[CentOS] Firewall frustration
Robert Moskowitz
rgm at htt-consult.com
Mon Dec 31 17:26:05 UTC 2007
Dennis McLeod wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org
>> [mailto:centos-bounces at centos.org] On Behalf Of Robert Moskowitz
>> Sent: Sunday, December 30, 2007 9:13 PM
>> To: CentOS mailing list
>> Subject: [CentOS] Firewall frustration
>>
>> Well FWbuilder is NOT easy. The documentation does not match
>> the current GUI. Now the box is locked up. I will have to
>> pull it again, hook it up to a kybd/VGA and reset iptables....
>>
>> Maybe Shoreline with webmin....
>>
>> Problem is I want a REAL router/firewall with little work.
>> Both public and private nets have routable addresses. No
>> NATing for me! I just help write the RFC ;) And all the
>> templates for fwbuilder want you to be using NATing.
>>
>> Perhaps I should just set up another Astaro firewall. I have
>> been using Astaro since v3, so I am comfortable with it....
>>
>>
>
>
>
> I just turned off my Astaro Gateway, as it pissed me off by continually
> throttling my 10M/10M FIOS connection.....:^>
>
For all that it does, you would need it on a pretty hefty box of 10M.
But then I have seen LAN-LAN > 10M working here....
> I liked the integration of services in the box, and I likely would have kept
> it for that one item.
> I'll be looking at an IPCOP/Smoothwall/Monowall replacement.
> I have an IPCOP box at work for our public access DSL connection. (Customers
> kept surfing p*rn in the waiting area. Squidguard on IPcop fixed that..)
> Uptime on that box (Compaq P2-733) is around 250 days right now. I had to
> move the box, so it would be more like 400....
I run Astaro on a Compaq SFF 1Ghz with 512Mb memory. It has a 4-port
10/100 card as well as the internal ethernet. I use VLANing extensively,
as I have ~12 LANs connected to the box. I have the public net on one
port, then all the others are plugged into a HP 2650 48-port switch. I
can move systems to the subnet I need for whatever testing or production
I use. I ONLY use the firewall for packet filtering. No SPAM control,
web proxying, etc....
More information about the CentOS
mailing list