| Author |
Message |
Dimitri Maziuk
*nix forums beginner
Joined: 09 Mar 2005
Posts: 45
|
 Posted: Mon Jun 19, 2006 4:26 pm Post subject:
Re: need cheap firewall recommendation
|
|
|
Sak Wathanasin sez:
| Quote: | Todd and Margo Chester wrote:
Hi All,
I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
Does anyone have a recommendation for a replacement? One that
won't drive someone familiar with iptables crazy?
CyberGuard SG-series (nee SnapGear) runs Linux and iptables. There's a
web-baased front-end but you can add your own iptable rules. There are
various models and prices, starting with the SoHo-class SG-300.
|
However, read the small print very carefully before buying any
of those. We bought a NetScreen (their basic models start at ~$300,
too) and later discovered that without a support contract you're
allowed one firmware upgrade in the first 90 days.
So NetScreen is the one I don't recommend.
Dima
--
Well, lusers are technically human. -- Red Drag Diva |
|
| Back to top |
|
 |
Sak Wathanasin
*nix forums beginner
Joined: 07 May 2005
Posts: 6
|
| Posted: Mon Jun 19, 2006 11:17 am Post subject:
Re: need cheap firewall recommendation
|
|
|
Todd and Margo Chester wrote:
| Quote: | Hi All,
I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
Does anyone have a recommendation for a replacement? One that
won't drive someone familiar with iptables crazy?
|
CyberGuard SG-series (nee SnapGear) runs Linux and iptables. There's a
web-baased front-end but you can add your own iptable rules. There are
various models and prices, starting with the SoHo-class SG-300.
--
Sak Wathanasin
Network Analysis Limited
http://www.network-analysis.ltd.uk |
|
| Back to top |
|
|
Todd and Margo Chester
*nix forums beginner
Joined: 01 Apr 2006
Posts: 10
|
| Posted: Sat Jun 17, 2006 10:44 pm Post subject:
Re: need cheap firewall recommendation
|
|
|
Hi Christopher, Juergen, Don & Blah,
Their are three things that mitigate against a
linux box solution. (And, I'd dearly love to use it,
as I disdain such appliances.)
1) power. It needs to be in the 20 watt range, not 200
to 300 watts
2) space. There is a severe space limitation. It needs
to be small
3) no moving parts to wear out. This means no fans
to be replaced every two to three years (even ball
bearing fans wear out) and no hard drives
Which makes you guys the perfect individuals
to ask this question. If you had to hold your nose,
which cheap, firewall appliance would you choose?
(One that does not drive someone familiar with
iptables too crazy.)
Thanks,
-T |
|
| Back to top |
|
|
dshesnicky@yahoo.com
*nix forums beginner
Joined: 23 Sep 2005
Posts: 21
|
| Posted: Sat Jun 17, 2006 1:34 am Post subject:
Re: need cheap firewall recommendation
|
|
|
| Quote: | I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
|
Secondhand PC running a minimal Fedora Core or Debian etc
and Shorewall plus Tripwire. I've just configured shorewall on a
RHEL4 system and liked the power of the tool. You can
re-create the firewall on another linux box with config files on
a floppy if need be. It's definitely a good tool to have in your
back pocket.
Don |
|
| Back to top |
|
|
Colin McKinnon
*nix forums Guru
Joined: 19 Feb 2005
Posts: 410
|
| Posted: Fri Jun 16, 2006 7:38 pm Post subject:
Re: need cheap firewall recommendation
|
|
|
Uli Wachowitz wrote:
| Quote: | On 2006-06-16, Todd and Margo Chester <ToddMargoChester@invalid.com
wrote:
Does anyone have a recommendation for a replacement? One that
Have a look at 'm0n0wall' http://m0n0.ch/wall/
Cheap, easy to setup and maintain, runs on old PC hardware or
Wrap/Soekris boards, may be installed on HD/CF but also runs
from CD.
Very good support through users, etc.
|
I like IPCop.
http://www.ipcop.org/
Although these days even the cheapest of ADSL/Cable routers provide NAT,
port blocking and port forwarding, a better solution might be to use one of
them and soft firewalls on the clients.
