I have been wanting to incorporate some security for my PC which triple boots WIN98, WIN2K and RH Linux. I am looking into a hardware firewall that I should go with that is under $200. Any suggestions? Also, what features should I look for?
Hardware firewall recommendation
- Thread starter Ace69
- Start date
Any broadband router will act as a firewall, as you can block ports. None of these will be a true dedicated hardware firewall though. Those cost a lot. You may not get full functionality for things such as logging with one of these, but it should do the job.
Pick up an old Pentium or Pentium Pro box (I saw PPro 200s for less then 100$ at a local computer show), buy a pair of NICs, and install OpenBSD (www.openbsd.org). It will be a much better deal then the various commercial solutions, and it will work just as well.
Mind if I ask... All what capabilities? Last I checked, OpenBSD was the best solution for firewalls, it is the most secure x86 solution, it comes with nothing but the basics in terms of software (secure by default), and has a ports tree in case you need anything not included with the base install. For a firewall, there really is no better solution.
N8Magic
Lifer
- Dec 12, 2000
- 11,624
- 1
- 81
Yes, but a separate box it would be considered a hardware firewall. I use Apache/1.3.9 (NetRevolution Advanced Extranet Server / Linux-Mandrake) PHP/3.0.13 on Linux.
Its more configurable that way, and hey, you just might learn something while setting it up!
Its more configurable that way, and hey, you just might learn something while setting it up!
Diffusion
I'm simply saying that if all he wants is a firewall/router, FreeSCO is probably best because it's designed to be simple and easy to setup while still being customizable. Unless he wants to learn about OpenBSD, I just think it'd be easier to use something that only suits his needs and nothing more.
I'm simply saying that if all he wants is a firewall/router, FreeSCO is probably best because it's designed to be simple and easy to setup while still being customizable. Unless he wants to learn about OpenBSD, I just think it'd be easier to use something that only suits his needs and nothing more.
<< Guys, he was asking for a hardware firewall, not software. >>
Well for $200 you can purchase a nice little machine w/ 2 nics and load e-smith on it, (which is free) and bam there you go.
You have a hardware firewall/nat/gateway/domain server/email server/web server and it takes less than 15 minutes to install and setup.
I used FreeSCO for a while, but it didn't have enough features for me.
E-smith comes with all kinds of features, built in web mail, and all the others I mentioned.
I am currently looking at the Netscreens. We use netscreens at work and they are very nice. But then again, we are using the $150,000 ones. I really do not know what I want to do because some people have just suggested to get a router/firewall, but I only have one computer. I guess it would always be nice to have expandiblity in case I want to get another PC to act as just a Linux box.
I have some friends that know alot about OpenBSD, FreeBSD, etc and I guess I could have one of them to help me set up another machine. The disadvantage of that is I have a small room in my apartment and I really don't think another PC would fit in here comfortably. I could always make it work though.
I think I am going to talk to my friends about OpenBSD and see what they say to get some other opinions. I had no idea that the Unix variants would be so secure. I have always heard that the hardware firewalls are more secure. Anyway, thanks for the suggestions and I am going to check out OpenBSD, FreeBSD and Esmith and see if those would work for me.
I really do not know what I want to do because some people have just suggested to get a router/firewall, but I only have one computer. I guess it would always be nice to have expandiblity in case I want to get another PC to act as just a Linux box.I have some friends that know alot about OpenBSD, FreeBSD, etc and I guess I could have one of them to help me set up another machine. The disadvantage of that is I have a small room in my apartment and I really don't think another PC would fit in here comfortably. I could always make it work though.
I think I am going to talk to my friends about OpenBSD and see what they say to get some other opinions. I had no idea that the Unix variants would be so secure. I have always heard that the hardware firewalls are more secure. Anyway, thanks for the suggestions and I am going to check out OpenBSD, FreeBSD and Esmith and see if those would work for me.
Quickly looking a the e-smith website, I noticed that it onoly uses DHCP instead of static private IPs (like 192.168.X.X type). Is there any benefit or weakness to this? I currenty run a RH 6.2 (Pentium I 166 MHz) as my NAT/Gateway, but I may go with FreeSCO or LinuxRouterProject box when I move away from DSL to cable modem. Anyway, can someone tell me the benefits of e-smith vs. these other options?
It need not be all that big... Check out http://www.obsolyte.com/sun_lx/, those old Sun "lunchbox" style chassis are pretty small, they will run OpenBSD, you can get them for under 20$ each, and you can add two ethernet cards too them (not certain if the LX has 10bT or AUI connectors, so you might only need to add one additional ethernet card). The cards go for about 50$ on EBay, and the SPARCstations go for about 15$. For 65$, it would make quite a nice firewall. Keep in mind however, that you need either a null modem (to access the console), or a Sun monitor and keyboard to log into one, null modems are pretty cheap, theres a guide on which type you need here, but you can expect to set up a full firewall for under 100$. If you can scrounge around in the right places, you can set one up using one of these machines for under 50$ or so. OpenBSD runs really well on old Sun hardware, just avoid setting up XWindows unless you have a 100mhz or above machine.
<< I noticed that it onoly uses DHCP instead of static private IPs >>
I'm tired as hell, could you clarify that statement for me.
I just bought a Netgear cable modem/DSL firewall router (model RO318). Paid $179.00 USD for it at a local electronics store (Fry's Electronics). You can get it cheaper mail order (@ $150.00 through http://www.thenerds.net) but I didn't want to hassle returning it if it didn't work the way I wanted.
So far I'm very pleased with this box. It appears to be secure (it employs NAT for broadband sharing/security AND in addition to NAT, it uses stateful packet inspection for its firewall function). It has a built-in 8-port 10/100 switch and was a real breeze to install. It took me all of 15 minutes to set it up (the interface is web based, slick, and very intuitive). Within an hour or so I had most of the features figured out. The one feature that I like is that if it detects an intrusion or an attempt, it will email me a warning. I haven't tested any of this other than to use the basic security tests at Steve Gibson's web site, http://www.grc.com. Using the Shields Up and port scan utilities, all of my ports show up as stealth (this is with the default settings, BTW). I plan to install a s/w firewall in addition, the free version of ZoneAlarm on each of my PCs to provide outbound protection.
This box is also very, very FAST. I did some checks with various web sites for up/down speeds with and without this box connected and did not notice any difference!
So far I'm very pleased with this box. It appears to be secure (it employs NAT for broadband sharing/security AND in addition to NAT, it uses stateful packet inspection for its firewall function). It has a built-in 8-port 10/100 switch and was a real breeze to install. It took me all of 15 minutes to set it up (the interface is web based, slick, and very intuitive). Within an hour or so I had most of the features figured out. The one feature that I like is that if it detects an intrusion or an attempt, it will email me a warning. I haven't tested any of this other than to use the basic security tests at Steve Gibson's web site, http://www.grc.com. Using the Shields Up and port scan utilities, all of my ports show up as stealth (this is with the default settings, BTW). I plan to install a s/w firewall in addition, the free version of ZoneAlarm on each of my PCs to provide outbound protection.
This box is also very, very FAST. I did some checks with various web sites for up/down speeds with and without this box connected and did not notice any difference!
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter