[Sussex] Firewall appliance recomendations

Steven Dobson steve at dobson.org
Thu Aug 10 15:24:13 UTC 2006 

Diego

On Thu, 2006-08-10 at 13:56 +0100, Diego Moore wrote:
> Anyone know of any Linux firewall appliances? I know I could build an
> ITX system but I really would like to buy a decent appliance (3-4
> Nics) which comes with hardware and maybe even software support.
> 
> I like the Astaro range, but for what I need it's a bit pricey. The
> reason behind wanting it to be Linux is that normally you can easily
> add modules (Antivirus, IDS, etc).
> 
> PS: Ideally rack-mounted too...

My solution is not rack mount, but does work very well.

I use a Soekris (www.soekris.com) which I bought from www.kd85.com.  The
systems are small and both the net4501 and net4801 come with three NICs
one board.  Driver support is not a problem - a modern Linux kernel has
support out of the box.

You have a number of solutions available.  The cheapest way would be to
have the systems network boot.  The boards work with PXEBoot system and
that was how I first used mine.  Or you could put Dame Small Linux on to
a flash card and boot from that.  There is also M0n0wall which requires
only 8Megs and you can download images built for the net4501 & net4801
from M0nowall's site - M0n0wall works fine - I've used it in the past.

However, today I now run with a laptop disk installed so the firewall is
not dependant on the NFS root file system server (although even with the
NFS server down the firewall still works as that's all in kernel.  I
like the disked solution - I had a laptop disk spare, the kit only cost
9EUR (which I bought at LinuxWorld for about a fiver IIRC) - and it then
is just like running a firewall in an old PC.  The box is so small it
sits on a thin book shelf here with the ADSL router on top of it.

My Hardware:
     net4801-50 [1] [2]
     2.5inch hard-drive mounting kit.
     2.5 hard disk

Software:
    Debian Sarge (base) [3] [4]
    shorewall
    ssh
    hdcpd3
    <whatever else you want - it's just another Debian box>

Hope this helps
Steve

[1]
If you want more than 3 NICs then the lan1621 & lan1641 will give you
two or four more NICs of the same type that plug in to the single PCI
connector.

[2]
The device does not have standard display, keyboard & mouse connectors.
The BIOS uses the first serial port for console so you will need a null
modem cable and a system running minicom to access it.

[3]
The is only one IDE connector on the board and it will take only one
disk.  The other device on that bus is the Compact flash card.  You can
set which of these is primary in the BIOS.

[4]
It is best to install the disk in another machine.  I just poped it into
a laptop and installed from there.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060810/76706d0e/attachment.pgp

More information about the Sussex mailing list