Author Topic: Firewall and Proxy  (Read 6513 times)

frodmda

  • Regular Poster
  • **
  • Posts: 23
    • View Profile
Firewall and Proxy
« on: January 28, 2008, 03:33:38 pm »

Hello,

I think a good adition for this great software will be a great firewall software like shorewall (hxxp://www.shorewall.net/) there is also a good webgui for it on the webmin project.

Also as it it the main in house server, it will be good to have a proxy like squid and squidguard in order to permit the parent to control what their children are looking on the internet.

Thanks

rrambo

  • Guru
  • ****
  • Posts: 221
    • View Profile
Re: Firewall and Proxy
« Reply #1 on: January 28, 2008, 04:20:10 pm »

Hello,

I think a good adition for this great software will be a great firewall software like shorewall (hxxp://www.shorewall.net/) there is also a good webgui for it on the webmin project.

Also as it it the main in house server, it will be good to have a proxy like squid and squidguard in order to permit the parent to control what their children are looking on the internet.

Thanks

There's already instructions in the wiki on installing dansguardian....  in a nutshell, apt-get install tinyproxy dansguardian

Change a few files and you're done...  I'm using it as well as some others here...  works well...

jondecker76

  • Alumni
  • wants to work for LinuxMCE
  • *
  • Posts: 763
    • View Profile
Re: Firewall and Proxy
« Reply #2 on: January 31, 2008, 07:28:24 pm »
Dansguardian sounds great (I use it on my Ubuntu boxes), but I agree that it should be built-in to LMCE

rrambo

  • Guru
  • ****
  • Posts: 221
    • View Profile
Re: Firewall and Proxy
« Reply #3 on: January 31, 2008, 07:31:02 pm »
Dansguardian sounds great (I use it on my Ubuntu boxes), but I agree that it should be built-in to LMCE

Maybe, but it only took about 2-3 minutes to install it, and another 5-10 to configure it and I was up and running...

Zaerc

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 2256
  • Department of Redundancy Department.
    • View Profile
Re: Firewall and Proxy
« Reply #4 on: January 31, 2008, 07:34:35 pm »
Dansguardian sounds great (I use it on my Ubuntu boxes), but I agree that it should be built-in to LMCE
Thanks, but no thanks.  Not everyone uses the internet as a babysitter.
"Change is inevitable. Progress is optional."
-- Anonymous


rrambo

  • Guru
  • ****
  • Posts: 221
    • View Profile
Re: Firewall and Proxy
« Reply #5 on: January 31, 2008, 07:43:08 pm »
Dansguardian sounds great (I use it on my Ubuntu boxes), but I agree that it should be built-in to LMCE
Thanks, but no thanks.  Not everyone uses the internet as a babysitter.

Yeah, but I've got 2 teenagers in the house and 3 under 12 years old....  a month ago one of the teens left something in the history that the little ones did NOT need to see.....  (google 2 girls and 1 cup) therefore I installed web content filtering for the first time ever.....

On second thought, don't search for it...  if you do, you'll wish you hadn't...

zaphodB

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Firewall and Proxy
« Reply #6 on: February 02, 2008, 11:44:47 am »
For all who need a firewall,

go to www.astaro.com

its the best you can get and for private users the lic is free. On FTP there were Images for VMware and ISO's to install it on a dedicated core. It should work with XEN

The have 2 Versions 6.x and 7.x (7.x is much faster, but some differences in the hardware (HCL) than the 6.x)
Use up2date.astaro.com to get the KIL and HCL

The VirSig-Updates comes houerly and create many rules for your network...

Use it on a VIA 1GHz with 3 NICs for my network and woks vry fine

Sorry about my bad english

Regards

zaphod

blacklotus

  • Regular Poster
  • **
  • Posts: 15
    • View Profile
Re: Firewall and Proxy
« Reply #7 on: February 27, 2008, 04:30:02 am »
For all who need a firewall,
go to www.astaro.com
Use it on a VIA 1GHz with 3 NICs for my network and woks vry fine
Regards
zaphod

i have to agree with zaphodb.

i use astaro v7 with a quad port nic (bought 4 of them on ebay for $25, LSI quad port) and i'd have to say its easily one of the most powerful, flexible firewall distros out there. the object oriented configuration reminds me of the SonicOS used in Sonicwall's, but IT IS FAR BETTER. i've configured many types of firewall's and routers and i'd have to say its really good enough to stand up to any. if you get the business version it costs thousands of dollars(its just free for personal use and less than 10 users). it has http/smtp proxy, ipsec vpns, qos, antivirus and pretty any other option you'd want, but you only have to enable the features you want to use so you don't waste resources.

Even though i didn't get them, intel pro series nics are by far the most compatible with every linux/BSD distro and they carry the most features.

it's better to just use a separate firewall for your network then you don't have to kill your internet access when you're upgrading linuxmce etc. you can use a relatively low spec older pc and recycle.

another option i also use (i use both astaro and pfsense) if you want to use lower resources is pfSense. it's based on m0n0wall with more features and packages. it uses FreeBSD which generally since v5.0 has had a faster, more efficient network stack than linux and i run it on a PIII 500 with 256MB ram. if you'd like to find out more about FreeBSD 7.0's network enhancements you can check this: http://www.onlamp.com/pub/a/bsd/2008/02/26/whats-new-in-freebsd-70.html (Finally some the of the TCP offload features of gigabit nics will be supported!!, may be too geeky for some)

I'm using this for one of my home IP's because although Astaro is more flexible, it and a couple of other firewall distros couldn't keep up with BitTorrent and 8000-10000 simultaneous connections and 12mbps cable internet. the Athlon64 3200+ cpu would be maxed out. i moved the firewall rules around to optimize things but i think the problem mainly had to do with the fact that all packets traveling to or from an interface had to go through all the firewall rules and the firewall rules could not be bound to a particular interface (maybe blame the flexibility of the design, to put no limitations on  how you want to route or restrict traffic?). Just recently with Astaro v7.1 (i believe) they now allow firewall rules (or should i say objects) to be bound to interfaces, but not before i switched to pfsense at home.

i then setup pfsense with an old PIII 500/256MB just to test things out and with the maximum traffic/connections i never got over 20% CPU! this is with 2 ipsec vpn tunnels running btw. since then i've upgraded to a Duron 950/512MB cause i had it lying around, but now i'm considering switching back to Astaro becuase of the changes they've made to the firewall engine. i'm pretty sure pfsense will always be more efficient but i love the flexibility and feature set of Astaro.

anyways my $.02 on the subject. i always believe that your perimeter protection should be separate from any type of server for security and flexibility. if power usage is a concern then you can always use a low spec older pc or get one of the via c3/c7 itx boards. the jetway boards can come with 3 10/100 or 10/100/1000 lan interfaces.
« Last Edit: February 27, 2008, 04:33:57 am by blacklotus »