LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 06-26-2012, 02:37 AM   #1
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Rep: Reputation: Disabled
Question Help in picking out a firewall box distro ?


Hello Folks.
Our home network has 5 PCs and a wireless router on a cable-modem connection at present.
Nothing very complicated.

I used to have it all protected by running it through an ancient win98 PC running Sygate Home Network® and BlackIce, but it got beyond it's years...so I looked around and saw many glowing recommendations in favour of the Astaro Security Gateway praising how wonderful it is - and free for home users - so I downloaded & installed it and then the fun began...

I'll happily explain later why I am very disappointed with it - but for now I wish to ask for help, please.

I'd like to replace it with something which works well - but which does not require one to be a career sys-admin to configure it.

If possible these are the features desired:

* Free for all the features I'm listing here.
* Very easy/basic configuration for all features.
* Firewall protection for the home network.
* Some kind of virus protection included.
* Wireless abilities for either an access point or control of a router.

And if possible, these 2 other things would be wonderful:

1. Secured access to some files at home for when I am at work.
2. Storage in the same system for those files.

Nobody needs any special things for gaming or such fancy stuff, this is all basically just for email & normal browsing.

Some time back I tried installing & setting up Clark Connect (now ClearOS), and a few others found at this list (with very little success)=>
https://en.wikipedia.org/wiki/List_o..._distributions

(And since that list was put up & updated alot of them have started charging to get all their features - and some have such poor documentation that it is like staring at alien symbols just to try and figure out their web-sites !!!)

I don't want to try navigating this subject anymore by sheer trial & error, so I am hoping some folks will guide me to a solution which is easy enough for a dummy like me to install, set-up, and use.
(Thanks for any help !!!)

Regarding Astaro - they DO allow home users to license their ASG software for 5 years for free, which is very nice, but there is a bit of trickery too, meaning - it is intended for sys-admins and network engineers so they can use it at home, see how great it is, then recommend it for their work - so it's REALLY just a promo for paying customers and they say so openly.

And, when an ordinary Joe like me asks for help he gets snotty answers, made fun of, and told to read the (very intimidating) 600 page manual, which is as unhelpful a thing as I've EVER seen.

ASG has everything including the kitchen sink - BUT=> I simply cannot understand the manual well enough to get the wireless & remote access working and I quit trying to get help from their forum after I got slapped around verbally too much anytime I asked for help.

Replies there just basically say 'Look fool, this is a GREAT tool for the big boys, and you're just a nobody, so bugger off !'.

So here I am, humbly asking as just a regular guy for help in hopes I can get some good help MINUS the broken nose !!?

Again, thanks for any help.
 
Old 06-26-2012, 11:36 PM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 13,516

Rep: Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804
take a look at using centOS6.2 in a text only install
 
Old 06-26-2012, 11:40 PM   #3
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Ummm...?

Begging your pardon Sir, but:
Quote:
Originally Posted by John VV View Post
take a look at using centOS6.2 in a text only install
Please explain to me how that would be simple enough for me, as explained in my post ?
(I am no Linux guru by any measure !!!)
Thanks.
 
Old 06-27-2012, 12:43 AM   #4
John VV
Guru
 
Registered: Aug 2005
Posts: 13,516

Rep: Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804Reputation: 1804
cent is the free rebuild of red hat
google it


for a router you do NOT want a gui installed
It is a security risk

CentOS/rhel has a long life support ( right now 5+ years for cent)
 
Old 06-27-2012, 12:53 AM   #5
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Please:
Quote:
Originally Posted by John VV View Post
cent is the free rebuild of red hat
google it
for a router you do NOT want a gui installed
It is a security risk
CentOS/rhel has a long life support ( right now 5+ years for cent)
This avoids answering my single question directed to you altogether; it also does not answer my feature-based questions above.

I very much doubt that I can handle a CLI-only Linux, and (for example) the Astaro has an extensive GUI, but seems as tight as Fort Knox...we don't need the security that a bank needs...and as I said in my OP, the ancient win98 box worked just fine for us for many years.

