Blindraven wrote: > # cross post /u-au/slug > > I am looking to set up a hardware firewall using an old computer and a > Linux distribution and am curious about a few things. > ... > I am assuming with 2 NICs in the old computer, you dump it between the > switch and the router and connect both the switch and modem/router to it. > So it would look something like > ... > Based on my set-up, which of the following would you recommend and why? > ... > I understand policies could be configured for all of them to allow SSH > etc, but I'd like something that does not require me to mess with > modules extenively as I am not *tha*t technically savvy. > From what I've read pfSense seems to be the go, but I wouldn't know > why exactly. My first and only firewall is Shorewall (http://shorewall.net/). It enables you to set up configurations with simple text configuration files (or a Webmin module if you use Webmin - i do). Shorewall has a sample configuration which is designed for your situation - the two-interface firewall.
Why i use and recommend Shorewall:
* you can think about firewalls at a policy level rather than packet
level
* adding new rules and hosts is very simple
* the documentation is first class - better than many commercial
firewalls, i've been told
* excellent preprocessor that catches a lot of your errors
* you can install it on any version Linux - i suggest Ubuntu server
or Debian
* highly flexible - anything iptables can do, Shorewall can do,
usually much more easily
* grows with you - has advanced features like IPv6, multiple ISP
load balancing, etc.
* I use it on my personal laptop, and on multi-interface clusters
supporting hundreds of client PCs. Also runs on WRT54G routers (i
haven't tried this).
* user support forums full of people with good Linux/networking skills
Paul
begin:vcard fn:Paul Gear n:Gear;Paul org:Liberty Systems & Software email;internet:[email protected] tel;work:07 3122 2198 tel;cell:04 3183 7656 url:http://libertysys.com.au/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
-- ubuntu-au mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
