Martin,
I'll second the vote Devil Linux, I've used it for many years. Heiko and
Bruce have done a great job and they have a very dedicated group of
users with some large installs ( One guy has 150 DL boxes running a very
large corporate network). Only issue if you don't use a hard drive can
be RAM if you have alot of traffic.
The downsides I'd found were, the lack of a GUI, so it is not for the
novice. Also doing load balancing on multiple WAN connections was a
pain. But I've now mastered (we''ll mastered enough to achieve my
requirements) shorewall which makes the use of multiple WAN's alot
easier to configure. Also something that may be of interest to the list
is I've noticed they have added the siproxyd
(http://siproxd.sourceforge.net) module. I've not yet played with this
but will be in the next month or so ( I fear it won't easily be
configurable with load balancing or fallover).
The DL configuration of using the CD and floppy/usb key has worked great
for me, only thing you really have to do when a system fails or
upgrading is to configure the modules for the nics installed on the new
system.
You also have the option of configuring it then reburning an iso image
with your configuration right on the ISO so no floppy or USB required or
optionally booting straight off the USB if the motherboard supports it.
The guys who work on this are VERY anal about security so almost every
binary is compiled with the GCC Stack Smashing Protector and the kernel
has GRSecurity added, and everything runs in chroot jails.
They are also right now testing for running on VIA C3/C7 platform. Main
thing they are doing here is compiling the kernel to be able utilize the
embedded crypto hardware engine to accelerate VPN performance. Which
would mean being able to nicely put this on an embedded platform.
As I see it the only open source competition to DL (linux based) is
pfSense (BSD based), which has slick web based GUI, but for me is
lacking WAN upload load balancing with QOS and bandwidth throttling.
Mike
Martin Glazer wrote:
John Li wrote:
Hi John,
One small concern about that little Linksys box is the limited number
of sessions it can handle. I used to put Linux firmware into WRT54G
and it just worked fine until thounsands of concurrent sessions
happened. It just became irresponsive and I had to reboot it. I
tried fine tune the kernel parameters but could not get it fixed.
Then I turned to general Intel platform with obviously more memory
and this did the trick.
As for the massive deployment with little linux knowledge involved,
I've also tried to make my own little CD distro which can boot up and
read config just from floppy disk. This works well because you can
make configuration and make massive duplication in central place.
Then you just need to have people turned on the box with CD and
floppy and you have your firewall up right away. This is also good
for you to tighten the security process.
My little 2cents and thank you for initiate this great topic :-)
John,
Take a look at the Devil Linux (www.devil-linux.org) distribution -
which boots and runs completely from CDROM. The configuration can be
saved to a floppy diskette or a USB pen drive. I've used this in a
number of sites.
It's a powerful distro with a lot of options (if you so choose). The
biggest downside is that there is no great GUI to configure the
device, but if you are OK with command line, you won't have a problem.
If a PC fails,it is trivial to get another one running, just move the
CD and floppy/USB key to another unit and boot.
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Mike Ashton
Quality Track Intl
Ph: 647-722-2092 x 301
Cell: 416-527-4995
Fax: 416-352-6043
QTI CONFIDENTIAL AND PROPRIETARY INFORMATION
The contents of this material are confidential and proprietary to Quality Track
International, Inc.
and may not be reproduced, disclosed, distributed or used without the express
permission of an authorized representative of QTI.
Use for any purpose or in any manner other than that expressly authorized is
prohibited.
If you have received this communication in error, please immediately delete it
and all copies, and promptly notify the sender.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
