[TriLUG] Slightly-OT: Firewalls
Jonathan Woodbury
jpwoodbu at mybox.org
Mon Apr 18 17:42:14 EDT 2011
I'm a big fan of using commodity hardware for firewalls and routers.
I personally haven't gotten into a distribution purpose built for this
task. Everything I've done has been using Debian and its standard
repository of packages, usually iptables/ip6tables, radvd, racoon,
ipsec-tools, openvpn, tc, and ntop. The performance was great, the
feature set was enormous, and I could backup, monitor, and manage the
device just like all the other Linux servers in my network.
I think purpose built distros could be great for this too. Especially
on the user-interface side of things. One that I've been dying to
look into is Vyatta (http://vyatta.org).
I also like having some of the standard HA features that mid-level
Cisco and friends products tend not to have, like dual PSUs, and
redundant storage. And if you're firewall box dies (and you don't
have a hot spare) you can likely use any available server you've got
to get things back up and running. You might even be able to run it
in a VM in a pinch.
Jonathan
On Mon, Apr 18, 2011 at 3:43 PM, William Chandler <wcchandler at gmail.com> wrote:
> I've ran a ClearOS build at school that did fairly well. Managed 5 public
> IPs and was a gateway for an entire campus's wireless system. If you're
> looking for a DIY.
> --
> This message was sent to: Jonathan Woodbury <jpwoodbu at mybox.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/jpwoodbu%40mybox.org
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list