Linux Floppy Router

Copyright (c) 1997-2002 Len Padilla
Based on the work of many others, see THANKS

LFR is distributed under the GNU Public License (GPL). See the COPYING
file for license information. Download it.
(md5sum 859e91e840afe26b01b98469219e20a4)

LFR is a Linux/Netfilter based firewall/router on a single floppy disk.
Think of it as a micro Linux distribution with a purpose. With LFR you
can take that old 486 with 4 MB of RAM that you have in the closet and
put it to good use. With a pair of cheap etherenet adapters (NE2000,
3Com 3C9** or Intel E100) you can safely connect a local area network
to the internet.

See INSTALL for instructions.

LFR has been tested extensively under Linux [2.1.?-2.4.20] using Slackware
and Debian distributions [2.? - 8.0, 2.2 - 3.1 ] to build.

LFR is:
root.image : a minix file system image containing the LFR.

bzImage : a compressed Linux kernel (x86) compiled for ethernet
interfaces (NE2000, 3C9**, EE100), IP firewall, IP NAT.
Future releases may contain other drivers as kernel modules. : a perl script to create a LinuxFloppyRouter.

Required tools/programs:

Linux (>2.0) with loopback device (filesystem in-a-file),
minix filesystem support (kernel or module)
fileutils (gzip,gunzip,cat,fsck.minix,dd,mount,rdev)

Network configuration under LFR:

The LFR has its internal ethernet interface, eth0, set to with a netmask of This means that in
its default configuration you can connect to it up to 253 machines
(using addresses -

The external interface, eth1, uses DHCP to obtain an IP address
and default gateway from a cable modem, DSL modem or similar.
If there is no DHCP server on your network, manual configuration
of the init files will be required.

LFR contains DHCP and DNS servers. Internal network workstations
will be assigned a dynamic IP address, from - The - address range
is left free for static IP devices (printers, fileservers,
etc). The LFR server being the default gateway and dns server.


The LFR firewall permits no incoming connections. It uses the
stateful packet inspection of the Linux 2.4 netfilter to allow
the return connections for established sessions. All outgoing
connections are source NAT'd to the external interface's IP
address. Protection against IP spoofing is provided at the
kernel level.