What is Digg?71 Comments
- Anchoret, on 10/12/2007, -0/+11> But really, with the advent of cheap home routers, who
> needs this stuff anymore??? The money you save on
> electricity from not having to run another machine pays
> for the cheap router anyhow, and the decreased noise
> (1 less machine running all the time) is a godsend as well.
I wish people would think about this sort of thing more.
Geeks really have a blind spot about this, as do the obsessive packrats who won't let go of obsolete gear, and delude themselves that they're being environmentally sound by keeping this old junk sucking up electricity doing totally marginal stuff.
Never mind the fact that besides running it, a lot of us in hot climates would have to spend half the year air-conditioning the additional heat these old devices put out into the office atmosphere.
Yes, and don't forget the blasted noise of these things and their wheezy old fans and drives, to say nothing of the additional chemical outgassing of deteriorating electronic components, plastic, paint, etc.
It would be better, as you say, to just chuck the fossil stuff and get a $17.99 router on sale. These devices usually have surprisingly sophisticated security configurability and in all ways are more "environmentally friendly." - loomis, on 10/12/2007, -1/+8I used to use this and Freesco.
But really, with the advent of cheap home routers, who needs this stuff anymore??? The money you save on electricity from not having to run another machine pays for the cheap router anyhow, and the decreased noise (1 less machine running all the time) is a godsend as well. - AltReality, on 10/12/2007, -0/+7Hah...I have spent most of the day playing with this....and you happen to post it tonight. What timing :)
It seems to be a really nice firewall...runs with no problems on an old 166mhz box with 2 ISA 10Mb NICs
now I'm trying to get this DavesGuardian installed...unless there are any other content filtering packages someone can recommend....trying to set this up for a church..wanna block porn sites :)
-AltReality - inactive, on 10/12/2007, -3/+8*snicker*
Why this specific howto from howtoforge? Why not just start pasting all of them in one at a time as diggs? I mean, after all, if it isn't pasted into digg, we might never have the brains to search for such things when we need them! - mrbean, on 10/12/2007, -0/+4I'm pretty sure it's DansGuardian.
- jeremiahx, on 10/12/2007, -0/+4I use IPcop on a Gateway P 166 with 96 megs of RAM. I think it was built in 1996. It is running on a rack with 10 servers behind it and does firewall work for about 500 websites and around 15,000 email messages a day. So needless to say it takes a nothing box to do what you need.
- Jalada, on 10/12/2007, -0/+3IPCop is brilliant, I used it for a long time on my network, and despite having the old computers I was using failing, it probably provided me more reliability than using the sort of home router you can buy from the shop. And it made good use of old computers.
Since then I've moved up to running a Gentoo box with my own "stuff" set up so to speak. IpCop is good, but it doesn't have any good QoS (at least not when I was using it), and because it's such a minimal install there's not a lot of room for expansion.
That said, it's good for people to learn about it. digg - blackomegax, on 10/12/2007, -1/+4m0n0wall > all ;p
- ApplePenguin, on 10/12/2007, -0/+3I've been using IPCop for YEARS, and it's never let me down...
Got it set up in a few different locations. It's a decent firewall for a small business or home. Running on an old 200 Mhz Pentium Pro (remember those?) - colin7151, on 10/12/2007, -1/+4Id have to agree monowall in my experience is far better than either IPcop or smoothwall. It has a more mature feature set (in my opinion), smaller footprint, and far superior UI (again, my opinion). Coming from the world of Cisco and Juniper I have found monowalls UI to be extremely intuitive and easy to set up.
http://m0n0.ch/wall/
An interesting derivative of monowall is pfsense. It has all the bleeding edge features that monowall lacks like inbound LB and carp failover, as well as some other interesting features. As its a relatively new project, be aware that it is not what I would consider production ready, however it has a lot of potential.
http://www.pfsense.com/ - sstidman, on 10/12/2007, -0/+3Not a bad point. I've had similar thoughts since my wife has started complaining that my PCs are using too much electricity.. I'd add that with projects like OpenWRT http://www.openwrt.org , you can have the best of both worlds.
- slippery, on 10/12/2007, -0/+2Right! My Linksys router worked fine for about a year, but then began to lock every four hours even with the latest firmware. Whether it was an Internet attack that killed it, or just flaky hardware, it was not acceptable to pull the plug on it 6 times a day.
My Smoothwall (on a Pentium II 300 Mhz) has never had any problem. I rebooted it only when one of the patches required it. The patches are easily installed by uploading through the web interface. Easy peasy. - Callaway7, on 10/12/2007, -1/+3I prefer Smoothwall over IPCop (www.smoothwall.com). Great for adding more than one external IP address through Web interface.
- SirGrant, on 10/12/2007, -1/+3I use smoothwall too, and it's smoothwall.org for the free version smoothwall.com is for the enterprise paid version
- Anchoret, on 10/12/2007, -0/+2Funny, I bought one a few months ago at Fry's because it was so dang cheap I couldn't pass it up, like those $0.99 no-rebate 10/100 Ethernet cards.
I haven't the faintest idea of what I'd possibly do with it, but it's here under the bed with the dust bunnies if anyone comes up with any ideas! - 000jr000, on 10/12/2007, -0/+2I also use Smoothwall. The standard free version is plenty for most people. Beyond that, there's a plug-in for pretty much anything advanced you'd want to do.... good stuff.
- barbobot, on 10/12/2007, -2/+4a lot of people.
- tadelste, on 10/12/2007, -0/+2While I really like the native IPTables, but I have to agree with this howto about using IPCop. When all along out on the Internet, I want everything hardened. As usual, Howtoforge has done a good job of making the complex easy. Kudos to Falko for setting the model for better Linux documentation. he should write a book.
- jeremiahx, on 10/12/2007, -0/+2I would have to agree, for most users IPcop is overkill. But in a business setting or a hosted server setting then this is great. It would replace any router $300 or more.
That said I have one at home because I needed VPN access to my IPcop on my production environment... and yes it may cost me the extra money on the electricity but I work from home so it really is needed. - BRODEL, on 10/12/2007, -0/+1I actually just shut down my smoothwall last night. I switched to a different ISP and I have had some problems getting certain things to work through the smoothwall.
I have been running the smoothwall for about 2 years now and I think it's great. I might turn it back on to protect this connection, but I don't think I *need* it since my router does most of the blocking. - rdjurovich, on 10/12/2007, -0/+1I have an IPcop and home & work, with a permanent VPN between them, and I have just installed the LineTest plugin at work for automatic back-up dial-up in case the ADSL link goes down. A great piece of software! :D
- zefer, on 10/12/2007, -0/+1only had experience with a couple of fairly low cost routers but I find my smoothwall box so much more effective (as Im sure both monowall and ipcop are too). The routers were far less reliable (often needed rebooting), had limited control (e.g. limited number of port forwarding settings) and the Internet was generally slower on the networked machines than I find it to be with the Smoothwall box. The smoothwall box does a seriously good job and it costs nothing (assuming you have an old machine knocking around). Granted, it probably uses more electricity and is noisier but you can hide it away in the back of a cupboard like I do and forget its there.
In my case, using smoothwall is probably overkill but I find it a far more satisfying solution than previous off-the-shelf routers. - slippery, on 10/12/2007, -0/+1My favorite dedicated firewall distro is smoothwall:
http://smoothwall.org/
Web based management, DMZ, port forwarding, detailed logs, IDS, more. It's been running my home firewall for more than two years now. - BobbyOnions, on 10/12/2007, -0/+1You can add multiple IP addresses on red with IPCop too, also through the web interface.
- datagod, on 10/12/2007, -0/+1IP Cop rocks...been using it for almost 2 years now. The only time the system EVER goes down is if I have a prolonged power outage. The machine works so well I forget it is even there. No monitor, no keyboard/mouse. Everything administered through the webpage. And I am using an older version, not the latest and greatest. Why upgrade when what I have is perfect for me already?
- DCstewieG, on 10/12/2007, -0/+1I would think a standard D-Link or Linksys router could do all this for you. You can set filters per PC for times of day/days of the week, and they have web interfaces which is even better than VNCing in IMO. On those days the wife calls, just block the kid's MAC address.
- nu11, on 10/12/2007, -1/+2PFSense is an alternative to m0n0wall. It features mulitple WAN support, CARP Clustering, and much more.
http://www.pfsense.org - jbmicastorm, on 10/12/2007, -0/+1IPCop is a pain! I do like the fact that it runs on a minimal system. However, IPCop and DansGuardian are both installed at school, dorm parents office, and the dorm itself. I hate it when the message comes up telling me what page I can and cannot view. First of all, it doesn't get it right...I was at school researching american authors and the most promising result from google was blocked. And if someone likes porno, Dansguardian won't change their mind about it.
- dbavaria, on 10/12/2007, -0/+1What are the basic requirments for machines running ipcop, smoothwall, or monowall? I'm thinking of setting up a box in a setting where there are upto 25 users connected through the firewall at once...
- CovardeAnonimo, on 10/12/2007, -0/+1dugg, it's a good alternative to the more comercial linux based astaro. the only drawback is that it seems to require a dedicated PC to run, wich sometimes is not an option.
- cawpin, on 10/12/2007, -0/+1I haven't even used IPCop. I do know that Smoothwall does everything you described.
- Glanzer, on 10/12/2007, -0/+1I don't really like the firewalls that require a dedicated PC. Plus I have the need to schedule firewall rule changes throughout the day. For example, I want one of my kids' PCs to have certain limited Internet access Sun-Thur 7AM-10 pm, and no Internet access outside those hours, but allow him extended hours on the weekends; and another of my kids' PCs needs to have totally different hours, yada yada. And I have the need for flexibility, meaning I just want to turn on and off different PCs on the fly (in case they get grounded for a day ;-), and all kinds of stuff like that. So I just have written my own shell scripts that add or remove entries to the IPtables rules on my firewall server (and the firewall server also has my internal Apache and MySQL stuff on it). Do any of these fancy gui based products you're talking about here allow control and flexibility like that? Oh, and I also can VNC into the box from work and control things from there; this comes in handy when my wife calls and tells me someone is acting up and I need to turn their Internet access off.
