Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

linux router/firewall/gateway recommendation wanted

Posted on 2005-04-16
12
Medium Priority
?
1,683 Views
Last Modified: 2010-03-18
I currently connect to the net from my PC which has a directly connected USB modem, This machine is also configured to run a firewall and to be the ICS master (running XP SP2) the other machines on my lan (currently 3) have the first one defined as their gateway and router. This all works at the moment.

I want to reduce the load on my PC by shifting the internet handling onto a seperate machine, I have several older ones laying about and I figured that I would load one of the linux distros designed specifically for the job.

The problem I have is that there are several and I don't know which one to choose, I'm an experienced unix/linux sysadm and one of the other machine on the lan is a redhat 9 server, if that helps.

so far I've found:

http://www.devil-linux.org/
http://www.ipcop.org/
http://leaf.sourceforge.net/

and I know there are others. My top priority is security as getting through the firewall would open up my entire lan, then stability and then ease of use. I must be able to VPN from my XP PC to client sites.

The spare machines are pretty low spec, P1 or P2, etc. about 4 years old. so some idea of realistic hardware requirements would also be useful.
0
Comment
Question by:NickUpson
  • 3
  • 3
  • 3
  • +2
12 Comments
 
LVL 12

Assisted Solution

by:mburdick
mburdick earned 300 total points
ID: 13803107
You can use pretty much anything you like. I run SuSE at my home with the Shorewall firewall installed. The machine acts as a DHCP server, DNS server, cacheing transparent proxy server, file server, SSH server, web server, and a content filtering mail server.

My box is a 450 with 224MB RAM, and I don't see any performance problems with it.
0
 
LVL 6

Accepted Solution

by:
bmquintas earned 600 total points
ID: 13805634
I have smoothwall www.smoothwall.org running in my small office with DHCP and DNS for 12 machines.
It's a P1 - 133Mhz with 64Mb SDRAM.
0
 
LVL 12

Assisted Solution

by:mburdick
mburdick earned 300 total points
ID: 13808787
If you're looking for something with a small footprint, I have also used FrazierWall in the past. It runs from a floppy, and mine used to run on a PI 100 with 32MB RAM and dual NIC's.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 300 total points
ID: 13809779
I would try the better p2 you have, with at least 64MB RAM, in order to install squid in transparent mode. this way, you would have a much better use of your bandwidth and will feel web surfing much faster.

all the recommendations daved to you are good. even ipcop has good reviews. for vpn access you should not have problems, unless it is IPSec, where you may need NAT Transversal enabled on your client in order to have it working without problems.

my 0.02
Gabriel
0
 
LVL 19

Author Comment

by:NickUpson
ID: 13809860
As I'm familiar with RH9, which would be the easiest for me to use.
0
 
LVL 19

Author Comment

by:NickUpson
ID: 13809877
or would I do better with a windows based solution?
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 13809937
I think for estability the linux solution is far better =)

but please do not go after redhat9, but instead use fedora core 3 at least, since rh9 is not supported anymore (there are support options but everyday are less and less)
0
 
LVL 12

Expert Comment

by:mburdick
ID: 13810152
A Windows-based solution without commercial firewall software on top of it is going to have more holes than all the cheese in Switzerland. Plus, it's going to require a more powerful machine because Windows has high requirements itself.

I agree with Redimido - RH9 was a decent distro, but RedHat threw it to the curb and it simply isn't supported any more.

Fedora Core is popular, and there are a lot of support forums out there.

As I mentioned earlier, I use SuSE, and I like it.
0
 
LVL 6

Expert Comment

by:bmquintas
ID: 13820245
I'll stick with the mburdick on that, beside Fedora, also Mandrake (sorry.. Mandriva now!), and Suse have great support by lots of forums.
0
 
LVL 19

Author Comment

by:NickUpson
ID: 13822534
I'm really looking for a quick, download - install and go solution, I only mentioned RH9 because that's what my local server is running. The only real recommendation so far is for smoothwall, how secure is it? are the others I found no good?
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 300 total points
ID: 13827735
I would go after smootwall in such case =)

it is very secure.

ipcop has also good comments
0
 

Assisted Solution

by:dribulotta
dribulotta earned 150 total points
ID: 13836260
I’m using a Pentium mmx 266Mhz, 128Mb ram, hd 4 Gb with RH9 acting as a router, firewall with iptables, CHCP server, VPN pptpd server and Squid proxy with no Xwindows to reduce cpu time and is working really good, peak cpu is 65%, no problems in 16 months, this machine serves 9 pc running windows xp and 3 linux boxes and my internet connection is T1.
You can download RH9 from www.linusiso.org

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question