For all who need a firewall,
go to www.astaro.com
Use it on a VIA 1GHz with 3 NICs for my network and woks vry fine
Regards
zaphod
i have to agree with zaphodb.
i use astaro v7 with a quad port nic (bought 4 of them on ebay for $25, LSI quad port) and i'd have to say its easily one of the most powerful, flexible firewall distros out there. the object oriented configuration reminds me of the SonicOS used in Sonicwall's, but IT IS FAR BETTER. i've configured many types of firewall's and routers and i'd have to say its really good enough to stand up to any. if you get the business version it costs thousands of dollars(its just free for personal use and less than 10 users). it has http/smtp proxy, ipsec vpns, qos, antivirus and pretty any other option you'd want, but you only have to enable the features you want to use so you don't waste resources.
Even though i didn't get them, intel pro series nics are by far the most compatible with every linux/BSD distro and they carry the most features.
it's better to just use a separate firewall for your network then you don't have to kill your internet access when you're upgrading linuxmce etc. you can use a relatively low spec older pc and recycle.
another option i also use (i use both astaro and pfsense) if you want to use lower resources is pfSense. it's based on m0n0wall with more features and packages. it uses FreeBSD which generally since v5.0 has had a faster, more efficient network stack than linux and i run it on a PIII 500 with 256MB ram. if you'd like to find out more about FreeBSD 7.0's network enhancements you can check this:
http://www.onlamp.com/pub/a/bsd/2008/02/26/whats-new-in-freebsd-70.html (Finally some the of the TCP offload features of gigabit nics will be supported!!, may be too geeky for some)I'm using this for one of my home IP's because although Astaro is more flexible, it and a couple of other firewall distros couldn't keep up with BitTorrent and 8000-10000 simultaneous connections and 12mbps cable internet. the Athlon64 3200+ cpu would be maxed out. i moved the firewall rules around to optimize things but i think the problem mainly had to do with the fact that all packets traveling to or from an interface had to go through all the firewall rules and the firewall rules could not be bound to a particular interface (maybe blame the flexibility of the design, to put no limitations on how you want to route or restrict traffic?). Just recently with Astaro v7.1 (i believe) they now allow firewall rules (or should i say objects) to be bound to interfaces, but not before i switched to pfsense at home.
i then setup pfsense with an old PIII 500/256MB just to test things out and with the maximum traffic/connections i never got over 20% CPU! this is with 2 ipsec vpn tunnels running btw. since then i've upgraded to a Duron 950/512MB cause i had it lying around, but now i'm considering switching back to Astaro becuase of the changes they've made to the firewall engine. i'm pretty sure pfsense will always be more efficient but i love the flexibility and feature set of Astaro.
anyways my $.02 on the subject. i always believe that your perimeter protection should be separate from any type of server for security and flexibility. if power usage is a concern then you can always use a low spec older pc or get one of the via c3/c7 itx boards. the jetway boards can come with 3 10/100 or 10/100/1000 lan interfaces.
