On Tuesday 12 June 2001 19:54, Florian wrote:
> On Monday 11 June 2001 22:33, Florian wrote:
> > Did anyone try it?
> > Im thinking of using it as a router for our company we have
> > a lan with 10 pcs and a novell server (ouch) but since our
> > ElsaLancom (never buy it) chrashes every 10 minutes i was
> > wondering if Single Network Firewall firewall is an possibly
> > easy to use alternative?
> > If i did all the networks stuff by myself i would use a MDK8
> > version but since there are people taking care of the
> > networking who dont have experience with linux i like the
> > idea of "boot a cd > install > boot > and hop were up".
> > Another question is if there are possibillities of putting
> > ssh etc. servers on the Single Network Firewall?
> > Do i expect too much ... little?
> > Florian
>
> OK i did it finally a few impressions :
>
> At first i had slight problems cause i have a cable connection
> and two nics in the firewall machine one 3com (pci) it worked
> fine and got detected right away its the one wich goes to my
> cablemodem, the second nick (icl etherteam 16i ISA) did not
> get detected by SNF and since SNF doesnt include hardware
> configuration tools and i dint want to write the config files
> by hand (ough) and mess around with the modules (at 3 o clock
> in the night!) i cancelled the attempt and went to sleep
> zzzzzzzzzzz* . Next day ... went to my supplier bought a tulip
> pci and it worked like a charm right away using expert install
> finally it got both nics and i could (like in any other MDK
> system) configure everything at the install prozess one nick
> for lan with static ip and one for the modem with dhcpcd. Boot
> and hop .
> The interface from any browser looks smooth and is pretty
> detailed although the status for bastille firewall is marked
> as unknown but it is enabled and filters everything nicenice
> you can configure all your needs from this interface. At one
> place (i think it was secure login config) you need to have a
> java enabled browser ... (konqueror didnt work even with java)
> but all other options dont need any java so konqueror is just
> fine (actually it rules!!!) ill do some tests now to have a
> look if it does its job well (nmap will tell me =)) . My
> impression is that its rocksolid and will never need a reboot
> also the monitor you can leave away after instalation is
> complete . An ssh server is included .
> Now i need a little more docs to find out all extras (sure
> there are a lot) for example port forwarding to internal
> services such as ftp http etc. I can strongly recommend to
> replace your ElsaLancom or any other hardware router with this
> cute little linux software router !!! Cheers
>
> ps: since the interface is https:// based use a pc with
> atleast 150mhz cpu and a little bit more ram for SNF it will
> go smoother . Mine is just that kind of machine and i feel
> that i wouldn use slower cause the interface worx but is not
> the fastest actually weird if i connect with konqueror to the
> firewall i get a 7.5KB/sec (over LAN ) thats too slow must be
> a mandrake8 prob. cause with IE5 it goes a lot quicker ... and
> to connect with ssh to the firewall takes about 2 mins before
> it finally asks for a pass ... any ideas? Florian
That is a resolution problem on the delay--a resolver has to
give up looking for nameservices to allow things to go through.
And remember it is https and we all know how great the security
is for IE5. Https sacrifices speed for security.
There are also some interesting squid options, like putting
popup ads into 1-pixel transparencies or just plain blocking
things like doubleclick.net.
Civileme
