On Wed, 17 May 2006 10:23:06 +1200 Volker Kuhlmann <[EMAIL PROTECTED]> wrote:
> What firewall/router can people suggest, when there is also a DMZ > (server) involved? > > As good as ipcop is as personal firewall for a simple adsl setup, and > with nice eye candy for setup, it falls much short of expectations: > * No traffic shaping on the DMZ. The 'unofficial' bit is cya speak. > * No egress filtering on the DMZ. If the server gets hacked, you're > spamming at maximum bandwidth[1]. Is this a total joke or what? Obviously, I *monitor* my traffic patterns, so it tells me if there is a problem. > * On a test box with 2 network cards for internal and DMZ, with an > external interface declared to be a modem but that's not set up, ipcop > fails to set up any forwarding rules between LAN/server. Does this > mean if the internet link goes down, internal users can't reach the > server any more? Is this another joke? Set up your own access pinholes to get from dmz to internal, none are necessary the other way... from the green network, all servers on the orange network are visible. > After many favourable mentions on this list of ipcop, I am distinctly > unimpressed (and wasted a day on it). There are "addons" available which > do above first 2 points, marked in bold as "unofficial", "may/will > compromise your security", bla bla, all not inspiring confidence. > > Any better suggestions much appreciated. > > Thanks, > > Volker > > [1] On Telstra, that is currently 2 megabits per second, and *very* > expensive if continued for a month. > > -- > Volker Kuhlmann is list0570 with the domain in header > http://volker.dnsalias.net/ Please do not CC list postings to me. Well, it works fine for me. I also suggest the unofficial openvpn addon. Alternatively, try m0n0wall - it's much lighter weight, though. However, as your requirements do seem to be bordering on commerical, a more dedicated solution may suit you better. Steve
