[TriLUG] Slightly-OT: Firewalls

Jonathan Woodbury jpwoodbu at mybox.org
Mon Apr 18 17:42:14 EDT 2011


I'm a big fan of using commodity hardware for firewalls and routers.
I personally haven't gotten into a distribution purpose built for this
task.  Everything I've done has been using Debian and its standard
repository of packages, usually iptables/ip6tables, radvd, racoon,
ipsec-tools, openvpn, tc, and ntop.  The performance was great, the
feature set was enormous, and I could backup, monitor, and manage the
device just like all the other Linux servers in my network.

I think purpose built distros could be great for this too.  Especially
on the user-interface side of things.  One that I've been dying to
look into is Vyatta (http://vyatta.org).

I also like having some of the standard HA features that mid-level
Cisco and friends products tend not to have, like dual PSUs, and
redundant storage.  And if you're firewall box dies (and you don't
have a hot spare) you can likely use any available server you've got
to get things back up and running.  You might even be able to run it
in a VM in a pinch.

Jonathan

On Mon, Apr 18, 2011 at 3:43 PM, William Chandler <wcchandler at gmail.com> wrote:
> I've ran a ClearOS build at school that did fairly well.  Managed 5 public
> IPs and was a gateway for an entire campus's wireless system.  If you're
> looking for a DIY.
> --
> This message was sent to: Jonathan Woodbury <jpwoodbu at mybox.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/jpwoodbu%40mybox.org
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list