FW: [sclug] Firewalls

tim tim at holmes.name
Sat Oct 25 09:05:31 UTC 2003 

I used to have ipcop on the machine I am now using to build my own. I have
changed for 2 reasons.
1. to learn more about firewalls and linux
2. Could not seem to get the NAT working on ipcop. My local addresses
192nnnnnn seemed to leak out into the net, which seemed good in some ways
in that sites thought my ip address was 192 etc, but bad in the fact that
I was not doing it deliberately and I am sure its not good generally.

On a side note I have read a lot of the postings about ipcop and
smoothwall and got the impression that the ipcop lot left Smoothwall
because the Smoothwall head guy wanted to start charging for the full
version of Smoothwall. Whish seems good to me, but I can also symapthise
with wanting to charge, as like most people I have to to live. (would love
to code software that people used and not charge them for it but I dont
have the means to do so hehehehe)


Thanks for all the responses, I will keep going with my own brew, probably
on a Debian machine when I have downloaded all of the latest version, and
then probably go back to ipcop and get it working how I want.

-----Original Message-----
From: sclug-admin at sclug.org.uk [mailto:sclug-admin at sclug.org.uk]On
Behalf Of Will Dickson
Sent: 14 January 2003 22:01
To: sclug at sclug.org.uk
Subject: Re: [sclug] Firewalls


13/01/2003 18:39:58, Tom Dawes-Gamble <tmdg at tmdg.co.uk> wrote:

>	I used to use a firewall that I built and configured from Rob's
>book but then I found ipcop  see http://www.ipcop.org/ It loads much
faster
>than my home brew version.  I'm sure that it's more secure.  *AND* it's
>much easier to administer.

It used to be claimed by www.smoothwall.org/ that ipcop consisted of some
low-level ex-members of the smoothwall team who basically took the
smoothwall
codebase and then claimed all of it for their own work, when it wasn't.
However,
the rant which made this allegation (I paraphrase loosely) seems to have
vanished
from their site now, so I don't have a link. Or maybe they've sorted it
out.
Anyway, just so you all know!

While we're on the subject, I've recently done similar: upgraded our local
firewall from a
homebrew version based on SuSE 7.1 with an u/g'd kernel and most of the
usual
packages removed, to Smoothwall.

It installs fairly painlessly, although I had the usual fun and games with
NE2000
(ISA) cards - the Smoothwall diagnostics when this runs aground are even
more non-
existent than those of modprobe itself :-(, and it doesn't tell you that
the "manual"
setting is just firing whatever you type at modprobe. (Hint: pressing
Alt-F2 during the
install brings up the console messages.)

It logs copiously. There are too many people with Windoze worms, trying to
infect me
with same!

There are strange transient freeze-ups when connecting to the DMZ from the
LAN. I don't
understand why this should be; the firewall box is plenty overspec for
what it's being asked to
do, and the DMZ server's pretty powerful as well. Ho hum.

It's also woth noting that the HTML emitted by their web-based admin tool
is fscking rubbish,
and non-compliant all over the place. Opera tends to choke on it, but
Mozilla tolerates it.

DMZ redirects arrive in the DMZ with their source IP addresses intact,
which is good. My homebrew
redirector was a userland tool, and the DMZ server saw all connections as
being from the firewall
itself.

All in all, I'm farily happy with it - I don't think there was anything
wrong with my homebrew, but it's
a great deal quicker to install and configure Smoothwall than it is to
trim and configure a normal
distro. I also get the warm feeling associated with knowing that someone
more skilled at the job
than me has set the thing up, and probably gotten it right.

Will.



_______________________________________________
sclug mailing list
sclug at sclug.org.uk
http://www.sclug.org.uk/mailman/listinfo/sclug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2257 bytes
Desc: not available
Url : http://lists.tmdg.co.uk/pipermail/sclug/attachments/20030114/e5a8f80c/smime.bin

More information about the Sclug mailing list