 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Robert La Ferla wrote: > I need to set up a (free/open source) NAT firewall and am looking for > recommendations. ... > I think it would be better to just install a dedicated Linux system for > a router than a generic Linux distro w/iptables. Yes, particularly a floppy or CD-ROM-based distribution, so you can eliminate the hard drive and have a hardware enforced, read-only file system. Then if you ever suspect a breach, you can just reboot. > The hardware config is a Shuttle XPC (Intel Celeron)... Unless you need the horsepower, consider using appliance hardware, such as a Linksys WRT54G (which will cost you about $40) upon which you can run a Linux distribution like OpenWRT (http://openwrt.org/). (See http://openwrt.org/TableOfHardware for a list of other hardware that will run OpenWRT.) This kind of hardware has no moving parts, and thus should be more reliable, uses less power, generates less heat, and makes no noise. It should be able to do everything you want (the stock Linksys firmware probably meets the requirements you listed as well), though you still might find it more convenient and secure to use the Shuttle XPC or another server inside your firewall to run auxiliary services, like DHCP, DNS cache, etc. (I think it's better from a security perspective to avoid putting any software on your firewall machine that isn't absolutely necessary for the firewall/routing job.) > I am quite familiar with iptables, etc... but it looks like there are > complete packages available like FreeSCO, Smoothwall, and LRP (no longer > being developed), etc.. I don't think OpenWRT currently bundles a good iptables front-end. Sveasoft (http://www.sveasoft.com/), another third party firmware, might. At some point I plan to try running FireHOL (http://firehol.sourceforge.net/), a shell-based front-end to iptables, on OpenWRT, but currently it requires bash, which is a bit bloated for the OpenWRT environment, so it needs to be ported to ash. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: https://www.linkedin.com/e/fps/3452158/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
