On Sat, 23 Dec 2006, Gary wrote: > Hello, [ ... reformatted ...] > I would like some suggestions about a home network design. My current > set up consists of a broadband connection(cable), a cable modem that > connects to a Linux server that runs Smoothwall as a firewall. The > firewall server connects to a switch. Connected to the switch is a game > server that runs 24x7, two desktops and a nfs server(V120, Sol 10) that > is used to mount home directories. Well, today, my firewall died. I > would like to replace the firewall server with another V120 running Sol > 10. My question is about the services that need to run on the firewall > server. Do I need to run DHCP? For the most part, anything on the > network will have a hardcoded IP address. But, there is a possibility of > a box, such as a laptop, not having a dedicated IP. Do I need to run > DNS? Since I want to use this box as a firewall, I'm assuming that I > will use IP Filter. Is IP Filter a good firewall? > > Any other suggestions?
If you'd like to use a dedicated firewall, checkout MonoWall running on a PCEngines SBC (Single Board Computer). You'll find the PCEngines WRAP board here: http://www.pcengines.ch/wrap.htm http://www.pcengines.ch/wrap1e203.htm Note: the board with 3 ethernet interfaces will allow you to easily support a DMZ. and the Monowall software here: http://m0n0.ch/wall/ PCEngines has a flimsy, but functional, inexpensive aluminum case (part number for the red one is "case1c2red"). You'll need to add a 12V DC power supply rated for about 20Watts (or higher). A good quality "wall wart"[1] PSU will work fine. Ohh - you'll also need an 8Mb (or larger) Compact Flash (CF) card (Kingston has a 256Mb card for $11). Advantages for this approach: - low-cost - fully featured firewall - simple (very simple) user interface - low power; the WRAP CPU has no heatsink nor does it require one - no moving parts (no disk drives, fans etc) - 30 minutes to burn the CF, mount the board in the case and start using it - mature hardware & software Disadvantages: - the user interface can feel slow if you're in a hurry - if you order the WRAP board from PCEngines, allow 2 to 3 weeks for delivery - the ability to replace the CF card without removing the board would be nice - altough you can upgrade the image easily via the GUI Performance: the system will handle between 40 and 50 Mbits/Sec of firewalled traffic with a typical firewall ruleset. [1] 2.1mm jack, center pin positive Seasons Greetings, Al Hopper Logical Approach Inc, Plano, TX. [EMAIL PROTECTED] Voice: 972.379.2133 Fax: 972.379.2134 Timezone: US CDT OpenSolaris.Org Community Advisory Board (CAB) Member - Apr 2005 OpenSolaris Governing Board (OGB) Member - Feb 2006 _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
