[HLUG] Untangle (WAS Re: Content filtering server, email server, domain controller)

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Wed Feb 11 21:11:16 UTC 2009


Quoting Paul Shurman <paul.shurman at q-par.com>:

> So we are looking into migrating to a new solution called untangle
> http://www.untangle.com/
> which i am going to look into today and compare with our current IPCOP
> solution.
>
> It's very polished...if you don't already know about it, definitely
> check it out open source of course
> with the option to take on support if needed.

I downloaded the iso and I'm currently installing this onto a VM under  
VirtualBox.

My first impressions are that whilst the installer is very polished,  
the hardware requirements for what appears to be a web interface to  
IPTables, SNORT, SQUID, ClamAV, DansGuardian, OpenVPN and either  
Cacti, Munin or Nagios appear to be on the extreme side.

Min spec (50 users) is 512MB RAM, P3 800, 20G HDD and 2 NICs whilst  
the recommended spec for up to 300 users (a sizeable but not unusual  
network) appears to be Dual-core, 2GB RAM, 80GB HDD and 3 NICS (one  
for a DMZ).  IMHO, that's an entry level server, not a firewall system.

I've always been taught that a firewall should protect the network and  
redirect incoming traffic to the appropriate server(s). Nothing more,  
nothing less.  Need OpenVPN? Fine.  Install it on a server in the DMZ  
or LAN and port-forward to it. Same goes for any other service.  The  
other thing I've always been taught is that any host that is connected  
to a network should have it's own firewall installed even if it is  
behind a perimeter firewall.

I'll investigate further, but so far a minimal Linux install with  
Shorewall is looking good... :o)

M.
-- 
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
http://www.truthisfreedom.org.uk/



More information about the Herefordshire mailing list