[sclug] Linux Firewalls and ADSL

Will Dickson wrd at glaurung.demon.co.uk
Wed Jun 9 01:23:12 UTC 2004


Chris Aitken wrote:

>>I was looking at smoothwall and IPCop.  Has anybody got any 
>>comments on these products or recommendations regarding other 
>>Linux firewall distro's?

We (that is, work) use Smoothwall Express (the GPL version - 
there's a commercialware version as well). Fairly simple 
setup in our case but it's worked well for us. FWIW they 
seem to have got to significant pains to support all the 
wyrd and wonderful USB ADSL / cable modems that are out 
there (with what success, I'm not sure).

> Hi Steve,
> 
> I looked into this not so long ago, and my conclusion was that it was better
> to set up the firewall myself using iptables (part of the 2.4 kernel).
> Iptables is at the heart of both ipcop & smoothwall, but writing the scripts
> yourself (relatively simple) will put you in good stead as to what actualy
> goes on. Everything you need (NAT, DMZ etc can be done this way). Smoothwall
> will only allow 1 DMZ, whereas I wanted one for webservers etc, and another
> for a wireless access point.

I'd add the proviso that you'd need to be really sure of 
what you're doing to go down this route. Certainly doing it 
yourself will give you valuable expertise, but a live 
firewall isn't the best place to learn - there's too much 
risk if you make a mistake.
> 
> IIRC for the VPN solution, you may have to do that yourself, depending on
> whether you are trying to connect a network to a network, or a single PC to
> a remote network. I have set up the latter very simply using the PPTP
> daemon. This does require a kernel recompile to enable encryption (although
> you can run a VPN without encryption).

Are you aware of this? http://www.schneier.com/pptp.html

Will.


More information about the Sclug mailing list