Introduction

Some years ago, when I was new to networking (and the Internet), I was tasked with establishing an Internet connection for the organization in which I was employed. I spent thousands of dollars on a proprietary software package with a 255-user limit. In just over a year after I bought this software, the publisher sold the rights for the software to another company, who wasted no time in dropping support for my version, leaving me with one choice: spend thousands more for an upgrade to the next version or lose support. It was at this point that I embarked on a search. I was looking for more than just another firewall package; I was looking for a better way of solving software aquisition and support problems. Ultimately, I wound up at Rick Onanian's c0wz.com site, and after a bit of playing with LRP, Materhorn, and EigerStein, I realized I found what I was looking for. Once I decided that EigerStein was going to meet my firewall needs, next came the pitch to the boss. The deal was, I could implement the solution, provided that I document everything I did (in case I ever left). This manual is (with the boss's permission) a derivitive of that documentation, modified to be more generally useful. Maintaining this is my small way of giving back to a community of developers/users who enjoy or just require good networking products. I hope you find it of some use. Should you find any problems with the steps I have presented, please contact me, as I would like to make this as accurate as possible, particularly for those newcomers who aren't quite as experienced in Linux and/or networking as the many who have helped me.

This document presents the process of setting up a firewall using the EigerStein distribution of the Linux Router Project (LRP) firewall. The Linux Router Project is made up of developers who have joined together to create a copy of Linux which will run on a floppy disk, and provide routing and firewall services. The name LRP describes both the organization of developers, and the software they produce (i.e.- LRP version 2.9.4). The name Eiger refers to a modification of the LRP software to use a newer version of Linux which is more secure, and makes use of the more current networking technologies of Linux. Eiger was the fourth modification of LRP, coordinated by Matthew Grant (predicated by an unnamed release, Kilimanjaro and Materhorn). EigerStein is a further modification of Eiger, coordinated by Charles Steinkuehler. Matthew Grant no longer supports the Eiger software due to security problems in some of the software used in its creation. Charles Steinkuehler, however, has continued support for Eiger; fixing many of the security holes, changing the name to EigerStein, and setting up a web page for support (among other things). Web sites for these people/organizations appear at the end of this document in the Resources section.

All LRP and derivative distributions, are a stripped down version of Debian Linux. The commands are very similar to those in Debian Linux, however they are not entirely the same commands. They are a version created for tiny Linux distributions as a piece of software called Busybox. The Busybox commands don't have as many features as the real commands, but perform essentially the same tasks, producing the expected results.

EigerStein is configured predominantly through a menu-driven application called lrcfg. This script file allows you to access most of the files needed to configure your system. In addition, it is the preferred way to backup your EigerStein file system to disk. You can type [q], then [Enter] to exit lrcfg. Once in the shell, you can type lrcfg, then [Enter] to reload the configuration script.

This document covers Ethernet to Ethernet firewalls only. This second major revision sees a great many new additions, and a few corrections here and there. This will likely be the last revision of this document for EigerStein, as its predecessor, Dachstein, was recently released in beta.

Contents
Conventions, Downloads, and ChangeLog
Applications Used