What is Digg?23 Comments
- Goosemaster, on 10/12/2007, -0/+7true. m0n0wall is fantastic.
I only recommend three methods for home use
-linux + iptables or one of the BSDs etc (from scratch)
-m0n0wall
-astaro - cliffzdude, on 10/12/2007, -0/+4IPCop, which forked away from SmoothWall has become a bit of a defacto standard for home and even corporate use. It's easy to use for a noob, but can deliver higher levels of service when called to do so. Many third party add-ons are also available, making IPCop a very versatile firewall. I use it at home on a little old P450 small form factor, no keyboard, no mouse. (little tidbit, on older CPQ boxen find a utility called NO_f1.com to eliminate hang up asking you to press F1 if it sees no keyboard).
IPCop has become a popular distro on Compact Flash booting tiny boxes, becoming a linux firewall appliance in the process.
Ya, ya I know that the Netgear does the "same job", but I just gotta tell ya that an IPCop box is faster, and sooooooo much more powerful, yet easier to operate.
DIGG as its still cool... - trollenlord, on 10/12/2007, -1/+5If you're into building one and you want reliability and ease of use combined:
http://m0n0.ch/wall/screenshots.php - wintrmute, on 10/12/2007, -0/+3A list thread that does not already include OpenBSD at this point?
Come on.
It's OpenBSD with pf scrubbing packets before handing off to snort preprocessors, with a port knocked external ssh backdoor. Maybe a little OpenVPN persistent encrypted tunneling, route between the two sites through the tunnel? (MPLS support is coming for those who want to get a little crazy network fun)
Or a tiny sokeris box running quietly in the corner, off of some CF? Then you start getting up times that are post worthy.
Or am I biased?
OpenBSD can be a great learning tool for people to learn *nix'es. Everything is shut off by default, the man pages are well maintained, and you learn alot cutting your teeth under it. I highly recommend playing with it if you built your firewall and now want to acctualy learn from the process. - inactive, on 10/12/2007, -0/+2I second astaro as a solid linux firewall - http://www.astaro.com/products/security_software
Brain dead setup, browser config and rules, no linux setup: just pop in a iso CD and it's ready for rules. - gfisher2, on 10/12/2007, -0/+2Add redwall to the list of options if you don't want to build a firewall from scratch... http://www.redwall-firewall.com/
- Avogadro65, on 10/12/2007, -0/+2Or "user" if you already have a job in IT.
And if your job is located in a one bedroom apartment. - thatsiebguy, on 10/12/2007, -1/+3M0n0wall is nice, I also use IPCop. Be careful when getting multiport NICs, I have a few DEC 4 ports and got alot of packet errors as it trasferred packets between ports. I also had alot of problems speed wise when using a multiport card. For the best throughput and reliability, your better off using multiple NICs.
- andreizilla, on 10/12/2007, -0/+2Try building your own firewall with a FreeBSD 6 box and an ipfw script for steteful packet routing with nat.
- harmlessinc, on 10/12/2007, -0/+2*sigh*
Cut and paste from the last time one of these were posted the quick list of router/firewall distros:
http://www.clarkconnect.com/
http://www.smoothwall.org/
http://m0n0.ch/wall/
http://www.ipcop.org/
http://contribs.org/modules/news/
http://www.redwall-firewall.com/
http://www.astaro.com
http://www.sentryfirewall.com/
http://www.coyotelinux.com/
http://www.freesco.org/
That would be from this Digg link:
http://digg.com/linux_unix/The_DIY_router_that_will_rule_them_all
And this is the other one that had 700+ diggs...
http://digg.com/technology/Build_your_own_gateway_firewall_using_FreeBSD - n0xie, on 10/12/2007, -0/+2Euhm the article uses Devil Linux...
- ShaolinTiger, on 10/12/2007, -1/+2IPCop ftw, this is way more complicated than it needs to be,
http://ipcop.org/ - jetpig, on 10/12/2007, -0/+1i find m0n0wall (http://www.m0n0.ch/wall) to be a FAR easier way to set up a network firewall. 2 network interfaces, a cd rom, a floppy drive, and 30 seconds in command line following hand held directions and you've got yourself a VERY powerfull firewall. a pentium 2 can handle a 100 meg internet connection fine. ima bit overkill with a k6-2 400 handling an 8 meg cable connection. The feature set is complete and well rounded. I use basic firewalling and traffic shaping (its what those $60+ gaming routers do) and i wouldn't give it up for a basic setup unless i was paid a hefty amount to.
- jer2eydevil88, on 10/12/2007, -0/+1Its not on that list but the tech support forums for IPCOP can be found at http://ipcops.com that is if you want help with anything.
- signalguy, on 10/12/2007, -0/+1I'm currently using smoothwall at work and home. It was way too easy to setup and does everything I need.
- harmlessinc, on 10/12/2007, -0/+1Well in my defense - the list above is directly router/firewall distros.
- kikawala, on 10/12/2007, -0/+1www.pfSense.org
I haven't seen anyone mention pfSense. It is based off of monowall.
I've been using it for a year now. At work, we setup the CARP feature so we have a fail-over firewall/vpn server. Do this date we have had a 100% uptime. - jer2eydevil88, on 10/12/2007, -0/+1heh I have total overkill on my setup, a P4 1.6ghz 400mhz FSB and 512mb of ram for my 8mbit cable... but hey it was free I just needed to grab the ram off newegg.
- ApplePenguin, on 10/12/2007, -0/+1IPCop is where it's at!
I've got IPCop on an old Pentium Pro 200 (remember those?) MUCH more stable and usable than netgear/linksys/belkin pieces of *****. The 200 Mhz CPU has a load average of about 0.01 if I'm putting a lot of traffic through it, and that's with intrusion prevention services running on all four subnets, and the squid web proxy doing some work as well.
I looked at Astaro, but I thought the system requirements were a bit high, seeing as I was only building a firewall.
Used to use Clarkconnect (I run it on my web/email server now, mainly because I needed something quick).
I'd also like to point out Devil Linux. http://www.devil-linux.org/. It's a neat little distro. It basically runs entirely off CD (which is read-only), and with the tools they give you, you can create a custom LiveCD with the config file burned on it, or you can have the config on something like a USB thumbdrive. A hard drive is optional, if you want to make the thing into a web/email server. - mancat, on 10/12/2007, -0/+1Stick around. Someone will post a "how-to" article for an OpenBSD-based firewall within the next few weeks. These type of stories show up every other day.
- drag, on 10/12/2007, -1/+0NetGear does the job... If you want the job to be done badly.
Those little home routers are nice for people who have very limited demands and limited knowledge. They have numerious security holes, unless you want to go through updating the firmware time to time. They have very poor performance.. It's very easy to DOS yourself with things like bittorrent or updating your list of game servers. They have very limited configuration, and tend to be very unstable. I've never had setup a one of those little buggers without having it lock up on me at least once and had to reset it. I've had a couple that would completely brick themselves up. Their interfaces are a bit difficult to use also.. they use confusing, incorrect, and conflicting terms and it's often difficult to get the configuration how you like it.
But if you want something cheap for your mom, then they are great.
I bought a linksys router to replace a old compaq that I had setup with a floppy-based distro. i did this to get a wireless link setup.. And boy did it suck. For browsing and such it worked fine, but not much beyond that.
I obtained a old Dell PC from work, stuck 3 old 3com nic cards in it and installed IPcop on it. I kinda wanted to roll my own OpenBSD firewall, but I was limited by time.. and I am now glad I tried out IPcop.
It's reliable, the web interface is deadly easy. Performance is outstanding.. My 300mhz cpu is increadable overkill for this application. Nice little network graphs, logging facilities. Quality of service/traffic shaping capabilities (nice if you have roomates that hog the network connection). All sorts of stuff.
Bittorrenting Slackware or the HD version of Elephants dream didn't even faze it. I still had easy and fast http access while having bittorrent downloads faster then I've ever had before. Updating my game server database with XQF, which would knock my linksys router offline for several seconds at a time (even with very conservitive settings), didn't cause any issues in the least.
It's a night and day difference. If you have a old PC laying around, or can get one next to free, you can't go wrong with setting up a Linux or BSD router distro. - DoubtfulSalmon, on 10/12/2007, -11/+1Modded lame++, no digg, for use of the term "user". They're "customers" (if you want to keep your job in IT).
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is