Hi All,
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
I used to run Untangle, but as of version 9, you are forced to use their build in protocol policies versus the firewalling I am used to (Deny All and then opening holes for specific IP's, etc).
There are so many firewall distros to choose from. FireStarter, IPCOP, etc.
The box I was going to use is a P4, 3GB RAM, 3 GB NICS.
I could always use a beefier box also if there was really a need to for such a task.
I am used to some Cisco PIX boxes and they just seem fast on hardly any specs. I had a PIX 525 that only had 256mb of RAM about 8 years ago and it was a rockstar.
Thoughts, opinions, suggestions are welcome as to what to do!
-Jason
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
Thoughts, opinions, suggestions are welcome as to what to do!
I would get a dell r210 from the outlet site and then load pfsense, been running in multiple locations, solid and works great.
On 1/16/12, Jason T. Slack-Moehrle slackmoehrle@gmail.com wrote:
Hi All,
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
I used to run Untangle, but as of version 9, you are forced to use their build in protocol policies versus the firewalling I am used to (Deny All and then opening holes for specific IP's, etc).
There are so many firewall distros to choose from. FireStarter, IPCOP, etc.
The box I was going to use is a P4, 3GB RAM, 3 GB NICS.
I could always use a beefier box also if there was really a need to for such a task.
I am used to some Cisco PIX boxes and they just seem fast on hardly any specs. I had a PIX 525 that only had 256mb of RAM about 8 years ago and it was a rockstar.
Thoughts, opinions, suggestions are welcome as to what to do!
-Jason _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 16 Jan 2012 18:18:26 -0600 Tom Bishop bishoptf@gmail.com wrote:
I would get a dell r210 from the outlet site and then load pfsense, been running in multiple locations, solid and works great.
Do NOT use pfsense if you have to use realtek cards. I used to (1.2.3 and 2.0.1), and lost connection regularly, need to reboot to get it back… Flee realtek as much as you can :)
On Tue, Jan 17, 2012 at 9:55 AM, Laurent Wandrebeck l.wandrebeck@gmail.com wrote:
On Mon, 16 Jan 2012 18:18:26 -0600 Tom Bishop bishoptf@gmail.com wrote:
I would get a dell r210 from the outlet site and then load pfsense, been running in multiple locations, solid and works great.
Do NOT use pfsense if you have to use realtek cards. I used to (1.2.3 and 2.0.1), and lost connection regularly, need to reboot to get it back… Flee realtek as much as you can :)
You shouldn't be using realtek NIC's in a production, or even just a large-ish server environment in anycase. Rather use Intel.
Back to the topic though, how does one guarantee 100% uptime on the firewall level when you use a standard dedicated server? Even if the server (Dell / Intell / SuperMicro / you name it...) has redundant PSU's and HDD's, there could still be hardware failure. And, unless you buy 3 or 4 at a time, you may run into a where once you pop the HDD into a new (standby?) chassis that something may not be compatible and the firewall might be down for a few minutes, or even hours while you search for a solution on the internet, or with the hardware vendor.
Am Tue, 17 Jan 2012 10:02:01 +0200 schrieb Rudi Ahlers Rudi@SoftDux.com:
Back to the topic though, how does one guarantee 100% uptime on the firewall level when you use a standard dedicated server?
pfSense offers failover via CARP
On 01/17/2012 01:11 AM, Jason T. Slack-Moehrle wrote:
Hi All,
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
I used to run Untangle, but as of version 9, you are forced to use their build in protocol policies versus the firewalling I am used to (Deny All and then opening holes for specific IP's, etc).
There are so many firewall distros to choose from. FireStarter, IPCOP, etc.
The box I was going to use is a P4, 3GB RAM, 3 GB NICS.
I could always use a beefier box also if there was really a need to for such a task.
I am used to some Cisco PIX boxes and they just seem fast on hardly any specs. I had a PIX 525 that only had 256mb of RAM about 8 years ago and it was a rockstar.
Thoughts, opinions, suggestions are welcome as to what to do!
ClearOS, RHEL based Firewall/Router/Server with Web GUI. Simple to use, and it is like working on CentOS.
http://www.clearfoundation.com/
Jason T. Slack-Moehrle writes:
Hi All,
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
[...]
Thoughts, opinions, suggestions are welcome as to what to do!
On Mon, 16 Jan 2012, Jason T. Slack-Moehrle wrote:
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
I use two Dell R310's in a master/backup setup with shorewall and keepalived.
-s
CentOS Linux + Fwbuilder FTW!
El 17/01/12 14:38, Steve Thompson escribió:
On Mon, 16 Jan 2012, Jason T. Slack-Moehrle wrote:
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
I use two Dell R310's in a master/backup setup with shorewall and keepalived.
-s _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tuesday, January 17, 2012, Lorenzo Martínez Rodríguez < lorenzo@lorenzomartinez.es> wrote:
CentOS Linux + Fwbuilder FTW!
El 17/01/12 14:38, Steve Thompson escribió:
On Mon, 16 Jan 2012, Jason T. Slack-Moehrle wrote:
I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics)
I use two Dell R310's in a master/backup setup with shorewall and keepalived.
-s _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
--
Lorenzo Martinez Rodriguez
Visit me: http://www.lorenzomartinez.es Mail me to: lorenzo@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sevonded'
-
dnk -
Jason T. Slack-Moehrle -
Lars Hecking -
Laurent Wandrebeck -
Ljubomir Ljubojevic -
Lorenzo Martínez Rodríguez -
Miguel Medalha -
Rainer Duffner -
Rudi Ahlers -
Steve Thompson -
Tom Bishop