On 2009-09-18_09:05:40, Leandro Quibem Magnabosco wrote: > David Christensen escreveu: >> I'm not sure I understand "install in a production server". Normally, a >> server is one computer and a firewall/ router is another computer. >> >> >> I use IPCop to turn older PC's into Linux firewall/ routers: >> >> http://www.ipcop.org/ >> >> >> HTH, >> >> David > > Thank you everyone for your answers. > Unfortunatedly, I have not reached my goal with this thread yet. > > Reading IpCop Installation Manual, you'll see: > "You will be installing an operating system on the IPCop PC. It is a > Linux based operating system, but it is not meant to be a general-purpose > system.". > Sorry, I was not clear enough. > That is exactly what I am trying to avoid and that is what I meant when I > said I wanted to install it on a production server. > I need to use the same machine to other services. > > arno-iptables-firewall is pretty good but it still lacks some of the > funcionalities I am looking for. > > I am considering running PFSense on something like Xen/ESXi, have any of > you guys done that before? > > Thank you again, > > Leandro Quibem Magnabosco.
IMO, you are seriously mistaken in your desire. A firewall (in real life fire safety in buildings that are intended for human occupancy) is not at all a satisfactory firewall if it has ANY penetrations where fire can get around the fire-proof stuff. A computer/internet "firewall" should meet analogous standards. Namely, it should not have any other services running on it, beyond those necessary for its firewall function. Anything else offers a way around the fire-proof stuff that could afford a path the "fire" intrusion. Also, in the real world of buildings, no firewall is expected to be absolutely resistant to fire. All fire safety is based on the idea that the firewall resists fire for a long enough time to make it possible for effective help to arrive. What is the analogous thinking for a software firewall? I'm sure that there are many answers to this question. Have you selected one answer that you are willing to live with? Or are you under the mistaken impression that you can "have it sll"? A reasonably functional NAT firewall in a separate box costs about $40, new, and uses a tiny amount of electrical power compared to an old PC that is no longer powerfull enough to run modern software. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
