LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help in picking out a firewall box distro ? (http://www.linuxquestions.org/questions/linux-networking-3/help-in-picking-out-a-firewall-box-distro-4175413390/)

smallhagrid 06-26-2012 01:37 AM

Help in picking out a firewall box distro ?
 
Hello Folks.
Our home network has 5 PCs and a wireless router on a cable-modem connection at present.
Nothing very complicated.

I used to have it all protected by running it through an ancient win98 PC running Sygate Home Network® and BlackIce, but it got beyond it's years...so I looked around and saw many glowing recommendations in favour of the Astaro Security Gateway praising how wonderful it is - and free for home users - so I downloaded & installed it and then the fun began...

I'll happily explain later why I am very disappointed with it - but for now I wish to ask for help, please.

I'd like to replace it with something which works well - but which does not require one to be a career sys-admin to configure it.

If possible these are the features desired:

* Free for all the features I'm listing here.
* Very easy/basic configuration for all features.
* Firewall protection for the home network.
* Some kind of virus protection included.
* Wireless abilities for either an access point or control of a router.

And if possible, these 2 other things would be wonderful:

1. Secured access to some files at home for when I am at work.
2. Storage in the same system for those files.

Nobody needs any special things for gaming or such fancy stuff, this is all basically just for email & normal browsing.

Some time back I tried installing & setting up Clark Connect (now ClearOS), and a few others found at this list (with very little success)=>
https://en.wikipedia.org/wiki/List_o..._distributions

(And since that list was put up & updated alot of them have started charging to get all their features - and some have such poor documentation that it is like staring at alien symbols just to try and figure out their web-sites !!!)

I don't want to try navigating this subject anymore by sheer trial & error, so I am hoping some folks will guide me to a solution which is easy enough for a dummy like me to install, set-up, and use.
(Thanks for any help !!!)

Regarding Astaro - they DO allow home users to license their ASG software for 5 years for free, which is very nice, but there is a bit of trickery too, meaning - it is intended for sys-admins and network engineers so they can use it at home, see how great it is, then recommend it for their work - so it's REALLY just a promo for paying customers and they say so openly.

And, when an ordinary Joe like me asks for help he gets snotty answers, made fun of, and told to read the (very intimidating) 600 page manual, which is as unhelpful a thing as I've EVER seen.

ASG has everything including the kitchen sink - BUT=> I simply cannot understand the manual well enough to get the wireless & remote access working and I quit trying to get help from their forum after I got slapped around verbally too much anytime I asked for help.

Replies there just basically say 'Look fool, this is a GREAT tool for the big boys, and you're just a nobody, so bugger off !'.

So here I am, humbly asking as just a regular guy for help in hopes I can get some good help MINUS the broken nose !!?

Again, thanks for any help.

John VV 06-26-2012 10:36 PM

take a look at using centOS6.2 in a text only install

smallhagrid 06-26-2012 10:40 PM

Ummm...?
 
Begging your pardon Sir, but:
Quote:

Originally Posted by John VV (Post 4712977)
take a look at using centOS6.2 in a text only install

Please explain to me how that would be simple enough for me, as explained in my post ?
(I am no Linux guru by any measure !!!)
Thanks.

John VV 06-26-2012 11:43 PM

cent is the free rebuild of red hat
google it


for a router you do NOT want a gui installed
It is a security risk

CentOS/rhel has a long life support ( right now 5+ years for cent)

smallhagrid 06-26-2012 11:53 PM

Please:
Quote:

Originally Posted by John VV (Post 4713013)
cent is the free rebuild of red hat
google it
for a router you do NOT want a gui installed
It is a security risk
CentOS/rhel has a long life support ( right now 5+ years for cent)

This avoids answering my single question directed to you altogether; it also does not answer my feature-based questions above.

I very much doubt that I can handle a CLI-only Linux, and (for example) the Astaro has an extensive GUI, but seems as tight as Fort Knox...we don't need the security that a bank needs...and as I said in my OP, the ancient win98 box worked just fine for us for many years.

I have looked at their site and it's wiki - but I see no advantage - and certainly no inferences to ease of configuration & use compared to either an Ubuntu-based distro or a dedicated gateway distro.

Once again I say:
I am no Linux guru by any measure !!!
Thanks.

smallhagrid 06-27-2012 01:48 AM

One option among many which I have looked at and rejected is the GUI-less Devil Linux.
If I was looking for a new profession - learning how to configure & operate one like that would make a great choice (but I'll leave that work for someone else...phew.)

zhjim 06-27-2012 02:09 AM

Hi Hagrid,

when I take your info correct you have a wireless router so you would not have the firewall do the wireless stuff, right? If you do need the firewall to handle the wireless stuff I guess that realy shrinks done the options you have cause there are just a few free fw distros that handle wireless do any good extend. At least what I know from looking at various fw distros 3 years ago.

A somewhat easy but daring solution would be to put a new firmware on your router and go from there. There are 3? open firmwares that are based on linux and do the firewall stuff.
https://openwrt.org/
http://www.freewrt.org/trac/
http://www.polarcloud.com/tomato

As complete firewall distros I would recommend due to your likings:
http://www.endian.com/en/community/
or if youre more daring
http://www.zeroshell.net/eng/.
In your case I would stick to endian and see how you fare.

nixblog 06-27-2012 02:17 AM

Quote:

Originally Posted by smallhagrid (Post 4711990)
If possible these are the features desired:

* Free for all the features I'm listing here.
* Very easy/basic configuration for all features.
* Firewall protection for the home network.
* Some kind of virus protection included.
* Wireless abilities for either an access point or control of a router.

