[TriLUG] Best appliance for Linux firewall?

Seva Adari oddissyus at gmail.com
Thu Aug 8 22:21:32 EDT 2013


I would recommend LRP, specially bering-uclibc which is actively maintained:

http://leaf.sourceforge.net/bering-uclibc/

You can take an old discarded, but working PC that has at least 2 two
or more PCI slots so you can throw couple of NICs in there and build a
decent router plus firewall.

Thanks
__
Seva

On Thu, Aug 8, 2013 at 3:27 PM, Greg Brown <gwbrown1 at gmail.com> wrote:
> I've *always* been a huge fan of Soekris hardware and m0n0wall software.
> http://soekris.com/ and http://m0n0.ch/wall/.  These aren't the least
> expensive and you will need at least a Net-4801 (up to 20 meg) and a 5501
> if you're into the 30+ range.  I don't know what throughput the 5501 range
> tops out at but I've tested on my outer banks public networks at 30 meg.
>  They make a 6xxx series.. no telling how much data you can push through
> that because I've never tested one.  Anyway, I'm a big fan, but I think I
> said that already.  I've been running this combination for at least a
> decade.
>
> Greg
>
>
> On Thu, Aug 8, 2013 at 3:12 PM, Ken Mink <ken.mink at gmail.com> wrote:
>
>> On 08/08/2013 09:57 AM, Brian Henning wrote:
>>
>>> Hi Gang!
>>>
>>> At home, pretty much all my services and stuff run on a single box, and
>>> that
>>> box is starting to collapse under the weight.  I'm ready to start divvying
>>> up functions across discrete devices.  First to go is the firewall; not a
>>> heavy-hitter, but easy to carve off.  So, what do people suggest as the
>>> best
>>> appliance-form-factor Linux computer?  Obviously 2+ NICs is the biggest
>>> priority.  Here's what I've considered so far:
>>>
>>> 1) WRT54GL + OpenWRT
>>>    Pros: Inexpensive, solid
>>>    Cons: Don't need another WAP
>>>
>>> 2) Globalscale Mirabox
>>>    Pros: Fast ARM CPU, could host additional services w/ outboard USB HDD
>>>    Cons: Globalscale's iffy reputation, relatively unproven product, more
>>> expensive, possible to perma-brick
>>>
>>> 3) ???
>>>
>>
>> I use a SheevaPlug with a cheap USB NIC for the second port. It runs DHCP
>> and Bind as well as a home-grown firewall script. It uses an SD card as
>> main storage, so you buy what you think you'll need. It's also has a
>> built-in JTAG port, so it's difficult to brick.
>>
>> Ken
>>
>>
>>
>>> Enough storage to do traffic monitoring would be a plus as well.
>>>
>>> Cheers!
>>> ~Brian
>>>
>>> ------------------------------**------------------------
>>>            Brian Henning, Software Engineer
>>>
>>>      /\    Pine Research Instrumentation
>>>     //\\   2741 Campus Walk Ave, Bldg 100
>>>    ///\\\  Durham, NC 27705
>>>   ////\\\\ USA
>>>      ||
>>>      ||    phone: 919.782.8320
>>>            fax:   919.782.8323
>>>            email: bhenning at pineinst.com
>>> ------------------------------**------------------------
>>>
>>>
>>>
>>>
>>>
>> --
>> This message was sent to: Greg Brown <gwbrown1 at gmail.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
>> address.
>> TriLUG mailing list : http://www.trilug.org/mailman/**listinfo/trilug<http://www.trilug.org/mailman/listinfo/trilug>
>> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/**
>> options/trilug/gwbrown1%**40gmail.com<http://www.trilug.org/mailman/options/trilug/gwbrown1%40gmail.com>
>> Welcome to TriLUG: http://trilug.org/welcome
>>
> --
> This message was sent to: oddissyus at gmail.com <oddissyus at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/oddissyus%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome


More information about the TriLUG mailing list