- inactive, on 10/12/2007, -0/+1Astaro is expensive but it's one of the most impressive software firewalls I've EVER seen. Personally we like to use m0n0wall with WRAP hardware for client installs, but for very large shops, Astaro is highly recommended.
Oh and Clark Connect is decent as well. We've used it at a few clients' shops and it doesn't give them any drama. - Ryaaan, on 10/12/2007, -0/+1I have been using IPcop for about 2 - 2.5 years now. I find it remarkable and very efficient. Have installed clam and cop+ and love them both. VPN to work. VPN to friends for fun. Couldnt ask for more. To access Samba shares via VPN site that is across the state is so handy. Printer sharing also works great. I couldnt be happier running that IPcop distro on an old gateway 300 with minimal resources. :) yay
- inactive, on 10/12/2007, -0/+1A GREAT add-on is http://www.copfilter.org/ this add-on ROCKS. It works GREAT
- ramsinks.com, on 10/12/2007, -0/+1ebox>
But IPcop is good. Good stuff.
http://www.ramsinks.com/software2.asp#server
No, the open firmware works just fine on WRT's - I have 100's out in the field. Running for years. - Tuckie, on 10/12/2007, -0/+1another vote for pfSense :)
- RunLevelZero, on 10/12/2007, -0/+1You can get Astaro for free. 10 user license, VPN just no email scanning or HTML scanning. I have used it for years.
- slipaway172, on 10/12/2007, -0/+1dansguardian will NOT run on a slow computer, especially since you have to turn on the proxy. i run my ipcop on a via epia 800mhz mini-itx motheroard with a WD 20gb and 128mb ram
- diggAddict, on 10/12/2007, -1/+2For basic reliable security for the home user - whats wrong with a modern switch/modem/router ? Ok some features are there in IP cop that are not in your basic router but for defense against the basic attacks - what is wrong?
I would say that it would be useful when used in linksys routers with hacked firnware - but to have a dedicated firewall "pc" is a waste of power and just plain paranoid in my opinion. In a business this is different - but for the average user - its over the top I think. - StickyC, on 10/12/2007, -0/+1"But really, with the advent of cheap home routers, who needs this stuff anymore??? The money you save on electricity from not having to run another machine pays for the cheap router anyhow, and the decreased noise (1 less machine running all the time) is a godsend as well."
Speed and reliability. Over the years, I've tried probably 8 or so "cheap" home routers (D-Link, Netgear, and Linksys) and had troubles with all of them. Usually lock-ups or connection drops. Sometimes they just died completely. Even the WRT-54g with the open-source firmware didn't last too long before sputtering out. Finally, I gave IPCop a try. Uptimes are on the order of months and only due to having an inadequate UPS and unreliable power.
Also, it's pushing packets faster. I typically have > 3 machines accessing the net at any given time, one of them is usually saturating the connection doing P2P or what have you. With the WRT-54g and the Netgear that came before it, the average throughput was noticeable lower on our cable connection. I think the CPU's in those cheap little boxes are just not quite strong enough to handle any medium-scale geek domicile.
Now, if you only have 1 machine, it's probably not a big deal -but then you're also probably not likely to mess around with the firewall in the first place.
As a second endorsement - I was the IT guy at a startup for a while and they were running 25 machines through a cheap Netgear router when I came on board, it'd lock up all the time. I set up IPCop and things ran swimmingly after that for months (until they folded) - The only downtime was when we moved offices. - geronimo, on 10/12/2007, -0/+0m0n0wall does this.
- andyr354, on 10/12/2007, -0/+0maybe not the right place to ask questions. But I am in the stone ages and only have dial-up available in my area. Would one of these packages support dial on demand to use with my home network?
- tweakr, on 10/12/2007, -0/+0pfSense > *
That is all. :) - diggdot, on 10/12/2007, -0/+0For a minimal installation, check out floppyfw. Been using it for years. Everything fits on one 1.44MB disk.
http://www.zelow.no/floppyfw/ - kenyap, on 10/12/2007, -0/+0Minimum is about Pentium 100, 32MB RAM, 500MB disk.
- kenyap, on 10/12/2007, -0/+0IPCop has this too.
- kenyap, on 10/12/2007, -0/+0Only if you don't need advanced features and your router is hackable, say with OpenWRT. I've heard so many stories of substandard firmware in dedicated routers, like inadequate DNS proxies, bogus DNS masquerading that don't pass paranoia tests. If you are not doing much but surfing, perhaps a dedicated router is ok.
- inactive, on 10/12/2007, -0/+0I prefer http://smoothwall.org/. I have deployed it for an ISP intranet with homebrew addons like dansguardian,Clamav,full firewall control etc.Works great.No issues till date.
--
Sharjeel
http://www.sharjeelsayed.tk
http://www.sharjeel.co.nr
http://www.sharjeel.us.tt/ - kenyap, on 10/12/2007, -0/+0IPCop has QoS. Find it here: http://mh-lantech.css-hamburg.de/ipcop
-
Show 51 - 69 of 69 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is