HardwareBanter

HardwareBanter (http://www.hardwarebanter.com/index.php)
-   Compaq Servers (http://www.hardwarebanter.com/forumdisplay.php?f=23)
-   -   Slightly OT question about network setup.. (http://www.hardwarebanter.com/showthread.php?t=153757)

Rick F July 9th 07 08:17 PM
Slightly OT question about network setup..
 
Hi all.. I've got a question for you if you feel the need to reply..
We're working on a house remodel and we're about a month
into the project (demo is all done and framing is coming soon).

Anyway, I'm planning on running CAT6 from almost all rooms
to a central location in the house where all wires converge for
connection to a multi-port switch (10/100Mbit for now, but will
eventually move to gigabit unless I can find a gigabit switch on
the cheap). Anyway, I'd like to move to a fully configurable
router/firewall setup over what I'm using now (an Apple Airport
Extreme) and am pondering my options. My specs for such
a beastie are below :

1) configurable firewall -- can allow ranges of ports to be unblocked
and can distinguish between TCP and UDP blocks -- something
that Apple really doesn't allow directly in addition to the usual
firewall featureset.
2) rack-mountable preferably
3) Not consume tons of power
4) Support wifi either directly or via something plugged into it.
5) web-based configuration (preferably)

Since I've got a Proliant 6400r sitting at home chugging along
as usual, I was thinking about using it as the firewall/router
in addition to it's current jobs running a web server, mail server
database server,etc. I'm concerned though that IF the firewall is
breached for some reason, that said "hacker" could damage
my files/photos,etc that sit on the same server.. Is this something
that I should be worried about and should I just get a separate box
to use as a firewall/router -- and do you have any suggestions for
something on the very cheap end of things.. Anyway, just thought
I'd ask you guys since I'm sure you've done this before.

VinceV July 10th 07 12:01 AM
Slightly OT question about network setup..
 
Rick,

Check out M0n0wall. (www.m0n0.ch) Its a freeBSD Based firewall/
router that meets all of the criteria that you listed.

Its designed to run on PC based hardware and there are supported
vendors (WRAP and Soekeris) that provide small footprint and low power
platforms that this firewall runs on. It supports a number of add-in
wireless cards too.

If you want all of the features of an enterprise firewall (Intrusion
detection, failover, etc.) check out PFSense (www.pfsense.org).

I use a M0n0 at home running on an Intrusion.com PDS 2100 (Picked up
on ebay for $20 US) which has a 600mhz Celeron and 128 megs of ram
and is smaller than the average computer How To book. My first Mono
was on an old Compaq DeskPro.

Note: FreeBSD and Linux have memory detection issues on all older
COMPAQ servers, you have to change the kernel image if you plan to use
either M0n0 or PFSense on one of them.

VinceV

Rick F July 10th 07 12:26 AM
Slightly OT question about network setup..
 
On Jul 9, 4:01 pm, VinceV wrote:
Rick,

Check out M0n0wall. (www.m0n0.ch) Its a freeBSD Based firewall/
router that meets all of the criteria that you listed.

Its designed to run on PC based hardware and there are supported
vendors (WRAP and Soekeris) that provide small footprint and low power
platforms that this firewall runs on. It supports a number of add-in
wireless cards too.

If you want all of the features of an enterprise firewall (Intrusion
detection, failover, etc.) check out PFSense (www.pfsense.org).

I use a M0n0 at home running on an Intrusion.com PDS 2100 (Picked up
on ebay for $20 US) which has a 600mhz Celeron and 128 megs of ram
and is smaller than the average computer How To book. My first Mono
was on an old Compaq DeskPro.

Note: FreeBSD and Linux have memory detection issues on all older
COMPAQ servers, you have to change the kernel image if you plan to use
either M0n0 or PFSense on one of them.

Thanks Vince.. Sounds like something to check out.. I've got an older
Epia
M-series board at home that I could use for this if I can find a power
supply
for it..

msg July 10th 07 01:07 AM
Slightly OT question about network setup..
 
Rick F wrote:

snip

Anyway, I'd like to move to a fully configurable
router/firewall setup over what I'm using now (an Apple Airport
Extreme) and am pondering my options.

snip

I suggest building a router and firewall box on x86 or Sparc
(anything from sun4c for Sparc and Pentium I for x86 or up)
using OpenBSD and standard applications such as 'snort' and
'squid'. OpenBSD's 'pf' facility is a very good filter and
redirector/NAT engine built into the O/S and OpenBSD is
designed with security as an imprimatur.

I have run OpenBSD on Sparc in this manner for our border
router (which is also a firewall and NAT router) for many
many years with excellent performance and security. You
will need to ramp up the learning curve to make sure that
the kernel is built and configured according to your
security requirements and that the applications are also
built and tuned for your specific needs. In our case
the router runs diskless and headless for increased reliability
and security.

BTW, shame on any project that names itself in 'leetspeek'
(e.g. m0n0wall) especially one targeted at security.

Regards,

Michael


All times are GMT +1. The time now is 10:23 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HardwareBanter.com