Dennis McLeod wrote: >> -----Original Message----- >> From: centos-bounces at centos.org >> [mailto:centos-bounces at centos.org] On Behalf Of Robert Moskowitz >> Sent: Sunday, December 30, 2007 9:13 PM >> To: CentOS mailing list >> Subject: [CentOS] Firewall frustration >> >> Well FWbuilder is NOT easy. The documentation does not match >> the current GUI. Now the box is locked up. I will have to >> pull it again, hook it up to a kybd/VGA and reset iptables.... >> >> Maybe Shoreline with webmin.... >> >> Problem is I want a REAL router/firewall with little work. >> Both public and private nets have routable addresses. No >> NATing for me! I just help write the RFC ;) And all the >> templates for fwbuilder want you to be using NATing. >> >> Perhaps I should just set up another Astaro firewall. I have >> been using Astaro since v3, so I am comfortable with it.... >> >> > > > > I just turned off my Astaro Gateway, as it pissed me off by continually > throttling my 10M/10M FIOS connection.....:^> > For all that it does, you would need it on a pretty hefty box of 10M. But then I have seen LAN-LAN > 10M working here.... > I liked the integration of services in the box, and I likely would have kept > it for that one item. > I'll be looking at an IPCOP/Smoothwall/Monowall replacement. > I have an IPCOP box at work for our public access DSL connection. (Customers > kept surfing p*rn in the waiting area. Squidguard on IPcop fixed that..) > Uptime on that box (Compaq P2-733) is around 250 days right now. I had to > move the box, so it would be more like 400.... I run Astaro on a Compaq SFF 1Ghz with 512Mb memory. It has a 4-port 10/100 card as well as the internal ethernet. I use VLANing extensively, as I have ~12 LANs connected to the box. I have the public net on one port, then all the others are plugged into a HP 2650 48-port switch. I can move systems to the subnet I need for whatever testing or production I use. I ONLY use the firewall for packet filtering. No SPAM control, web proxying, etc....