I usually go with a BSD option for firewalls so either pfSense or m0n0wall. pfSense is a good all round and full of extras for security such as anti-virus and web filtering, m0n0wall is mainly for embedded devices but pretty good on an old PC - both these are web browser driven.

Quote:

Originally Posted by smallhagrid (Post 4711990)
And if possible, these 2 other things would be wonderful:

1. Secured access to some files at home for when I am at work.
2. Storage in the same system for those files.

For a small business type setup (which you fall into with 5 computers) my choice is Zentyal which is based on Ubuntu.

salasi 06-27-2012 10:22 AM

Hmmm, I am far from sure that this is helpful, but you can always say that it was unhelpful...

There is a website that describes how to do almost everything that you say want to do and (IMHO) it is well explained and should be clear to even a newbie (...well, a newbie with at least a little enthusiasm to learn about networking and the enthusiasm to read the materials, which aren't short...). Would that be helpful? Anyway

http://www.linuxhomenetworking.com/

Unfortunately, it is Red Hat based, so I'd have to suggest Centos (or Scientific Linux) as the least complex free distros to use it as a 'cookbook' on, and that currently might not be to your taste. (And, by the way, essentially the same material is available in 'The Linux Quick Fix Notebook' by Harrison, and, while that hasn't been updated recently, you might find that as a free download somewhere or another.)

There is also some networking material on 'yolinux' and while there is less to read on Yolinux, the trade-off is that Linuxhomenetworking is probably more thorough and better explained (although you'd expect that, if you take into account that there are more words).

smallhagrid 06-27-2012 11:28 AM

Thanks !
 
Wow - such helpful folks - thanks for all the replies folks !!!
To the content...here's how it looks to me:
  • I don't have a router which will accept alternate firmware.
  • Endian's free offering is too much like Astaro's 'free' offering.
  • Zeroshell looks to be quite beyond my limited skills.
  • Zentyal is another ASG competitor and 49,50€/month.
  • The linuxhomenetworking & yolinux sites look to be very useful.
  • m0n0wall looks good except that it has limited h/w support for wireless.
So out of the wonderful ideas suggested I must say that pfSense seems to be the most promising suggestion as a replacement for the ASG stuff.

I will have to get it, and try to install/try it, and then I'll have a better idea.
For me this sort of effort happens only on weekends and then only when there's no other pressing matters, so it may be in a week or two that I can get & try it.

Thanks Folks, you're a very helpful bunch !!!

nixblog 06-27-2012 04:13 PM

You can boot and run pfSense directly from a CD in a live session if you just want to get the feel of it before you go ahead and install it.

smallhagrid 06-27-2012 06:24 PM

Just for the record here...a bit of progress:
I looked around for what others have recommended and found some pfSense info that worked very well for me (so far).

Grabbed the correct image file here:
http://files.chi.pfsense.org/mirror/...SE-i386.img.gz

Image Writer for Windows, here:
https://launchpad.net/win32-image-wr...ger-binary.zip

Instructions which brought me to the above download:
http://skear.hubpages.com/hub/How-to...able-USB-Stick

Unpacked the IMG file using Winrar, had an old 1GB stick right on hand - used the image writer to put it onto the stick - and booted my notebook with it right away as a test.
Bingo.
Since the NB has wired + wireless NICs it detected both and fully booted=> all looks fine.

Now I am ready for the weekend's test of it (assuming nothing else preempts my time & plans as -ahem- seems to so often happen...).

Thanks for the pointers folks !!!

Looks to me that (as long as I don't screw it up...) pfSense will do what I'm after quite easily (all but the external file sharing, which is a lower priority).

I can slip it right into use if it works out right and then the whole famn damily will have their wired & wireless gadgets working WITH a good firewall in place - a happy solution once it proves out.

I'll post again after I've had the chance to try it 'live'.

Thanks.

jefro 06-27-2012 06:39 PM

I used to promote Untangle. I haven't used it in a while so it may not fully suite all your needs in the free version. Check it out or try it to see.

smallhagrid 06-27-2012 07:12 PM

Ferry Eenteresteeng...
 
Thanks Jefro
Quote:

Originally Posted by jefro (Post 4713669)
I used to promote Untangle.

May I ask what things may have caused you to lose interest in it please ?

OK:
Quote:

I haven't used it in a while so it may not fully suite all your needs in the free version. Check it out or try it to see.
I looked around their offerings and found this:
http://www.untangle.com/store/package-comparison
Which makes it look very complete, and their wiki pages indicate it's easily able to turn a wireless router into an AP the same as others do.

The only thing which baffles me is that when all these types of distros are installed to a hard disk and take the whole thing up - why don't they also include some means to use a chunk of that or even another mounted drive as protected file-sharing ?

In a household situation like we have I will feel very foolish if it takes some fancy footwork to get a VPN connection which then needs some other h/w to be running 24/7 to be useful at all.
Is there any way to do what I'm asking - or is it foolish of me to even ask this question ???!

Thanks.

jefro 06-28-2012 10:05 AM

I haven't been testing it lately. The features kind of changed more to for pay but it looks like they went back to more free.

Don't know what you mean vpn full time. Some common isp's make that difficult to follow ip changes and switch changes.


All times are GMT -5. The time now is 03:51 PM.