster to have an IDS on place. The caching DNS is working out of the box and the same goes for the DHCP server and packet forwarding. For this experiment to work I chose a 2.6.18 kernel with CK patches and I'm adding the l7-filter patches to throttle *mule and torrent traffic on my LAN. If I get the time I'll recompile glibc fully optimized for i686, you see, this is actually very easy on a Slack box, just take a look at the source and you'll know what I mean.
On what hardware I plan to run this? Glad you asked, I'm running it on my own version of Frankenstein, which is and old Pentium III sitting on a semi dead motherboard (the south-bridge is died 2 years ago...). For the disks I chose an Adaptec 9040 SCSI HBA with two 4Gb drives, one for the system and one for Squid's cache and the swap partition. Did I mention it only has 256Mb of RAM? It has no keyboard or monitor and of course, the console is managed from a serial port or by a ssh session.
So why don't I try this on Gentoo you may ask, let me tell you that Gentoo is an excellent distro for a workstation, a server on Slackware just works.
If I buy my Sun Ultra 20 sometime during this month, I'll switch from Slackware to Solaris 10 the router appliance cause I'll be having an extra workstation with 512Mb of RAM to play with. But that's another story, and I think Slack will be alright. Just wished it had Solaris' FireEngine IP stack and ZFS for the Squid partition...
0 comments:
Post a Comment