BSD or Linux for firewall?
- Thread starter Kaido
- Start date
Any special programs to use?I'm not sure if there are advantages to it or not, but you can use the same computer as a router and a firewall.
Yeah... use a BSD system.
Speaking from experience, a BSD box is MUCH easier to lock down and configure for router/network administration than anything that Linux can offer.
I'd choose between NetBSD and OpenBSD. The only reason I don't use OpenBSD is because I tried for days and couldn't get OpenBSD to install on my router machine (Older PIII/celeron).
In regards to Thyme's response, use your wifi router as just a wifi 'switch'... and use the box as a router. This lets all of your clients use the same internet settings. Which helps when they want to switch between wired and wireless connections. Also... it allows for easier administration of your resources (like... if you want to do some bandwidth throttling, and stuff).
Speaking from experience, a BSD box is MUCH easier to lock down and configure for router/network administration than anything that Linux can offer.
I'd choose between NetBSD and OpenBSD. The only reason I don't use OpenBSD is because I tried for days and couldn't get OpenBSD to install on my router machine (Older PIII/celeron).
In regards to Thyme's response, use your wifi router as just a wifi 'switch'... and use the box as a router. This lets all of your clients use the same internet settings. Which helps when they want to switch between wired and wireless connections. Also... it allows for easier administration of your resources (like... if you want to do some bandwidth throttling, and stuff).
- Feb 14, 2004
- 50,976
- 6,901
- 136
Well, I'd like to get a little mini-itx system to play around with. Right now, at home, I'm using a WRT54GS as my wifi router. It's working great and I want to add Sveasoft to it, but I know the firewall capabilities are limited. I think it'd be fun to learn security stuff so that I can use it in business at a later point.
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
I use IPCop which is linux based. It works great as router/firewall. Plus you can ssh in if you need to do something more advanced.
I run OpenBSD on just about everything I can get a hold of. I can't wait to set it up as a firewall/WAP again.
Linux works fine too, I just prefer OpenBSD and Packet Filter.
Linux works fine too, I just prefer OpenBSD and Packet Filter.
Another thumbs up for IPCop. Very easy to install and maintain.
A few years ago, I switched from IPCop to Smoothwall, but recently switched back to IPCop. Works great. Smoothwall development appears to have frozen.
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
IPcop has a easy install, and a really nice web interface to setup the firewall/proxy/bandwith shaping/IDS.
It doesn't do anything you cant do yourself, but it makes it a world easier to manage and maintain, plus you still can ssh in if you want to do it by hand.
At least for me its much easier to open a browser to 192.186.1.1:81 and click and type in some boxes to add port fowarding of bit torren with bandwith shapping to keep it from killing my vonage when its in use (IPcop uses wondershaper for this) then it is to do it by hand.
Another really good router/firewall distro is m0n0wall. Its bsd based and really small (like under 50megs). Its designed for embedded hardware, but it can run on a PC. Again, it doesn't do anything you can't do yourself, it just is stripped down and secured with a really nice web based interface.
It doesn't do anything you cant do yourself, but it makes it a world easier to manage and maintain, plus you still can ssh in if you want to do it by hand.
At least for me its much easier to open a browser to 192.186.1.1:81 and click and type in some boxes to add port fowarding of bit torren with bandwith shapping to keep it from killing my vonage when its in use (IPcop uses wondershaper for this) then it is to do it by hand.
Another really good router/firewall distro is m0n0wall. Its bsd based and really small (like under 50megs). Its designed for embedded hardware, but it can run on a PC. Again, it doesn't do anything you can't do yourself, it just is stripped down and secured with a really nice web based interface.
No, that's a verifiable fact. I think 3.0 was the last release IPF was in. It was quickly replaced with the world's best firewall, Packet Filter.
Any of these systems (Debian, FreeBSD, NetBSD, OpenBSD) would be fine for a firewall. Use what you know, or what you have local tech support (i.e. friends) access for.
I have used NetBSD for this, though IPF is a bit of a pain -- PF (OpenBSD) is supposed to be nicer. Of course, I haven't done anything fancy (verified exec, securelevels, etc.).
I don't know what the current state-of-the-art is for linux kernel packet filters. A couple years ago, a friend set up a packet filter for Red Hat and it was a real pain, much worse than IPF.
I have used NetBSD for this, though IPF is a bit of a pain -- PF (OpenBSD) is supposed to be nicer. Of course, I haven't done anything fancy (verified exec, securelevels, etc.).
I don't know what the current state-of-the-art is for linux kernel packet filters. A couple years ago, a friend set up a packet filter for Red Hat and it was a real pain, much worse than IPF.
I've had killer results with monowall firewall. Boots off CD and saves XML config data to a floppy. No HDD needed!
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter