[ale] Linux OS to CD (Firewall)

Fri Apr 12 11:49:06 EDT 2002

On Fri, 12 Apr 2002 sangell at nan.net wrote:

> Anyone out there have any experience in converting a Linux OS from a Hard
> Drive to a CD?

It's not that difficult -- the easy way is to mount a ramdisk as /, and then
you don't even have to deal w/ issues like /etc needing to be writable.  
I've done firewalls and web servers that way....

> I have been setting up several firewalls the last few days
> based on Smoothwall Linux. I finally have them the way I want and was
> thinking about the possibility of migrating the OS from the hard drive to a
> CD. Since the entire setup is under 100 Meg it would easily fit on a cd.
> There is another distro built on this basis, Devil Linux I believe is the
> name.

See also <http://www.sentryfirewall.com/> which is exactly what you're 
wanting (firewall running off CD).  Looking at what they do and customizing 
is probably the quickest way to get it going.  One potentially nice thing 
about their system is that it's a CD - floppy combo (run off CD, read the 
firewall config off of floppy), which is a little more convenient in some 
cases than having to burn a new CD every time you want to modify the config.  
And if you don't want that behavior, it's easy to modify to use a config 
file on the CD instead....

> Also how would one handle virtual memory?

Just don't have any -- you don't have to have swap, and your firewall should 
never need to swap anyway.

> As I am typing I am think about the logs as well. Hmmmm, how about booting
> CD and mounting a small HD partition for swap and one for a log directory?

You can do that, or you can keep the logs on ramdisk and copy them off
periodically over the network, or you can setup a remote logging box behind
the firewall and log to it.  Depends on your needs....  One advantage to not
using a hard drive, though, is that you've then eliminated the primary
hardware point of failure.

later,
chris

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.