[CentOS] Firewall frustration

Mon Dec 31 17:26:05 UTC 2007
Robert Moskowitz <rgm at htt-consult.com>

Dennis McLeod wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org 
>> [mailto:centos-bounces at centos.org] On Behalf Of Robert Moskowitz
>> Sent: Sunday, December 30, 2007 9:13 PM
>> To: CentOS mailing list
>> Subject: [CentOS] Firewall frustration
>>
>> Well FWbuilder is NOT easy.  The documentation does not match 
>> the current GUI.  Now the box is locked up.  I will have to 
>> pull it again, hook it up to a kybd/VGA and reset iptables....
>>
>> Maybe Shoreline with webmin....
>>
>> Problem is I want a REAL router/firewall with little work.  
>> Both public and private nets have routable addresses.  No 
>> NATing for me!  I just help write the RFC ;)  And all the 
>> templates for fwbuilder want you to be using NATing.
>>
>> Perhaps I should just set up another Astaro firewall.  I have 
>> been using Astaro since v3, so I am comfortable with it....
>>
>>     
>
>
>
> I just turned off my Astaro Gateway, as it pissed me off by continually
> throttling my 10M/10M FIOS connection.....:^>
>   
For all that it does, you would need it on a pretty hefty box of 10M. 
But then I have seen LAN-LAN > 10M working here....
> I liked the integration of services in the box, and I likely would have kept
> it for that one item.
> I'll be looking at an IPCOP/Smoothwall/Monowall replacement.
> I have an IPCOP box at work for our public access DSL connection. (Customers
> kept surfing p*rn in the waiting area. Squidguard on IPcop fixed that..)
> Uptime on that box (Compaq P2-733) is around 250 days right now. I had to
> move the box, so it would be more like 400....
I run Astaro on a Compaq SFF 1Ghz with 512Mb memory. It has a 4-port 
10/100 card as well as the internal ethernet. I use VLANing extensively, 
as I have ~12 LANs connected to the box. I have the public net on one 
port, then all the others are plugged into a HP 2650 48-port switch. I 
can move systems to the subnet I need for whatever testing or production 
I use. I ONLY use the firewall for packet filtering. No SPAM control, 
web proxying, etc....