Re: Firewall suggestions?

To: debian-user@lists.debian.org
Subject: Re: Firewall suggestions?
From: Siraaj Khandkar <sirconquer@gmail.com>
Date: Sat, 16 Feb 2008 17:59:18 -0900
Message-id: <[🔎] 273B4A5A-F438-41B4-954E-723AA9DB34C1@gmail.com>

On 2008-02-13 06:27:56 -0900, "Dennis G. Wicks" <wix@eskimo.com> said:

> Greetings!
>
> It seems the time has come to build a dedicated
> firewall machine for myself. The win 2k machine I have
> been using is getting too flaky.
>
> I have a P-II HP box that was a pretty solid performer
> that I think will do for the hardware. (Agree/disagree?)
>
> I need some suggestions for the firewall software,
> running on Debian, of course! No sense reinventing the
> wheel.
>

Hey, I'm doing the same thing right now! My earlier question aboutnot being able to boot Debian on PE350 was just about that, as thatmachine was retired at work and I'm bringing it home to make agateway out of it :-)

There are several options for this kind of thing. The best dedicatedsystem that I know of is m0n0wall ( http://m0n0.ch/wall/ ), which isa striped-down FreeBSD 4 customized as a firewall appliance. There'salso pfSense ( http://www.pfsense.com ), which is based on m0n0wall,but uses FreeBSD 6.2 and OpenBSD's pf, and includes a bunch of extrauseful packages that extend the functionality.

pfSense is certainly enticing, but I decided to stick with Debian,for the primary reason - apt. If I want to experiment with some newfunctionality, its most of the time just apt-get away, and once youlived with it, its damn hard to go back :-)

Now, since you too mentioned sticking with Debian, you can installminimum system + iptables + iproute on the firewall machine, and usefwbuilder ( http://www.fwbuilder.org/ ) to generate rules scripts forit, then just add the path to the script to /etc/rc.local and you'regood to go.


> I need something that either includes http/ftp proxy or
> something else that will provide that service. Also
> socks 4/5 and probably a virus/adware scanner too.
>

For this there's Squid and ClamAV. pfSense includes Squid, but notClamAV, which is another reason to stick with Debian :-)




--
Siraaj Khandkar


Ron Paul - Hope for America
http://www.ronpaul2008.com/
http://www.youtube.com/results?search_query=Ron+Paul&search=Search

Reply to:

Follow-Ups:
- Re: Firewall suggestions?
  - From: Sean <rseans@gmail.com>

Prev by Date: Re: Password problems
Next by Date: Re: Password problems
Previous by thread: Re: Firewall suggestions?
Next by thread: Re: Firewall suggestions?
Index(es):
- Date
- Thread