FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 04-06-2010, 03:57 PM
Kwan Lowe
 
Default recommend hardware firewall

On Tue, Apr 6, 2010 at 11:33 AM, Bruno Wolff III <bruno@wolff.to> wrote:

> Remember that there are also power costs. The $50 routers don't draw as much
> power as an old repurposed general purpose machine is going to. They also
> come with wireless support.
>
> Depending on what you are going to do with the firewall, it might also be
> cheaper to buy just one network card and an unmanaged switch. (8 port switches
> were going for about $20 a few years ago.)

I'm putting together an Atom-based system for just this purpose. Power
consumption is not as low as a $50 router (and probably never could
be), but I'm adding three NICs (1 dual, 1 single port) so that I can
create a DMZ and LAN and a separate management port. It should come
in at just under $250, which is quite a bit less than a dedicated
router/firewall with similar capability.

Though Fedora is an option, I may end up using one of the Firewall
distros since they include some nice web front-ends.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-06-2010, 04:18 PM
Bruno Wolff III
 
Default recommend hardware firewall

On Tue, Apr 06, 2010 at 11:57:14 -0400,
Kwan Lowe <kwan@digitalhermit.com> wrote:
>
> I'm putting together an Atom-based system for just this purpose. Power
> consumption is not as low as a $50 router (and probably never could
> be), but I'm adding three NICs (1 dual, 1 single port) so that I can
> create a DMZ and LAN and a separate management port. It should come
> in at just under $250, which is quite a bit less than a dedicated
> router/firewall with similar capability.

Note that you can do this with the $50 routers as well. The hardware in
those cheap boxes is pretty amazing. The two Buffalo routers I have
(WHR G54S and WHR G125) have hardware switchs that do vlans. So with proper
configuration you have vlans supported by hardware. (The default is for
the 4 lan ports to be in the same vlan and to bridge that with the wireless
port.)

Your machine is probably better if you want to run services on the firewall
(such as asterisk or a web server), but for just firewalling and traffic
control, you probably could get by with a $50 router.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-06-2010, 05:40 PM
Michael Miles
 
Default recommend hardware firewall

Lots of great stuff here

Thanks everyone.

Why use Windows when you can use Fedora



On 04/06/2010 09:18 AM, Bruno Wolff III wrote:
> On Tue, Apr 06, 2010 at 11:57:14 -0400,
> Kwan Lowe<kwan@digitalhermit.com> wrote:
>
>> I'm putting together an Atom-based system for just this purpose. Power
>> consumption is not as low as a $50 router (and probably never could
>> be), but I'm adding three NICs (1 dual, 1 single port) so that I can
>> create a DMZ and LAN and a separate management port. It should come
>> in at just under $250, which is quite a bit less than a dedicated
>> router/firewall with similar capability.
>>
> Note that you can do this with the $50 routers as well. The hardware in
> those cheap boxes is pretty amazing. The two Buffalo routers I have
> (WHR G54S and WHR G125) have hardware switchs that do vlans. So with proper
> configuration you have vlans supported by hardware. (The default is for
> the 4 lan ports to be in the same vlan and to bridge that with the wireless
> port.)
>
> Your machine is probably better if you want to run services on the firewall
> (such as asterisk or a web server), but for just firewalling and traffic
> control, you probably could get by with a $50 router.
>

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-08-2010, 05:13 PM
Bill Davidsen
 
Default recommend hardware firewall

Michael Miles wrote:

> It looks like the default desktop config for firewall lets everything
> through
>
Don't be misled by the policy, the last rule can be read "If it isn't accepted
by now tell it to go away." I do have my policy set to DROP, though, just in
case I manage to test something and knock out the REJECT rule. And I DROP a few
things just in case a probe is waiting for any response.

I actually use a whole separate table for TCP,SYN packets, I have some rejects
and what-not there.

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-08-2010, 05:14 PM
Bill Davidsen
 
Default recommend hardware firewall

Tim wrote:
> On Sun, 2010-04-04 at 10:22 -0700, Michael Miles wrote:
>> Is it better to run firewall through fedora 12 or through router or both
>
> A firewall at the router can stop things at the boundary, but depending
> on how it's implemented, may not stop things between clients within your
> LAN. That's probably not an issue at home, but would be at a more
> public LAN (school, office, cafe, etc.).
>
Only if you have things on a separate subnet. Otherwise node just talk to each
other without the firewall getting involved.