I have looked at their site and it's wiki - but I see no advantage - and certainly no inferences to ease of configuration & use compared to either an Ubuntu-based distro or a dedicated gateway distro.

Once again I say:
I am no Linux guru by any measure !!!
Thanks.

Last edited by smallhagrid; 06-27-2012 at 12:59 AM. Reason: updated info
 
Old 06-27-2012, 02:48 AM   #6
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
One option among many which I have looked at and rejected is the GUI-less Devil Linux.
If I was looking for a new profession - learning how to configure & operate one like that would make a great choice (but I'll leave that work for someone else...phew.)
 
Old 06-27-2012, 03:09 AM   #7
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Hi Hagrid,

when I take your info correct you have a wireless router so you would not have the firewall do the wireless stuff, right? If you do need the firewall to handle the wireless stuff I guess that realy shrinks done the options you have cause there are just a few free fw distros that handle wireless do any good extend. At least what I know from looking at various fw distros 3 years ago.

A somewhat easy but daring solution would be to put a new firmware on your router and go from there. There are 3? open firmwares that are based on linux and do the firewall stuff.
https://openwrt.org/
http://www.freewrt.org/trac/
http://www.polarcloud.com/tomato

As complete firewall distros I would recommend due to your likings:
http://www.endian.com/en/community/
or if youre more daring
http://www.zeroshell.net/eng/.
In your case I would stick to endian and see how you fare.
 
Old 06-27-2012, 03:17 AM   #8
nixblog
Member
 
Registered: May 2012
Posts: 426

Rep: Reputation: 52
Quote:
Originally Posted by smallhagrid View Post
If possible these are the features desired:

* Free for all the features I'm listing here.
* Very easy/basic configuration for all features.
* Firewall protection for the home network.
* Some kind of virus protection included.
* Wireless abilities for either an access point or control of a router.
I usually go with a BSD option for firewalls so either pfSense or m0n0wall. pfSense is a good all round and full of extras for security such as anti-virus and web filtering, m0n0wall is mainly for embedded devices but pretty good on an old PC - both these are web browser driven.

Quote:
Originally Posted by smallhagrid View Post
And if possible, these 2 other things would be wonderful:

1. Secured access to some files at home for when I am at work.
2. Storage in the same system for those files.
For a small business type setup (which you fall into with 5 computers) my choice is Zentyal which is based on Ubuntu.
 
Old 06-27-2012, 11:22 AM   #9
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,919

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
Hmmm, I am far from sure that this is helpful, but you can always say that it was unhelpful...

There is a website that describes how to do almost everything that you say want to do and (IMHO) it is well explained and should be clear to even a newbie (...well, a newbie with at least a little enthusiasm to learn about networking and the enthusiasm to read the materials, which aren't short...). Would that be helpful? Anyway

http://www.linuxhomenetworking.com/

Unfortunately, it is Red Hat based, so I'd have to suggest Centos (or Scientific Linux) as the least complex free distros to use it as a 'cookbook' on, and that currently might not be to your taste. (And, by the way, essentially the same material is available in 'The Linux Quick Fix Notebook' by Harrison, and, while that hasn't been updated recently, you might find that as a free download somewhere or another.)

There is also some networking material on 'yolinux' and while there is less to read on Yolinux, the trade-off is that Linuxhomenetworking is probably more thorough and better explained (although you'd expect that, if you take into account that there are more words).
 
Old 06-27-2012, 12:28 PM   #10
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Thumbs up Thanks !

Wow - such helpful folks - thanks for all the replies folks !!!
To the content...here's how it looks to me:
  • I don't have a router which will accept alternate firmware.
  • Endian's free offering is too much like Astaro's 'free' offering.
  • Zeroshell looks to be quite beyond my limited skills.
  • Zentyal is another ASG competitor and 49,50€/month.
  • The linuxhomenetworking & yolinux sites look to be very useful.
  • m0n0wall looks good except that it has limited h/w support for wireless.
So out of the wonderful ideas suggested I must say that pfSense seems to be the most promising suggestion as a replacement for the ASG stuff.

