|
|
Open source Firewal (GNU/GPL license), based on PC hardware solutions...
|
|
|
retroborg
Member
|
8. March 2010 @ 02:07 |
Link to this message
|
Good Day,
I'm interested in setting up a 100% free open source software / Linux Firewal (GNU/GPL license), based on PC hardware, with a simple easy to use, install & setup interface, instead of buying an expensive dedicated hardware Firewall/router like Cisco.
At the moment I have a ADSL 2Mbit connection with a dynamic IP. My goal is to have content filtering to block all porn, sex, drugs, gambling, hate material, sites, etc...) and block all p2p software and ports (emule, utorrent, kazza, etc..) to all the business / corporate PCs (20 pcs) of my internal Lan network that have access to the internet through the ADSL modem / router.
The PC I want to use as a firewall is:
Intel Pentium III 800MHZ
128MB RAM
20GB IDE HD
1 x 100Mbit Lan Card
1 x 1Gbit Lan Card
I checked the following solutions:
Endian Firewall
http://en.wikipedia.org/wiki/Endian_Firewall
IPCop
http://en.wikipedia.org/wiki/IPCop
EBox
http://en.wikipedia.org/wiki/EBox
ClearOS
http://en.wikipedia.org/wiki/ClearOS
ClarkConnect
http://en.wikipedia.org/wiki/ClarkConnect
I also tried opendns http://www.opendns.com/ as an alternative DNS server in my ADSL modem / router settings and even though it has an excellent content filter and blocks everything, it can not however block any p2p software (emule, utorrent, kazza, etc..) and the ports used by them.
So, which would be the best of the above or are there any other even better and simpler 100% free solutions to cover all the above needs?
Any help will be highly appreciated.
Thanks in advance
|
|
Advertisement
|
|
|
|
|
retroborg
Member
|
8. March 2010 @ 02:24 |
Link to this message
|
|
bump
|
|
scum101
Suspended due to non-functional email address
|
8. March 2010 @ 05:22 |
Link to this message
|
a linux box running iptables.. that's the stock answer.. there is NO simple 100% secure hardware firewall solution, but there are lots of security based linux distros/firewall setups around.. but I guess the use of google is beyond you *sigh* .. big learning curve coming.
|
|
retroborg
Member
|
8. March 2010 @ 07:04 |
Link to this message
|
I don't expect to find a simple 100% secure hardware firewall solution. But I am interested in a 100% free open source software / Linux Firewal (GNU/GPL license), to install and setup on PC based hardware.
All the ones I mentioned previously, I found using Google, I just wanted to hear some more detailed opinions from actual people that tried them, before I go with the actual install.
I was also told about the following ones as being quite common...
Monowall
http://m0n0.ch/wall/license.php
Pfsense
http://www.pfsense.org/
SmoothWall
http://www.smoothwall.org/
Tomato Firewall
Any opinions will be highly appreciated.
|
|
ddp
Moderator
|
8. March 2010 @ 12:49 |
Link to this message
|
|
retroborg, no bumping til 24hrs later not 17 minutes so have some patience. if you want fast service then you have to pay for it on some other site as we all do it for free on this site except for spammers & we mods deal with those idiots.
|
|
scum101
Suspended due to non-functional email address
|
8. March 2010 @ 13:17 |
Link to this message
|
linux uses iptables.. free.. open source.. and 100% set up the way YOU want it.. it's been default for years because it can be set exactly how you need with no starting configuration..
That's why you aren't going to get any input on the others.. because basically nobody uses them when a core system comes with something not pretty but hard out of the box..
The only problem is.. as with ALL security hardening of web connected systems.. users needs vary and you NEED to know those needs and how to set it up for the specific job it is to do.. That can only be done with reading the manual for the firewall you decide to use and setting it up accordingly.
http://news.softpedia.com/news/Iptables-Basic-Guide-35969.shtml
that is very very basic.. the "short" guide runs to 170 pages and the man page is something like 1200 pages.. it's a dusty unix book with cup rings on the dog eared covers from the days of groaning shelves and asthmatic server/network/mainframe engineers in white coats.
It was the ONLY unix manual I ever actually read cover to cover.. and I nearly died from boredom more than once.
|
|
retroborg
Member
|
8. March 2010 @ 13:56 |
Link to this message
|
Originally posted by ddp:
retroborg, no bumping til 24hrs later not 17 minutes so have some patience. if you want fast service then you have to pay for it on some other site as we all do it for free on this site except for spammers & we mods deal with those idiots.
I?m sorry for any inconvenience, but actually I didn't bump the thread in order to get more attention or extort replies, but rather to tick on the following, which I had forgotten to do on the 1st post.
I wanted to get the replies sent to my e-mail.
Quote:
"Check this box, if you want to get email notifications when new messages are added to this thread."
The problem with afterdawn forums is that you can not edit the content of your post but only the thread title... :(
|
Moderator
|
8. March 2010 @ 14:00 |
Link to this message
|
Originally posted by retroborg:
The problem with afterdawn forums is that you can not edit the content of your post but only the thread title... :(
Yes you can... ~
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules *** |
|
scum101
Suspended due to non-functional email address
|
8. March 2010 @ 20:16 |
Link to this message
|
hehehehehe.. another example of failure to search/look
hey creakster.. these people wouldn't have lasted 2 minutes back when we started eh?
back to firewalls.. I think it's pretty well answered.. iptables and read... I happen to run bastille on my router/firewall after any major update.. mainly because I have a live torrent tracker and webserver and mailserver living on the network inside it. Doesn't take away the need to keep an eye on it and check it every day.. and that's where cron comes in.. and no.. I'm not going to post any examples from my setup configs.. because that's stupid.
|
|
Advertisement
|
|
|
|
ddp
Moderator
|
8. March 2010 @ 21:23 |
Link to this message
|
|
party pooper!!
|