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-08-2010, 05:21 PM
Bill Davidsen
 
Default recommend hardware firewall

Kwan Lowe wrote:
> On Tue, Apr 6, 2010 at 11:33 AM, Bruno Wolff III <bruno@wolff.to> wrote:
>
>> Remember that there are also power costs. The $50 routers don't draw as much
>> power as an old repurposed general purpose machine is going to. They also
>> come with wireless support.
>>
>> Depending on what you are going to do with the firewall, it might also be
>> cheaper to buy just one network card and an unmanaged switch. (8 port switches
>> were going for about $20 a few years ago.)
>
> I'm putting together an Atom-based system for just this purpose. Power
> consumption is not as low as a $50 router (and probably never could
> be), but I'm adding three NICs (1 dual, 1 single port) so that I can
> create a DMZ and LAN and a separate management port. It should come
> in at just under $250, which is quite a bit less than a dedicated
> router/firewall with similar capability.
>
If you can do that with new hardware I'd love to know what you're using. I am
planning just that, and grabbed an SSD just to reduce power/noise, but haven't
bought the rest of it. What hardware are you using?

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-08-2010, 06:12 PM
Bill Davidsen
 
Default recommend hardware firewall

Michael Miles wrote:

> So if I wanted to create a separate machine and put 3 or 4 good lan
> adapters on a amd xp 1500
> install fedora 12 and use it as a firewall only, would probably be a
> good alternative to a 100 dollar router
>
If all you want is the capabilities of a $50 router, then that's all you need to
spend. If you want additional capabilities, the small Linux system becomes far
more cost effective. You have to define what you need first, and what would be
useful 2nd, then decide what works for you.


--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-08-2010, 07:14 PM
Michael Miles
 
Default recommend hardware firewall

On 04/08/2010 10:21 AM, Bill Davidsen wrote:
> Kwan Lowe wrote:
>
>> On Tue, Apr 6, 2010 at 11:33 AM, Bruno Wolff III<bruno@wolff.to> wrote:
>>
>>
>>> Remember that there are also power costs. The $50 routers don't draw as much
>>> power as an old repurposed general purpose machine is going to. They also
>>> come with wireless support.
>>>
>>> Depending on what you are going to do with the firewall, it might also be
>>> cheaper to buy just one network card and an unmanaged switch. (8 port switches
>>> were going for about $20 a few years ago.)
>>>
>> I'm putting together an Atom-based system for just this purpose. Power
>> consumption is not as low as a $50 router (and probably never could
>> be), but I'm adding three NICs (1 dual, 1 single port) so that I can
>> create a DMZ and LAN and a separate management port. It should come
>> in at just under $250, which is quite a bit less than a dedicated
>> router/firewall with similar capability.
>>
>>
> If you can do that with new hardware I'd love to know what you're using. I am
> planning just that, and grabbed an SSD just to reduce power/noise, but haven't
> bought the rest of it. What hardware are you using?
>
>
Right now I am just using a linksys BEFSR 41 as a access point and not
router.
It has built in firewall that I can see.
I am going to set up a small broadcast web based tv show on my favorite
topic.
"Captain Cannabis News Hour"

What I am going to do is set up a old athlon xp 1500 and probably use
BSD as the OS

I have not decided on an actual firewall package and still looking for
the best route.
Cost is nil considering I have enough parts to build several computers.

Hardwire everything for speed.

I need to trap IP's as they connect to see how many are actually tuning in.

I used Bitdefender on my old Win 7 computer and I liked the interface on
firewall.

Does Fedora have a good GUI driven firewall package.
I found Bitdefender AV for unix type machines but no firewall package
for Fedora

I am really new to Fedora.
The last os that I had that resembled linux was the Amiga 3.1 system

That was back in 94 -95


one thing for sure is that OS just rocked for functionality

I really miss it
Now I see Amiga really did not die just got Realllllly expensive


I use now a Phenom 2 945 overclocked to 3.7 and wow, it's fast
Temp is hovering at 35C so handling it very well
Of course the cover is not on the computer and I have a big fan blowing
right on it

Better than spending 500 bucks on a Water cooled unit

That's where I am at

Michael Miles
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-09-2010, 11:55 AM
Tim
 
Default recommend hardware firewall

Tim:
>> A firewall at the router can stop things at the boundary, but
>> depending on how it's implemented, may not stop things between
>> clients within your LAN. That's probably not an issue at home, but
>> would be at a more public LAN (school, office, cafe, etc.).

Bill Davidsen:
> Only if you have things on a separate subnet. Otherwise node just talk
> to each other without the firewall getting involved.

If your router really is a router, then it controls all the traffic
going through it, and nothing can talk directly to each other unless it
permits it.

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 06:51 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org