On 2008-01-18, robertbbm@tidni.com wrote:

> So what do you suggest? A hardware firewall off-the-shelf or a
> firewall built from an old PC/laptop under linux? Has anyone tried
> this with success?

A hardware firewall has the advantage of just plugging it in and letting
it work, but is less flexible than doing it with linux on your old
laptop. You'll want 2 network interfaces on the laptop if you decide to
go that route.

--

John (john@os2.dhs.org)

On Fri, 18 Jan 2008 13:29:52 -0800, robertbbm wrote:

> I had a question about firewalls. I have a network at home that
> consist:
>
>
> Cable Modem ----> Linksys Router ---> 24 Port Switcher ---> Multi-
> ports through out my home.
>
>
> I would like to place a firewall in between the modem and router or
> replace the router with a router/firewall. One of the option I have
> been looking at is a linux-based firewall running on a laptop (like
> floppyfw, smoothwall). I came across an old laptop (Penitum I, 128MB,
> CD, Floppy, no harddrive). I downloaded floppyfw and it booted the
> laptop, but requires configuration. That's as far as I got.
>
> I like the idea of using Linux, eventhough I have no knowledge of it. I
> did built a NAS using a linux software called NAS Lite. The OS boots up
> from a floppy and everyone on my network can access the drives. The
> network drives have been running for over 8 mouths without any problems.
>
> So what do you suggest? A hardware firewall off-the-shelf or a firewall
> built from an old PC/laptop under linux? Has anyone tried this with
> success?

I have my FIOS connection plugged into my Linux box and run a iptables /
firewall script on it. I'm probably aby-normal... those cute little
routers with the built in firewall are easy to run, but if you want to
do 'special things'... it's easier to customize an iptables script or
a dhcp.conf file. ... for example.. I have about 15 different systems
in my home office... they all use dhcp to get an ip address... ( dhcp
is easy to set up ) but I like 'fixed' ips, so assign fixed ip's using
dhcp... you generally can't do that with a pre-configured router.

I also run vm instances and use iptables to move things between
machines... again... not easy to do with most off-the-shelf routers.


As for a laptop running a firewall.... most laptops are not designed to
do 24x7x365. They generate a lot of heat and can't dissipate it as well
as a desktop box. It might be ok... but a cheap frys's motherboard / cpu
and clone case will be cheaper and easier to upgrade hardware.

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson

On 2008-01-18, John Thompson wrote:
> On 2008-01-18, robertbbm@tidni.com wrote:
>
>> So what do you suggest? A hardware firewall off-the-shelf or a
>> firewall built from an old PC/laptop under linux? Has anyone tried
>> this with success?
>
> A hardware firewall has the advantage of just plugging it in and letting
> it work, but is less flexible than doing it with linux on your old
> laptop. You'll want 2 network interfaces on the laptop if you decide to
> go that route.
>

He does not need to have two interfaces. I know this for sure as I
have a Linux firewall with just one. The home network should have
private IP addresses. The linux box would be in the middle between
them and internet.

some entries from my comfig files

$IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward # - Enables packet forwarding by kernel


i

On Fri, 18 Jan 2008 20:01:16 -0600, Ignoramus29897 wrote:

>On 2008-01-18, John Thompson wrote:
>> On 2008-01-18, robertbbm@tidni.com wrote:
>>
>>> So what do you suggest? A hardware firewall off-the-shelf or a
>>> firewall built from an old PC/laptop under linux? Has anyone tried
>>> this with success?
>>
>> A hardware firewall has the advantage of just plugging it in and letting
>> it work, but is less flexible than doing it with linux on your old
>> laptop. You'll want 2 network interfaces on the laptop if you decide to
>> go that route.
>>
>
>He does not need to have two interfaces. I know this for sure as I
>have a Linux firewall with just one. The home network should have
>private IP addresses. The linux box would be in the middle between
>them and internet.

And what interface does the Internet come in on?
>
>some entries from my comfig files
>
>$IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
>
>echo 1 > /proc/sys/net/ipv4/ip_forward # - Enables packet forwarding by kernel
>
>
>i

--
http://bugsplatter.mine.nu/

Am Sat, 19 Jan 2008 20:04:13 +1100 schrieb Grant:


> And what interface does the Internet come in on?

I guess he use 802.1q.

On 2008-01-19, Grant wrote:
> On Fri, 18 Jan 2008 20:01:16 -0600, Ignoramus29897 wrote:
>
>>On 2008-01-18, John Thompson wrote:
>>> On 2008-01-18, robertbbm@tidni.com wrote:
>>>
>>>> So what do you suggest? A hardware firewall off-the-shelf or a
>>>> firewall built from an old PC/laptop under linux? Has anyone tried
>>>> this with success?
>>>
>>> A hardware firewall has the advantage of just plugging it in and letting
>>> it work, but is less flexible than doing it with linux on your old
>>> laptop. You'll want 2 network interfaces on the laptop if you decide to
>>> go that route.
>>>
>>
>>He does not need to have two interfaces. I know this for sure as I
>>have a Linux firewall with just one. The home network should have
>>private IP addresses. The linux box would be in the middle between
>>them and internet.
>
> And what interface does the Internet come in on?

Same interface. All computers are plugged into the same hub or switch.

The private computers have 10.* IP addresses and route through the
Linux box.

i

>>some entries from my comfig files
>>
>>$IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
>>
>>echo 1 > /proc/sys/net/ipv4/ip_forward # - Enables packet forwarding by kernel
>>
>>
>>i
>