C. |
|
| Back to top |
|
|
blah@blah.org
*nix forums beginner
Joined: 16 Jun 2006
Posts: 1
|
| Posted: Fri Jun 16, 2006 1:36 pm Post subject:
Re: need cheap firewall recommendation
|
|
|
On Thu, 15 Jun 2006 22:41:14 -0700, Todd and Margo Chester
<ToddMargoChester@invalid.com> wrote:
| Quote: |
Hi All,
I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
Does anyone have a recommendation for a replacement? One that
won't drive someone familiar with iptables crazy?
|
Have a look at the ZyXEL ZyWALL 5:
http://tinyurl.com/lsf8p
For stores and pricing, Froogle is your friend:
http://tinyurl.com/ndha2 |
|
| Back to top |
|
|
Uli Wachowitz
*nix forums beginner
Joined: 09 Jul 2005
Posts: 15
|
| Posted: Fri Jun 16, 2006 9:57 am Post subject:
Re: need cheap firewall recommendation
|
|
|
On 2006-06-16, Todd and Margo Chester <ToddMargoChester@invalid.com> wrote:
| Quote: | Does anyone have a recommendation for a replacement? One that
|
Have a look at 'm0n0wall' http://m0n0.ch/wall/
Cheap, easy to setup and maintain, runs on old PC hardware or
Wrap/Soekris boards, may be installed on HD/CF but also runs
from CD.
Very good support through users, etc.
Uli
--
Democracy is two wolves and a lamb voting on what to have for
lunch. Liberty is a well-armed lamb contesting the vote. |
|
| Back to top |
|
|
Christopher Kerr
*nix forums beginner
Joined: 09 Sep 2005
Posts: 10
|
| Posted: Fri Jun 16, 2006 7:06 am Post subject:
Re: need cheap firewall recommendation
|
|
|
If you are going to do it that way, then for $400 you could build yourself a
new PC, as long as you skipped all the stuff you don't need eg graphics
card, big hard disk etc.
Juergen Loewner wrote:
| Quote: | If you have an old PC try:
Linux on that maschíne (free)
use iptables as firewall (free)
use fwbuilder (firewall builder) for config (free for linux/small money
for windows)
maybe you need to buy a 4port NIC like the one I use from D-Link
or plug in several old ones single port NICs ito your old PC.
HTH
Best
Juergen
"Todd and Margo Chester" <ToddMargoChester@invalid.com> schrieb im
Newsbeitrag news:e6tg0b$7h6$1@nntp.aioe.org...
Hi All,
I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
Does anyone have a recommendation for a replacement? One that
won't drive someone familiar with iptables crazy?
-T |
|
|
| Back to top |
|
|
Juergen Loewner
*nix forums beginner
Joined: 08 Jun 2006
Posts: 16
|
| Posted: Fri Jun 16, 2006 6:49 am Post subject:
Re: need cheap firewall recommendation
|
|
|
If you have an old PC try:
Linux on that maschíne (free)
use iptables as firewall (free)
use fwbuilder (firewall builder) for config (free for linux/small money for
windows)
maybe you need to buy a 4port NIC like the one I use from D-Link
or plug in several old ones single port NICs ito your old PC.
HTH
Best
Juergen
"Todd and Margo Chester" <ToddMargoChester@invalid.com> schrieb im
Newsbeitrag news:e6tg0b$7h6$1@nntp.aioe.org...
| Quote: | Hi All,
I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
Does anyone have a recommendation for a replacement? One that
won't drive someone familiar with iptables crazy?
-T |
|
|
| Back to top |
|
|
Todd and Margo Chester
*nix forums beginner
Joined: 01 Apr 2006
Posts: 10
|
| Posted: Fri Jun 16, 2006 5:41 am Post subject:
need cheap firewall recommendation
|
|
|
Hi All,
I have a situation where a customer needs a cheap ($300.00-$400.00
appliance firewall. I tried the USR 8200, but it drove me nuts
trying to add custom rules (it asks things in a double negative
fashion and you can never tell what is incoming and what is
outgoing). And, it finally blew out its ROM (it can not be reset
to factory).
Does anyone have a recommendation for a replacement? One that
won't drive someone familiar with iptables crazy?
-T |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
security
