Standalone Firewall?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Adrian Mink
Date:  
Subject: Standalone Firewall?
Try freesco, floppy based linux router/firewall. You can run in off a floppy
or a hard drive and it has quite a number of extensible plug-ins.

http://www.freesco.org.

Adrian

-----Original Message-----
From:
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Jay
Sent: Friday, January 11, 2002 11:01 PM
To: PLUG Discuss
Subject: Standalone Firewall?



I know this topic came up here recently, but I just looked through the
archives and I couldn't find it (browsing by thread).

Anyway, I'm looking for recommendations on the best method to build a
standalone firewall machine. The network will look something like
(simplified for email purposes):


                                                      /----Servers
Internet----SDSL Router----Firewall----10/100 Switch--
                                                      \----Workstations



The firwall obviously needs to support NAT and masquerading, as well as
port forwarding to get to the http, smtp, pop3, ssh, etc... ports on the
servers from the Internet, and support for multiple physical Ethernet
interfaces.

Although not *required* (but would be nice) would be features like
stateful packet inspection (rules based), DoS filtering, intrusion
detection, excellent logging, easy (yet powerful) web browser
configuration/administration, and maybe even log analysis and reporting
features.

While I'm at it, another cool feature would be if it was all able to run
via a floppy or bootable CD (thus no HDD required in the firewall). I also
recognize that this feature would require logging via remote syslog, which
(since the logs would then be remote) would also mean that it wouldn't be
able to do log analysis and reporting.

I know all of these features are easily available with Linux, but I'm
looking for a nice integrated package. Looking on Freshmeat turns up over
200 options (so I'm sure something is out there). I've seen dedicated
"security appliances" from the likes of Linksys, NetGear, and SonicWall.
They look alright (and the Linksys and NetGear ones are really very
affordable), so if someone might recommend that approach, I'd be
interested in hearing thoughts on that too.

Thanks!

--
~Jay



________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

PLUG-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss