LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-27-2013, 08:43 PM   #1
Dman58
Member
 
Registered: Nov 2010
Location: The Danger Zone
Distribution: Slackware, Mint, & random selection for VM
Posts: 218

Rep: Reputation: 26
Dedicated linux firewall suggestions, opinions, concerns


I would like to build a low power Linux pc dedicated to being a personal firewall/ router or maybe just the firewall part. That brings me to the first issue.

Is it better to incorporate both into one machine or should it be strictly firewall feeding into a standard store bought router?

Would something like the RasberryPi or BeagleBoard XM be capable of handling such a task (firewall)? It has only 1 Ethernet port so maybe not. . .

Should I use a distro like pfsense that is strictly built for that task or choose any lightweight distro and customize the iptables rules?

If I wanted to incorporate a web cache server should that be a separate pc as well?

With the right rules in place via iptables would this distro still be vulnerable to attacks & have to do routine updates?

Any feedback would be much appreciated
 
Old 11-27-2013, 08:55 PM   #2
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,104

Rep: Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538
If you want to use it as a firewall/router, it's probably best to dedicate it to that purpose.

Wikipedia has a pretty good article on distros designed for this purpose: https://en.wikipedia.org/wiki/List_o..._distributions

Just about any distro can be configured to serve this purpose, but I've never done it.

Last edited by frankbell; 11-27-2013 at 08:58 PM.
 
Old 11-27-2013, 08:59 PM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,565

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
http://www.ipfire.org/

is a nice newer version of what was http://ipcop.org/

i still personally use IPCop, but once my ISP converts over to IPv6 ill make the migration to IPFire. been using IPCop over 10 years and absolutely love it.
 
Old 11-27-2013, 10:09 PM   #4
Dman58
Member
 
Registered: Nov 2010
Location: The Danger Zone
Distribution: Slackware, Mint, & random selection for VM
Posts: 218

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by frankbell View Post
If you want to use it as a firewall/router, it's probably best to dedicate it to that purpose.
Yes definitely, let me elaborate further.

I want to build this pc strictly for this purpose. It's going to be running headless after initial setup and configuration. I want it low powered and quiet so it's not red flagged (by the woman of the house) due to some bright led's, annoying noises, and most importantly bringing up the electric bill. I plan to put this on the front lines to protect the various pc's and electronics behind it from danger.

Thank you for the Wiki article, it is very helpful.

@lleb, ipcop and ipfire look right up my alley. Distros like these seem to make all this so much easier. Are they more affective then applying my own rules via iptables?

Since applying this pc as a router would that rule out low power devices like the beagleboard, or rasberrypi?

To access this machine externally would ssh or vpn be more feasible?
 
Old 11-28-2013, 01:09 PM   #5
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,565

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Quote:
Originally Posted by Dman58 View Post

@lleb, ipcop and ipfire look right up my alley. Distros like these seem to make all this so much easier. Are they more affective then applying my own rules via iptables?

Since applying this pc as a router would that rule out low power devices like the beagleboard, or rasberrypi?

To access this machine externally would ssh or vpn be more feasible?
the best thing about both of them is you still have access to the CLI and can modify IPTables with your own personal rules. I have that on my IPCop and have for years. In short I block many country IP blocks, block sites like doubleclick, etc... all at my firewall so i dont have to stress as much over them getting into my LAN.

PS for the longest time (12+- years or so) I ran IPCop to protect my businesses too. When I closed the doors I took the extra IPCops to my house. Thankfully so as I lost one of them about a year ago to a power hit that got past my APC Battery backup. My guess it the hit came in via the cable modem and thus directly into the NIC in my IPCop. I just picked up my last spare that had been laying on the floor for about 4 years, plugged it in, and poof I was up and running again in min.

I also just use a really old lunchbox type PC running nothing more then a PII with minimal RAM and HDD space. sits on my desk under my iMac. makes a great mount for getting the monitor to proper eye level for me .

http://www.amazon.com/s?rh=n%3A57223...n%3A6570761011

these types of cases and there are smaller micro ATX cases out there now that would require about the same power or even less with modern i3 or the AMD equivalent processors. no need for anything fancy, just 2 NICs at minimum. 3 if you want to create a BLUE (separate WiFi) that is not on the same subnet as your base LAN for friends/family/neighbors to access. 4 if you wish a DMZ configured for servers, then you would require a 2nd IPFire/Cop to protect the other devices.
 
1 members found this post helpful.
Old 01-05-2014, 07:02 AM   #6
Dman58
Member
 
Registered: Nov 2010
Location: The Danger Zone
Distribution: Slackware, Mint, & random selection for VM
Posts: 218

Original Poster
Rep: Reputation: 26
Jetway mini-itx firewall/router

I've done a little more research & I am leaning towards THIS BOARD. Although the pricetag is a little steep it has many of my desired features.

Fanless = quiet operation
Intel Atom= low power consumtion
Dual Lan & small form factor, well as onboard video output.

I've never used Jetway equipment but it looks reliable, they offer most everything I need, & the reviews seem to be good for this product.

Has anyone used a board like this? What are the cons associated if any?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: New Linux Website Dedicated to "Bringing together developers and users concerns" Opens LXer Syndicated Linux News 0 01-13-2006 07:46 AM
OPINIONS: Dedicated XP Box lowebb General 20 11-07-2005 12:24 PM
Building dedicated Linux box - hardware suggestions? akirafist Linux - Hardware 3 01-22-2005 12:05 PM
Opinions on Linux Firewall/Routers WingNut Linux - Networking 1 10-22-2003 10:05 PM


All times are GMT -5. The time now is 11:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration