Unless you're really dedicated to using Linux, I'd really suggest you reconsider something like OpenBSD. *BSD, in general, is much simpler and elegant in design than Linux. This also makes *BSD systems much easier to configure and tighten for firewalls. OpenBSD, in particular, is regarded as one of the most secure OS's available, and runs on cheap commodity hardware. I have an old P133 with 16 megs of RAM working as my 3 pronged firewall gateway. It includes stateful packet inspection, VPN (isakmp), and wireless support "out of the box" (no recompilation required). If you wanted to try the same thing in Linux, you'd have to use a modern kernel (2.4.x) for IPtables, recompiling for FreeSwan VPN (if you choose FreeSwan, the likely choice for Linux VPN's) and wireless driver support. You might find exceptions for the aforementioned items in some of the various firewall mini-distro's, but it's highly unlikely you'll find all three.
IPcop and SmoothWall, for example, while very easy to administer via web interface, use the 2.2/IPchains kernel, which does NOT support stateful inspection. In fact, I have yet to come across *any* firewall mini-distro's that use the 2.4.x kernel. Just my $.02. -Jason At 03:22 PM 4/7/2002 -0700, jeremy wrote: >IPCOP is a great firewall machine, easy to set up and very nice help on the >mailing lists.... > >http://www.ipcop.org > >Jer >Privileged/Confidential Information may be contained in this message. >If you are not the addressee indicated in this message (or responsible >for delivery of the message to such person), you may NOT copy, forward, >CC, BCC or deliver this message to anyone. In such case, you should destroy >this message and kindly notify the sender by reply email. Please advise >immediately >if you do not consent to Internet email for messages of this kind. Opinions, >conclusions >and other information in this message do not relate to the anyone other than >the sender. > >----- Original Message ----- >From: "Neil McKie" <[EMAIL PROTECTED]> >To: "David Hayes" <[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]> >Sent: Friday, April 05, 2002 11:52 AM >Subject: Re: Linux box as firewall > > > > I have been using Smoothwall for over a year now and have been very >pleased > > with it. I have cable now but I had 56k when I first started using it. Its > > extremely easy to setup and maintain. > > > > Other than Smoothwall, there are quite a few firewall orientated > > mini-distros like it but IMO none of them are as good. > > > > You could also setup a Linux box using a normal distro like Slackware or > > Debian and use iptables/chains. > > > > I have always liked Realtek as cheap and easy to use cards for Linux. But > > you could always just use some old 10mb ISA (NE1000/2000 compat.). > > > > Any good serial modem should work with Linux (I think). Or get a good >Lucent > > chipset Internal modem. > > > > > > ----- Original Message ----- > > From: "David Hayes" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, April 05, 2002 11:49 AM > > Subject: Linux box as firewall > > > > > > > Hi, > > > I've got an old p150 with about 64Mb Ram hanging around that I'm going >to > > > set up as a firewall for when I get broadband. I have a few questions >that > > > hopefully somebody can answer > > > 1. Whats the best distribution to use, I have had quite a bit of > > experience > > > with Linux but not for the last 4/5 years so I'm a bit out of touch. > > > 2. I'll need a network card for the box, any reccomendations for a > > > cheap(ish) card that will be easy to configure under linux > > > 3. Until I get broadband I'll probably set it up so the Linux box dials >my > > > normal ISP, I've only got a cheap winmodem any reccomendations for a >good > > > modem to use with Linux > > > Thanks for all your help > > > David Hayes > > > > > > -- > > > GMX - Die Kommunikationsplattform im Internet. > > > http://www.gmx.net > > > > > > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
