[HLUG] Untangle (WAS Re: Content filtering server, email server, domain controller)
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
Wed Feb 11 21:11:16 UTC 2009
Quoting Paul Shurman <paul.shurman at q-par.com>:
> So we are looking into migrating to a new solution called untangle
> http://www.untangle.com/
> which i am going to look into today and compare with our current IPCOP
> solution.
>
> It's very polished...if you don't already know about it, definitely
> check it out open source of course
> with the option to take on support if needed.
I downloaded the iso and I'm currently installing this onto a VM under
VirtualBox.
My first impressions are that whilst the installer is very polished,
the hardware requirements for what appears to be a web interface to
IPTables, SNORT, SQUID, ClamAV, DansGuardian, OpenVPN and either
Cacti, Munin or Nagios appear to be on the extreme side.
Min spec (50 users) is 512MB RAM, P3 800, 20G HDD and 2 NICs whilst
the recommended spec for up to 300 users (a sizeable but not unusual
network) appears to be Dual-core, 2GB RAM, 80GB HDD and 3 NICS (one
for a DMZ). IMHO, that's an entry level server, not a firewall system.
I've always been taught that a firewall should protect the network and
redirect incoming traffic to the appropriate server(s). Nothing more,
nothing less. Need OpenVPN? Fine. Install it on a server in the DMZ
or LAN and port-forward to it. Same goes for any other service. The
other thing I've always been taught is that any host that is connected
to a network should have it's own firewall installed even if it is
behind a perimeter firewall.
I'll investigate further, but so far a minimal Linux install with
Shorewall is looking good... :o)
M.
--
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
http://www.truthisfreedom.org.uk/
More information about the Herefordshire
mailing list