Hardware firewall/router

Moderator: The Mod Squad

Hardware firewall/router

Postby filecore » Mon Jul 26, 2004 12:54 am

I want to do this because I've had some rough dealings with internet security recently and besides, it's good practice. However I don't know so much about networking. Here's what I've synthesised from my own experience and from others' suggestions:

I take a second machine with two network cards. In this machine, I disable all services (how best to go about this?) and run an OS with no writable sectors - Knoppix booting from CD on startup. I route the internet connection via this computer into the other (how best to set this up?) which is running NAV, ZA, registry monitors, spyware monitors, memory monitors, the usual plethora of security features.

What I'm not sure about (apart from the questions in the previous paragraph) are also what effect does this have on network speed/stability by routing it through a comparatively slower machine, and what techniques are best to accomplish this. Also suggestions for an alternate setup are welcome.

/me googles for more information now
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.

Postby kokalo » Mon Jul 26, 2004 2:59 am

Speed won't be an issue, unless you have multiple T1/E1 connections and dozen(s) of sub-networks with hundreds of PCs.
I would suggest Smoothwall, Freesco, ar a LEAF distro (Linux Embedded Appliance Firewall). Depending on what you are going to do and how, you may be able to run an installer of the bootable CD and store network particular settings on a floppy (which can afterwards be write-protected).
You can keep a HDD in the system as well, if you want to keep logs of traffic.
Sorry, can't help much more, cause I haven't quite done it myself yet - I'm in the middle of researching on what to do and how for my Final Project (Degree), and if I'm succesfull, I'll keep it for at home, with, possibly an addition of Wi-Fi support.
Check out some of the other threads in networking and OS/Linux sections, you may find something useful there.
GL :D
ImageImage

P3! (No, not PIII)
kokalo
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1074
Joined: Wed Jun 30, 2004 3:13 pm
Location: Downunder (NZ)

Postby filecore » Mon Jul 26, 2004 3:01 am

Thanks for the info! I'll look into that - admittedly, it hadn't occurred to me to use a floppy to store the internet settings on. It's always the simplest things you overlook! Anyway thanks again and feel free to post more hints and tips as your work progresses :D
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.

Postby cj.pope » Mon Jul 26, 2004 12:57 pm

Tried freesco router which has a built in firewall and can run just in memory or from floppy/hard drive. Managed to get two pcs sharing but needed three finally bought a router and solved problem.

thread http://www.motherboards.org/forums/view ... highlight=

Thanks to BrevCampagnolo

There are several Leenuks projects to create routers from old PC hardware, but I don’t know what the maximum number of NICs they’ll support is. www.freesco.org distributes a Leenuks freeware that will support two modems and three NICs, but I don’t know who does more than three.
e-machine 350 1.3ghz 40gb hd 256mb mem
gigabyte bx2000 0.5ghz 650mb hd 256mb mem
cj.pope
Green Belt
Green Belt
 
Posts: 201
Joined: Tue Oct 14, 2003 6:17 pm
Location: Norwich, UK

Postby evasive » Thu Sep 23, 2004 1:08 pm

Your system can still be compromised if you ahppen to click the wrong link or button. Beware.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest