[sclug] Firewalls
Will Dickson
wrd at glaurung.demon.co.uk
Sat Oct 25 09:05:31 UTC 2003
13/01/2003 18:39:58, Tom Dawes-Gamble <tmdg at tmdg.co.uk> wrote:
> I used to use a firewall that I built and configured from Rob's
>book but then I found ipcop see http://www.ipcop.org/ It loads much faster
>than my home brew version. I'm sure that it's more secure. *AND* it's
>much easier to administer.
It used to be claimed by www.smoothwall.org/ that ipcop consisted of some
low-level ex-members of the smoothwall team who basically took the smoothwall
codebase and then claimed all of it for their own work, when it wasn't. However,
the rant which made this allegation (I paraphrase loosely) seems to have vanished
from their site now, so I don't have a link. Or maybe they've sorted it out.
Anyway, just so you all know!
While we're on the subject, I've recently done similar: upgraded our local firewall from a
homebrew version based on SuSE 7.1 with an u/g'd kernel and most of the usual
packages removed, to Smoothwall.
It installs fairly painlessly, although I had the usual fun and games with NE2000
(ISA) cards - the Smoothwall diagnostics when this runs aground are even more non-
existent than those of modprobe itself :-(, and it doesn't tell you that the "manual"
setting is just firing whatever you type at modprobe. (Hint: pressing Alt-F2 during the
install brings up the console messages.)
It logs copiously. There are too many people with Windoze worms, trying to infect me
with same!
There are strange transient freeze-ups when connecting to the DMZ from the LAN. I don't
understand why this should be; the firewall box is plenty overspec for what it's being asked to
do, and the DMZ server's pretty powerful as well. Ho hum.
It's also woth noting that the HTML emitted by their web-based admin tool is fscking rubbish,
and non-compliant all over the place. Opera tends to choke on it, but Mozilla tolerates it.
DMZ redirects arrive in the DMZ with their source IP addresses intact, which is good. My homebrew
redirector was a userland tool, and the DMZ server saw all connections as being from the firewall
itself.
All in all, I'm farily happy with it - I don't think there was anything wrong with my homebrew, but it's
a great deal quicker to install and configure Smoothwall than it is to trim and configure a normal
distro. I also get the warm feeling associated with knowing that someone more skilled at the job
than me has set the thing up, and probably gotten it right.
Will.
More information about the Sclug
mailing list