What is Gibraltar ?
Gibraltar is a project that aims to produce a Debian
GNU/Linux based router / firewall package. The package will be bootable
directly from CD-ROM, thus it is not required to install it on harddisk.
It is planned to release all source codes under the terms of the GNU
Since Gibraltar is based on Debian GNU/Linux, it will have all features
that you would expect from a full-blown installation. These include, but
are not limited to:
These options are supported for IPv4 and partially for IPv6:
full IPv4, IPv6, IPX and Appletalk protocol support
static routing for all supported protocols
dynamic routing: BGP4, BGP-4+, RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3
routing based on source address, incoming interface, type of service, source
/ destination port, protocol type, ...
full NAT and masquerading support (even in combination with source-based
transparent proxy support for
CBQ, CSZ, RED and others traffic control
support for ethernet (10, 100, 1000 MBit/s), wireless, token ring, ARCnet,
PPP, SLIP, PLIP, ISDN and HAM radio network interfaces
multiple interfaces supported (already tested with 12 interfaces )
advanced firewalling: stateful / non stateful
address configuration options: static, BOOTP, DHCP, dynamically via PPP
can act as a DHCP server to configure IPv4 clients
can configure IPv6 clients which use stateless
These are the minimal requirements for running Gibraltar:
Normally, a Pentium class PC can handle multiple 100 MBit/s interfaces
for routing, NAT and firewalling without problems. Optionally, a harddisk
can be used to store log files and other persistent data. The main configuration
data will be stored on a single floppy disk.
Intel 486 compatible or better
16 MB RAM (it may or may not be possible to run with 8 MB, but this has
not been tested)
any ATAPI or SCSI CD-ROM drive (does not have to be bootable)
Gibraltar is designed to work completely off the CD-ROM, with configuration
data stored on a floppy disk. This is quite different from the common approach,
where everything (program and configuration files) is stored on a hard
disk. It might be uncommon and new, but there are quite a few advantages:
However, there are also disadvantages of not storing the program files
on a harddisk and I do not want to hide them:
easy handling of configuration (write-protected, backup, different versions)
There is also the option of installing Gibraltar completely on harddisk,
thus eliminating the disadvantages. But if Gibraltar is installed completely
or partially (only the program files, configuration data still stored on
floppy disk) on harddisk, some of the advantages are lost. It will not
be as secure as if it would be running from harddisk and if configuration
files are stored on the harddisk, they can not be handled transparently.
a CD-ROM drive must be available
a software update needs a new CD-ROM and a reboot
Another design goal is to make it operational without a system console.
There is no need for a keyboard or a monitor to be attached to the machine
is running on. Everything can be configured over the network. Any operations
that need to be done directly on the machine (e.g. inserting configuration
disk during bootup) are possible without a monitor. When a disk needs to
be inserted, the machine simply beeps. It is also possible to configure
it fully over a serial line,
You can view the beginnings of a detailed project
description in German. When I have finished the German version, I will
translate it to English.
Here you will soon find the user documentation
and the technical documentation of the internals
The project just begun. At the moment I am working on getting my test installation
to run with a read-only root filesystem. This is not that easy. The current
Gibraltar CD works from its read only filesystem, but I am not sure if
all of the software packages work without further changes. I have tested
the standard daemons, ssh, webmin and postfix. If you encounter any problems,
please tell me.
However, the initrd boot image is already working and I am quite happy
with it. It does already all things it should: auto-detect SCSI adapters,
load the appropriate modules, check for installed CD-ROM drives, search
for the Gibraltar CD and set the root device to it. So, booting with it
from a CD works, the init is called from the CD root file system.
At the moment there are only pre-releases. It seems quite stable on my
test machines, but you should not depend on it for productions machines
You can download it from one of the mirror sites (see below for the
The ISO images are now signed with my GPG/PGP
public key. It is also available on public PGP key servers with the
name "Rene Mayrhofer <email@example.com>" and the ID "C3C24BDE".
Important note: After booting the downloaded version, the 'root'
account on the system has the password 'gibraltar'. You should change this
as soon as possible.
Attention: I was recently informed
that at the moment it is illegal to use Gibraltar inside the USA because
it contains code based on the RSA algorithm (it contains the openssl package
which is used by others like openssh or libnet-ssleay-perl for providing
https support for webmin). Until the RSA patent expires on 20. September
2000, these programs can not be used legally within the USA.
You can check the expiration of the patent here.
I think that software patents are very contra-productive. If you think
so too then please sign the petition
against software patents in Europe.
The administrators of these sites were kind enough to offer a mirror for
Gibraltar. Normally, mirroring is done daily so new releases will show
up on the mirrors on the next day. If you can, then wait for a day and
download from the mirrors.
Attention: At the moment I try to
find out if servers in the USA can legally mirror Gibraltar. It contains
strong encryption software and therefore there might be problems when it
is downloaded from an mirror in the USA (they call it "exporting" although
the software has been put together outside the USA). So to be safe, you
should download from a non-US mirror if you live outside the USA.
There is a mailing list for Gibraltar that is used for announcements and
discussions. At the moment, this list is very low-volume. If you are interested
in Gibraltar, you can subscribe to the list here.
The author of all scripts used for booting a Debian GNU/Linux system from
CD-ROM is Rene Mayrhofer. You can contact me directly
(email to firstname.lastname@example.org) or via the Gibraltar mailing list.
This server is powered by Debian GNU/Linux.
The Secondary DNS Server for gibraltar.at has been donated by