• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Looking for a low-cost mid-level dedicated firewall for my web server

D

DonBlack

Senior member
I'm currently using a NetGear RT314 as a firewall to my webserver. And it works pretty well. But it's not designed for the traffic that I'm getting on the server and it's become a bottleneck.

Can anyone thus recommend a dedicated firewall that can basically have more than 1 IP address on the internet side and forward ports internally based on the external IP address?

I don't need complicated spam filters or anything like that which you find in most "small business" firewalls. And I'm not really interested in turning a computer into a firewall thereby creating yet another box to administer.

Thanks guys!
 
Originally posted by: DonBlack
I'm currently using a NetGear RT314 as a firewall to my webserver. And it works pretty well. But it's not designed for the traffic that I'm getting on the server and it's become a bottleneck.

Can anyone thus recommend a dedicated firewall that can basically have more than 1 IP address on the internet side and forward ports internally based on the external IP address?

I don't need complicated spam filters or anything like that which you find in most "small business" firewalls. And I'm not really interested in turning a computer into a firewall thereby creating yet another box to administer.

Thanks guys!
Click to expand...


VPN-1 Edge X8
 
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

OpenBSD + pf is easier and smaller. 😛

Seriously, though, I built an OpenBSD firewall with a EPIA PD6000 motherboard, 256mb RAM, 512mb IDE flash module, and a slim CDROM. It's extremely stable. Its on of those things that you just set and forget. The only moving part is the single case fan.
 
Originally posted by: EatSpam
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

OpenBSD + pf is easier and smaller. 😛

Seriously, though, I built an OpenBSD firewall with a EPIA PD6000 motherboard, 256mb RAM, 512mb IDE flash module, and a slim CDROM. It's extremely stable. Its on of those things that you just set and forget. The only moving part is the single case fan.
Click to expand...

Very nice! how did you pare down the install? Last time I got something going that small, it was a minimal build of freebsd 4.4 on a 330 MB hard drive. It still works as a firewall using IPFW, my first proyect😛

Where did you get the flash module, and how much? did you burn some of the files to the CD and have that actively mounted?
 
Originally posted by: skyking
Originally posted by: EatSpam
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

OpenBSD + pf is easier and smaller. 😛

Seriously, though, I built an OpenBSD firewall with a EPIA PD6000 motherboard, 256mb RAM, 512mb IDE flash module, and a slim CDROM. It's extremely stable. Its on of those things that you just set and forget. The only moving part is the single case fan.
Click to expand...

Very nice! how did you pare down the install? Last time I got something going that small, it was a minimal build of freebsd 4.4 on a 330 MB hard drive. It still works as a firewall using IPFW, my first proyect😛

Where did you get the flash module, and how much? did you burn some of the files to the CD and have that actively mounted?
Click to expand...

OpenBSD has a very small install footprint. Don't install any of the X packages or the games and its very tiny. Mine is around 250mb in size. I broke a few rules in my install. I only have one partition, '/', and no swap. I take a peak at top every now and then and memory use is <20mb, so that 256mb of RAM has a lot of headroom.

LogicSupply sells several versions of the Transcend IDE flash module that I used. The 512mb module is going for $71. The biggest they sell is 2gig...

I only used the CDROM for the install...nothing else. Its been sitting unused for many many months.

I imagine that my hardware setup could also be used for stuff like IPCOP, m0n0wall, or Smoothwall, too.
 
Originally posted by: EatSpam
Originally posted by: skyking
Originally posted by: EatSpam
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

OpenBSD + pf is easier and smaller. 😛

Seriously, though, I built an OpenBSD firewall with a EPIA PD6000 motherboard, 256mb RAM, 512mb IDE flash module, and a slim CDROM. It's extremely stable. Its on of those things that you just set and forget. The only moving part is the single case fan.
Click to expand...

Very nice! how did you pare down the install? Last time I got something going that small, it was a minimal build of freebsd 4.4 on a 330 MB hard drive. It still works as a firewall using IPFW, my first proyect😛

Where did you get the flash module, and how much? did you burn some of the files to the CD and have that actively mounted?
Click to expand...

OpenBSD has a very small install footprint. Don't install any of the X packages or the games and its very tiny. Mine is around 250mb in size. I broke a few rules in my install. I only have one partition, '/', and no swap. I take a peak at top every now and then and memory use is <20mb, so that 256mb of RAM has a lot of headroom.

LogicSupply sells several versions of the Transcend IDE flash module that I used. The 512mb module is going for $71. The biggest they sell is 2gig...

I only used the CDROM for the install...nothing else. Its been sitting unused for many many months.

I imagine that my hardware setup could also be used for stuff like IPCOP, m0n0wall, or Smoothwall, too.
Click to expand...

if you are a fan of pf, try pfsense.....runs wonderfully...basically a derivative of m0n0wall.
 
Thanks for the recommendations guys. However, I'm really looking for an "appliance" type product like the VPN-1 Edge X8 that was mentioned.

Ideally, it would be Gigabit and $800 or less.
 
TCP/IP Filtering

Assuming you use Windows 2000/XP/2003, go to Network Connections.

Right-click on the network connection, and select Properties.

Click Internet Protocol (TCP/IP) and click Properties.

Click the Advanced button.

Click the Options tab.

Click Properties.
 
Thanks. I think I've resigned myself into setting up another machine. The dedicated appliances (gigabit) are all too much $ unfortunately and have a bunch of features that I don't need.
 
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

Linux + Ethernet Bridge + ebtables + iptables + arptables(never used this) ... remotely acessable or not, your choice 🙂... might be worth a look... could get pretty small as well...
 
BTW if for some reason you need something that goes beyond layers 2-3, you need a transparent proxy to take care of 4-7...
 
Originally posted by: Bluestealth
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

Linux + Ethernet Bridge + ebtables + iptables + arptables(never used this) ... remotely acessable or not, your choice 🙂... might be worth a look... could get pretty small as well...
Click to expand...


Real small. I once squeezed Linux and a good subset of GNU tools into about 4MB, and that's including all the extra bits and pieces I wrote to sit on top of netfilter. It runs on a 300Mhz 586 SBC that only takes CF cards, so you have to write log files out to a romote machine, and you can't have a swap space _but_ it's completely silent.
 
Originally posted by: Atheus
Originally posted by: Bluestealth
Originally posted by: nweaver
linux + iptables ftw
Click to expand...

Linux + Ethernet Bridge + ebtables + iptables + arptables(never used this) ... remotely acessable or not, your choice 🙂... might be worth a look... could get pretty small as well...
Click to expand...


Real small. I once squeezed Linux and a good subset of GNU tools into about 4MB, and that's including all the extra bits and pieces I wrote to sit on top of netfilter. It runs on a 300Mhz 586 SBC that only takes CF cards, so you have to write log files out to a romote machine, and you can't have a swap space _but_ it's completely silent.
Click to expand...

cool; sort of like m0n0wall ,which uses 6MB😀
 
Originally posted by: Goosemaster
Originally posted by: Bluestealth
BTW if for some reason you need something that goes beyond layers 2-3, you need a transparent proxy to take care of 4-7...
Click to expand...

links?😀
Click to expand...

Haven't really played arround with it but I found this Safesquid
If you needed a cacheing proxy I have heard good things about Squidm think it can be configured to filter as well.
Squid
Also interestingly enough there is another called Proxy 😛
Proxy
Also one called transparent proxy
Transparent Proxy

Found so many... not sure which ones are good, which ones are bad, there are howto's out there to do ethernet bridging with transparent proxying as well... insanity 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top