|
Dedicated linux firewall suggestions, opinions, concerns
I would like to build a low power Linux pc dedicated to being a personal firewall/ router or maybe just the firewall part. That brings me to the first issue.
Is it better to incorporate both into one machine or should it be strictly firewall feeding into a standard store bought router? Would something like the RasberryPi or BeagleBoard XM be capable of handling such a task (firewall)? It has only 1 Ethernet port so maybe not. . . Should I use a distro like pfsense that is strictly built for that task or choose any lightweight distro and customize the iptables rules? If I wanted to incorporate a web cache server should that be a separate pc as well? With the right rules in place via iptables would this distro still be vulnerable to attacks & have to do routine updates? Any feedback would be much appreciated |
If you want to use it as a firewall/router, it's probably best to dedicate it to that purpose.
Wikipedia has a pretty good article on distros designed for this purpose: https://en.wikipedia.org/wiki/List_o..._distributions Just about any distro can be configured to serve this purpose, but I've never done it. |
http://www.ipfire.org/
is a nice newer version of what was http://ipcop.org/ i still personally use IPCop, but once my ISP converts over to IPv6 ill make the migration to IPFire. been using IPCop over 10 years and absolutely love it. |
Quote:
I want to build this pc strictly for this purpose. It's going to be running headless after initial setup and configuration. I want it low powered and quiet so it's not red flagged (by the woman of the house) due to some bright led's, annoying noises, and most importantly bringing up the electric bill. I plan to put this on the front lines to protect the various pc's and electronics behind it from danger. Thank you for the Wiki article, it is very helpful. @lleb, ipcop and ipfire look right up my alley. Distros like these seem to make all this so much easier. Are they more affective then applying my own rules via iptables? Since applying this pc as a router would that rule out low power devices like the beagleboard, or rasberrypi? To access this machine externally would ssh or vpn be more feasible? |
Quote:
PS for the longest time (12+- years or so) I ran IPCop to protect my businesses too. When I closed the doors I took the extra IPCops to my house. Thankfully so as I lost one of them about a year ago to a power hit that got past my APC Battery backup. My guess it the hit came in via the cable modem and thus directly into the NIC in my IPCop. I just picked up my last spare that had been laying on the floor for about 4 years, plugged it in, and poof I was up and running again in min. I also just use a really old lunchbox type PC running nothing more then a PII with minimal RAM and HDD space. sits on my desk under my iMac. makes a great mount for getting the monitor to proper eye level for me :D. http://www.amazon.com/s?rh=n%3A57223...n%3A6570761011 these types of cases and there are smaller micro ATX cases out there now that would require about the same power or even less with modern i3 or the AMD equivalent processors. no need for anything fancy, just 2 NICs at minimum. 3 if you want to create a BLUE (separate WiFi) that is not on the same subnet as your base LAN for friends/family/neighbors to access. 4 if you wish a DMZ configured for servers, then you would require a 2nd IPFire/Cop to protect the other devices. |
Jetway mini-itx firewall/router
I've done a little more research & I am leaning towards THIS BOARD. Although the pricetag is a little steep it has many of my desired features.
Fanless = quiet operation Intel Atom= low power consumtion Dual Lan & small form factor, well as onboard video output. I've never used Jetway equipment but it looks reliable, they offer most everything I need, & the reviews seem to be good for this product. Has anyone used a board like this? What are the cons associated if any? |
| All times are GMT -5. The time now is 03:13 AM. |