I will have to get it, and try to install/try it, and then I'll have a better idea.
For me this sort of effort happens only on weekends and then only when there's no other pressing matters, so it may be in a week or two that I can get & try it.

Thanks Folks, you're a very helpful bunch !!!
 
Old 06-27-2012, 05:13 PM   #11
nixblog
Member
 
Registered: May 2012
Posts: 426

Rep: Reputation: 52
You can boot and run pfSense directly from a CD in a live session if you just want to get the feel of it before you go ahead and install it.
 
1 members found this post helpful.
Old 06-27-2012, 07:24 PM   #12
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Just for the record here...a bit of progress:
I looked around for what others have recommended and found some pfSense info that worked very well for me (so far).

Grabbed the correct image file here:
http://files.chi.pfsense.org/mirror/...SE-i386.img.gz

Image Writer for Windows, here:
https://launchpad.net/win32-image-wr...ger-binary.zip

Instructions which brought me to the above download:
http://skear.hubpages.com/hub/How-to...able-USB-Stick

Unpacked the IMG file using Winrar, had an old 1GB stick right on hand - used the image writer to put it onto the stick - and booted my notebook with it right away as a test.
Bingo.
Since the NB has wired + wireless NICs it detected both and fully booted=> all looks fine.

Now I am ready for the weekend's test of it (assuming nothing else preempts my time & plans as -ahem- seems to so often happen...).

Thanks for the pointers folks !!!

Looks to me that (as long as I don't screw it up...) pfSense will do what I'm after quite easily (all but the external file sharing, which is a lower priority).

I can slip it right into use if it works out right and then the whole famn damily will have their wired & wireless gadgets working WITH a good firewall in place - a happy solution once it proves out.

I'll post again after I've had the chance to try it 'live'.

Thanks.
 
Old 06-27-2012, 07:39 PM   #13
jefro
Guru
 
Registered: Mar 2008
Posts: 12,087

Rep: Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521
I used to promote Untangle. I haven't used it in a while so it may not fully suite all your needs in the free version. Check it out or try it to see.
 
1 members found this post helpful.
Old 06-27-2012, 08:12 PM   #14
smallhagrid
LQ Newbie
 
Registered: Jun 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Thumbs up Ferry Eenteresteeng...

Thanks Jefro
Quote:
Originally Posted by jefro View Post
I used to promote Untangle.
May I ask what things may have caused you to lose interest in it please ?

OK:
Quote:
I haven't used it in a while so it may not fully suite all your needs in the free version. Check it out or try it to see.
I looked around their offerings and found this:
http://www.untangle.com/store/package-comparison
Which makes it look very complete, and their wiki pages indicate it's easily able to turn a wireless router into an AP the same as others do.

The only thing which baffles me is that when all these types of distros are installed to a hard disk and take the whole thing up - why don't they also include some means to use a chunk of that or even another mounted drive as protected file-sharing ?

In a household situation like we have I will feel very foolish if it takes some fancy footwork to get a VPN connection which then needs some other h/w to be running 24/7 to be useful at all.
Is there any way to do what I'm asking - or is it foolish of me to even ask this question ???!

Thanks.
 
Old 06-28-2012, 11:05 AM   #15
jefro
Guru
 
Registered: Mar 2008
Posts: 12,087

Rep: Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521
I haven't been testing it lately. The features kind of changed more to for pay but it looks like they went back to more free.

Don't know what you mean vpn full time. Some common isp's make that difficult to follow ip changes and switch changes.
 
  


Reply

Tags
firewall, gateway, wireless


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help picking a distro Silphx303 Linux - Distributions 15 02-22-2009 11:44 PM
Need help picking Distro mrnicks Linux - Newbie 6 03-01-2007 04:54 PM
Need help picking a new distro slickhare Linux - Newbie 4 11-22-2006 02:28 PM
Need help on picking distro linuxputz Linux - Laptop and Netbook 5 09-02-2004 02:25 PM
Need some help picking out a firewall. Travis86 Linux - Security 3 09-29-2003 10:59 AM


All times are GMT -5. The time now is 07:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration