Re: [Hampshire] Firewall distributions
On 15/09/11 17:22, Ian Park wrote: On 14/09/11 17:09, Ian Grody wrote: On Wednesday 14 September 2011 15:09:57 Ian Park wrote: I've been running firewall distributions for a good few years now on an old Compaq low profile box (Pentium III, 500 MHz) which I bought from Jamie's. I started with Smoothwall v2.0, and added extra RAM when I upgraded to Smoothwall v3.0; it now has 512MB RAM and a 6.3GB HDD. About a year ago, an article in Linux Format caught my eye, and I decided to give IPCop a go - we have a fair few visitors over the year, and it's handy to be able to give them internet access via a wireless access point without having to let them loose to roam on my home network. IPCop's blue interface looked like the answer, but I've had no end of grief trying to get the WLANAP add-on for IPCop to work. I've tried a total of five different wireless LAN cards; IPCop v1.9.20 recognises only one of them (it uses the RaLink 2561 chipset), and even with that one, when I installed the appropriate version of the add-on it threw a wobbly at the end of the installation. To add to the fun, the WLANAP add-on doesn't work any more since the upgrade from 1.9.19 to 1.9.20 - the upgrade included a new kernel version, 2.6.32-4, and the latest version of wlanap-ipcop (3.0.0-c6) matches kernel version 2.6.32-3... Can anyone suggest an alternative route to where I want to be (i.e. the equivalent of IPCop with red, green and blue interfaces), please? I suppose in the end I could just stick a wired network card in the IPCop box and hook up to an external wireless access point, but that would mean using another power socket, and I already use about 18 in this room... Thanks in advance for any help Ian You could always chuck out that horrid Ralink chip, chuck in an Atheros. Atheros and intel along w/ Zydas tend to have some of the best support for using them as wifi softAP's. I'd suggest using an Atheros (5000 series chips are most supported impo) wifi, then use pfSense as your firewall/router. 2.0 is still in RC state, but gets regular updates and can do everything you are wanting and a tonne more. I have this running on a P3 533MHz box w/ 512MB and it does the job for what it's intended. Which handles Wifi (via atheros wifi), another wifi through AP hardwired, two LANs, a few VLANs VPN. Zeroshell was gearing towards support for wifi config via web-gui, but not sure how they progressed as I stopped using this for pfSense 2 years ago. It looked promising though (and this one is linux based). It did work however if you enabled it under the hood. You could always use RouterOS for x86 - You would need to check what wifi cards this supports, atheros I know are one lot. This OS is intended for RouterBoard family of routers - But Mikrotik have nicely made a download available to install on PC. It is a trial, however, but getting a license to use it isn't too expensive. DistroWatch have a list of firewalls for PC etc to use. However, I do not how new or updated this list is.. http://distrowatch.com/search.php?category=Firewallorigin=Allbasedon=Allnotbasedon=Nonedesktop=Allarchitecture=Allstatus=Active Good luck -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk -- Thanks to everyone for their input. First, on the logistics: She Who Must Be Obeyed was out this morning, so I was able to set up a spare box with a couple of wired NICs and configure that to keep up our access to the network and the intercommunication between the various PCs on our home LAN, thereby freeing the little Compaq for me to mess about with. First hurdle was that the CD drive in the Compaq seems to have died - it's one of the type they put in laptops. Fortunately I was able to hook up a standard DVD-ROM drive and install IPFire 2.9, which went uneventfully. Next hurdle was that the Compaq wouldn't recognise the WLAN card (a TP-Link TL-WN551G, with an Atheros AR5212 chipset) which I wanted to use, although it was recognised in the other box (before you suggest that I stick to the other box, it's a lot bigger than the Compaq, and won't fit in the space I've got for the firewall). I *was* able to set up the Blue interface on the Compaq with a Tenda W54P (RaLink RT2561), so I think I'll try moving on with that. Another of the reasons I'd prefer to stick with the Compaq is that it accepts standard height cards (only two, but that's enough), whereas a lot (if not all) of SFF cases nowadays require low profile cards (e.g. the Deskpro 7100 SFF which I use as my Win XP machine)... Cheers Ian OK, I've now got the little Compaq box set up with IPFire, using the one and only wireless card which is acknowledged by setup: the Tenda W54P with the Ralink RT2561 chipset. Setting up the blue
Re: [Hampshire] Firewall distributions
Hi Ian, On 14 September 2011 15:09, Ian Park i.d.c.p...@ntlworld.com wrote: I've been running firewall distributions for a good few years now on an old Compaq low profile box (Pentium III, 500 MHz) which I bought from Jamie's. I started with Smoothwall v2.0, and added extra RAM when I upgraded to Smoothwall v3.0; it now has 512MB RAM and a 6.3GB HDD. snip Can anyone suggest an alternative route to where I want to be (i.e. the equivalent of IPCop with red, green and blue interfaces), please? I suppose in the end I could just stick a wired network card in the IPCop box and hook up to an external wireless access point, but that would mean using another power socket, and I already use about 18 in this room... Thanks in advance for any help Ian I haven't used it at all and hence don't know whether it is any good but have you looked at: http://www.ipfire.org which, I believe, is a fork IPCop and according to http://www.ipfire.org/about (click on firewall tab) supports what you want. Furthermore, it looks as if it gets updated regularly (unlike IPCop): http://downloads.ipfire.org/older Cheers, Steve -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Firewall distributions
On Wednesday 14 September 2011 16:51:58 Ian Park wrote: She Who Must Be Obeyed would get upset if we lost the internet connection while I changed over the existing box from IPCop to IPFire Doesn't she go out?? Lisi -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Firewall distributions
On 14 September 2011 16:51, Ian Park i.d.c.p...@ntlworld.com wrote: On 14/09/11 16:33, WESEMEYER STEPHEN wrote: Hi Ian, On 14 September 2011 15:09, Ian Park i.d.c.p...@ntlworld.com mailto:i.d.c.p...@ntlworld.com wrote: I've been running firewall distributions for a good few years now on an old Compaq low profile box (Pentium III, 500 MHz) which I bought from Jamie's. I started with Smoothwall v2.0, and added extra RAM when I upgraded to Smoothwall v3.0; it now has 512MB RAM and a 6.3GB HDD. snip Can anyone suggest an alternative route to where I want to be (i.e. the equivalent of IPCop with red, green and blue interfaces), please? I suppose in the end I could just stick a wired network card in the IPCop box and hook up to an external wireless access point, but that would mean using another power socket, and I already use about 18 in this room... Thanks in advance for any help Ian I haven't used it at all and hence don't know whether it is any good but have you looked at: http://www.ipfire.org which, I believe, is a fork IPCop and according to http://www.ipfire.org/about (click on firewall tab) supports what you want. Furthermore, it looks as if it gets updated regularly (unlike IPCop): http://downloads.ipfire.org/older Cheers, Steve You could try to put some partial netboot method. I.e. Boots the kernel locally, but all the filesystem is loaded across the network. In this way, you can switch between configs very quickly. I used to work with a firewall provider where the firewall was a simple device, where you could not even log into it to make any configuration changes. It would not even respond to ARP. It was very nice indead. It worked by booting a small image, and this would then contact another management device on the network. It would then download its config from the management device.It was nice because you could place these firewall devices all over your network, and they would automatically boot up and work. It was extremely difficult to hack these devices because they litterally had zero ports open. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Firewall distributions
On 14 September 2011 16:59, Lisi hants...@googlemail.com wrote: On Wednesday 14 September 2011 16:51:58 Ian Park wrote: She Who Must Be Obeyed would get upset if we lost the internet connection while I changed over the existing box from IPCop to IPFire Doesn't she go out?? Lisi I have one of those. She puts a gold ring on my finger. It looks harmless enough, but I am sure it forces me to say yes to everything! -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Firewall distributions
On Wednesday 14 September 2011 15:09:57 Ian Park wrote: I've been running firewall distributions for a good few years now on an old Compaq low profile box (Pentium III, 500 MHz) which I bought from Jamie's. I started with Smoothwall v2.0, and added extra RAM when I upgraded to Smoothwall v3.0; it now has 512MB RAM and a 6.3GB HDD. About a year ago, an article in Linux Format caught my eye, and I decided to give IPCop a go - we have a fair few visitors over the year, and it's handy to be able to give them internet access via a wireless access point without having to let them loose to roam on my home network. IPCop's blue interface looked like the answer, but I've had no end of grief trying to get the WLANAP add-on for IPCop to work. I've tried a total of five different wireless LAN cards; IPCop v1.9.20 recognises only one of them (it uses the RaLink 2561 chipset), and even with that one, when I installed the appropriate version of the add-on it threw a wobbly at the end of the installation. To add to the fun, the WLANAP add-on doesn't work any more since the upgrade from 1.9.19 to 1.9.20 - the upgrade included a new kernel version, 2.6.32-4, and the latest version of wlanap-ipcop (3.0.0-c6) matches kernel version 2.6.32-3... Can anyone suggest an alternative route to where I want to be (i.e. the equivalent of IPCop with red, green and blue interfaces), please? I suppose in the end I could just stick a wired network card in the IPCop box and hook up to an external wireless access point, but that would mean using another power socket, and I already use about 18 in this room... Thanks in advance for any help Ian You could always chuck out that horrid Ralink chip, chuck in an Atheros. Atheros and intel along w/ Zydas tend to have some of the best support for using them as wifi softAP's. I'd suggest using an Atheros (5000 series chips are most supported impo) wifi, then use pfSense as your firewall/router. 2.0 is still in RC state, but gets regular updates and can do everything you are wanting and a tonne more. I have this running on a P3 533MHz box w/ 512MB and it does the job for what it's intended. Which handles Wifi (via atheros wifi), another wifi through AP hardwired, two LANs, a few VLANs VPN. Zeroshell was gearing towards support for wifi config via web-gui, but not sure how they progressed as I stopped using this for pfSense 2 years ago. It looked promising though (and this one is linux based). It did work however if you enabled it under the hood. You could always use RouterOS for x86 - You would need to check what wifi cards this supports, atheros I know are one lot. This OS is intended for RouterBoard family of routers - But Mikrotik have nicely made a download available to install on PC. It is a trial, however, but getting a license to use it isn't too expensive. DistroWatch have a list of firewalls for PC etc to use. However, I do not how new or updated this list is.. http://distrowatch.com/search.php?category=Firewallorigin=Allbasedon=Allnotbasedon=Nonedesktop=Allarchitecture=Allstatus=Active Good luck -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Firewall distributions
On Wed, 14 Sep 2011 17:06:19 +0100 James Courtier-Dutton james.dut...@gmail.com wrote: Hello James, I have one of those. She puts a gold ring on my finger. It looks harmless enough, but I am sure it forces me to say yes to everything! There is only The One Ring. ;-) -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent This is the fifty first state of the USA Heartland - The The signature.asc Description: PGP signature -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --