[Posted and mailed]
> **** Post for FREE via your newsreader at post.usenet.com ****
> I was thinking about using my son's old 486 box
> as router (RoadRunner). From everything I've
> read so far this is overkill :-) So, in its spare
> time could it act as a print server for my home
Yes (but see below).
Quote:> I'd put an HPLJ IIIP on it and may a HPLJ II.
> The other machines would run Windows 95b and maybe
> one linux box
You'd want to run Samba, then, and possibly have it accept lpd input,
too. (The Linux client could use Samba or lpd-style spooling, as you see
fit. I recommend the former for security reasons in this configuration.)
Quote:> Would I need a hd for spooling???
Probably. In theory, you might be able to use a RAM disk, but in
practice this probably wouldn't be sufficient. Not to mention the fact
that getting enough Linux on the system to host Samba might be tricky
without a hard disk. A small hard disk should suffice, though.
Quote:> How much memory? It's got 20mb now.
That should be plenty, so long as you don't have to run X.
Quote:> Is there a security issue???
Yes. Ideally, a router shouldn't run anything but the router software.
Certainly putting major servers like Samba on the computer is not
generally advisable. You can be moderately safe if you take a few
precautions, though, and if your system has a fairly low profile (for
instance, no web server, etc.), you probably won't encounter problems.
My recommendations to reduce the security risk are:
1) Remove all unnecessary servers, including NFS, web (HTTP), FTP, mail,
etc. This is also the source of my recommendation that you configure
lpd to NOT accept network connections, and instead print to the box
using Samba from your network's Linux computer.
2) Replace inetd with xinetd. The latter lets you bind services to
specific network interfaces. You can then bind any servers you
really must have ONLY to the internal network interface. You can
do this with Samba by using the interfaces and bind interfaces only
3) Configure a packet filter firewall via a script of ipchains rules.
http://linux-firewall-tools.com/linux/ has a tool that will help you
build a custom firewall for your system. Use it.
4) Read a good book or two on Linux security. I've got some
recommendations at http://www.rodsbooks.com/books/books-network.html.
Author of books on Linux networking & multi-OS configuration