Linux Firewalls

quackers · 27 Oct 2008 at 09:59

Lo all,

does anyone use any Linux firewalls at home? Ie Monowall, smoothwall etc

I'm thinking about having a go as i'm really into Linux at the moment, at the moment i've got:

Telewest Modem - Netgear Router - PC

I'm thinking about inserting it between the router and pc, do you think i'm going to run into problems with the router being there?

ThomP · 27 Oct 2008 at 14:01

I use pfSense & Smoothwall both are great. My pfSense box has been up for around 30days. It's a P3 500mhz, 256 SDRAM & it handles easily a very active 15Mb internet connection very low cpu utilization.

atomiser · 27 Oct 2008 at 14:03

may as well just replace the router since the linux firewall distro will do the routing for you, and dependant upon what you actually use your internet connectivity for (i.e. if you are a heavy user of torrents etc) it will make a better job of it anyway.

dependant upon what sort of old pc you have lying around to run this, i would recommend you give a distro called 'untangle' a go. it's a very comprehensive unified threat management system.

if you wanted to just have a quick play with untangle you have a couple of options...if you have a machine you can dedicate to it then you could try it in transparent mode where it sits between your existing router and the rest of your network...of course if you router and the rest of your network are one and the same then you are going to need an extra switch.

alternatively, they have come up with a really fancy re-router technology where you can effectively run untangle in a virtualised environment on an xp machine and it too works transparently.

it's got a really good community behind it, give it a whirl!

disclaimer: if you only have an old p2 system or something then discount what i've just typed since it wont work... and if you only want basic router/firewall duties then try something like ipcop/pfsense/etc.

russ0r · 27 Oct 2008 at 14:23

I'm running an IPcop box as a router. It's pretty advanced, and has a whole host of addons and extensions for it.
Mine is currently running:
- Advanced QoS management
- Intrusion detection and logging
- Transparent HTTP proxy acting as a 4Gb local cache
- Blocking of DNS requests for advertising and unsavoury sites
- On-the-fly virus scanning of all HTTP & FTP traffic
- Detection and flagging of all spam e-mail

Btw you should just do away with the netgear router altogether and plug your routing box straight into the modem.

Daegan · 27 Oct 2008 at 15:19

quackers said:
I'm thinking about inserting it between the router and pc, do you think i'm going to run into problems with the router being there?

If you use the Netgear as a switch or for its wireless then you should turn off NAT and let the linux box do the routing, so insert the linux box between the modem and the Netgear. Otherwise you're going to end up with 2 layers of NAT routing, which could cause you problems.

dave-lew99 · 27 Oct 2008 at 17:14

I'm running CentOS5 in a custom configuration as all of these pre-designed systems never worked the way i wanted them - sure they had a lot of features but just not in quite the right implementation.

It uses the same technologies (IPTables etc) and does firewalling, NAT, VPNs, Dynamic Routing etc

quackers · 27 Oct 2008 at 20:04

All sounding good, i'm liking the look of smoothwall. I thought the double nat problem might come up, i might just try it between the modem and the router (As the router connects my sister via wireless).

The machine is going to be a xp2500, 760 odd mb ram and a small 4gb drive. Reckon that will be ok with smoothwall?

russ0r · 28 Oct 2008 at 08:56

quackers said:
All sounding good, i'm liking the look of smoothwall. I thought the double nat problem might come up, i might just try it between the modem and the router (As the router connects my sister via wireless).

The machine is going to be a xp2500, 760 odd mb ram and a small 4gb drive. Reckon that will be ok with smoothwall?

Yeah that'll be fine.

lmfy2k · 28 Oct 2008 at 10:24

running ipcop here, have been for a while, rock solid, also using it as a router aswell.

spot on!

s0ck · 28 Oct 2008 at 22:01

pfSense is pretty good.

swinnie · 28 Oct 2008 at 22:29

Untangle is also very good.

EffBee · 29 Oct 2008 at 11:16

I've been running smoothwall for years. No problems. I just turn it on every morning and off every night to save power. I used to leave it on all the time when power was cheaper and it just used to sit there month in and month doing its magic.

Need to upgrade to the latest version sometime - I'm still on v2.