Building a Firewall out of a Laptop - Networking

This is a discussion on Building a Firewall out of a Laptop - Networking ; I had a question about firewalls. I have a network at home that consist: Cable Modem ----> Linksys Router ---> 24 Port Switcher ---> Multi- ports through out my home. I would like to place a firewall in between the ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Building a Firewall out of a Laptop

  1. Building a Firewall out of a Laptop

    I had a question about firewalls. I have a network at home that
    consist:


    Cable Modem ----> Linksys Router ---> 24 Port Switcher ---> Multi-
    ports through out my home.


    I would like to place a firewall in between the modem and router or
    replace the router with a router/firewall. One of the option I have
    been looking at is a linux-based firewall running on a laptop (like
    floppyfw, smoothwall). I came across an old laptop (Penitum I, 128MB,
    CD, Floppy, no harddrive). I downloaded floppyfw and it booted the
    laptop, but requires configuration. That's as far as I got.

    I like the idea of using Linux, eventhough I have no knowledge of it.
    I did built a NAS using a linux software called NAS Lite. The OS
    boots up from a floppy and everyone on my network can access the
    drives. The network drives have been running for over 8 mouths
    without any problems.

    So what do you suggest? A hardware firewall off-the-shelf or a
    firewall built from an old PC/laptop under linux? Has anyone tried
    this with success?

  2. Re: Building a Firewall out of a Laptop

    On 2008-01-18, robertbbm@tidni.com wrote:

    > So what do you suggest? A hardware firewall off-the-shelf or a
    > firewall built from an old PC/laptop under linux? Has anyone tried
    > this with success?


    A hardware firewall has the advantage of just plugging it in and letting
    it work, but is less flexible than doing it with linux on your old
    laptop. You'll want 2 network interfaces on the laptop if you decide to
    go that route.

    --

    John (john@os2.dhs.org)

  3. Re: Building a Firewall out of a Laptop

    On Fri, 18 Jan 2008 13:29:52 -0800, robertbbm wrote:

    > I had a question about firewalls. I have a network at home that
    > consist:
    >
    >
    > Cable Modem ----> Linksys Router ---> 24 Port Switcher ---> Multi-
    > ports through out my home.
    >
    >
    > I would like to place a firewall in between the modem and router or
    > replace the router with a router/firewall. One of the option I have
    > been looking at is a linux-based firewall running on a laptop (like
    > floppyfw, smoothwall). I came across an old laptop (Penitum I, 128MB,
    > CD, Floppy, no harddrive). I downloaded floppyfw and it booted the
    > laptop, but requires configuration. That's as far as I got.
    >
    > I like the idea of using Linux, eventhough I have no knowledge of it. I
    > did built a NAS using a linux software called NAS Lite. The OS boots up
    > from a floppy and everyone on my network can access the drives. The
    > network drives have been running for over 8 mouths without any problems.
    >
    > So what do you suggest? A hardware firewall off-the-shelf or a firewall
    > built from an old PC/laptop under linux? Has anyone tried this with
    > success?


    I have my FIOS connection plugged into my Linux box and run a iptables /
    firewall script on it. I'm probably aby-normal... those cute little
    routers with the built in firewall are easy to run, but if you want to
    do 'special things'... it's easier to customize an iptables script or
    a dhcp.conf file. ... for example.. I have about 15 different systems
    in my home office... they all use dhcp to get an ip address... ( dhcp
    is easy to set up ) but I like 'fixed' ips, so assign fixed ip's using
    dhcp... you generally can't do that with a pre-configured router.

    I also run vm instances and use iptables to move things between
    machines... again... not easy to do with most off-the-shelf routers.


    As for a laptop running a firewall.... most laptops are not designed to
    do 24x7x365. They generate a lot of heat and can't dissipate it as well
    as a desktop box. It might be ok... but a cheap frys's motherboard / cpu
    and clone case will be cheaper and easier to upgrade hardware.

    --
    D.A.M. - Mothers Against Dyslexia

    see http://www.jacksnodgrass.com for my contact info.

    jack - Grapevine/Richardson

  4. Re: Building a Firewall out of a Laptop

    On 2008-01-18, John Thompson wrote:
    > On 2008-01-18, robertbbm@tidni.com wrote:
    >
    >> So what do you suggest? A hardware firewall off-the-shelf or a
    >> firewall built from an old PC/laptop under linux? Has anyone tried
    >> this with success?

    >
    > A hardware firewall has the advantage of just plugging it in and letting
    > it work, but is less flexible than doing it with linux on your old
    > laptop. You'll want 2 network interfaces on the laptop if you decide to
    > go that route.
    >


    He does not need to have two interfaces. I know this for sure as I
    have a Linux firewall with just one. The home network should have
    private IP addresses. The linux box would be in the middle between
    them and internet.

    some entries from my comfig files

    $IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

    echo 1 > /proc/sys/net/ipv4/ip_forward # - Enables packet forwarding by kernel


    i

  5. Re: Building a Firewall out of a Laptop

    On Fri, 18 Jan 2008 20:01:16 -0600, Ignoramus29897 wrote:

    >On 2008-01-18, John Thompson wrote:
    >> On 2008-01-18, robertbbm@tidni.com wrote:
    >>
    >>> So what do you suggest? A hardware firewall off-the-shelf or a
    >>> firewall built from an old PC/laptop under linux? Has anyone tried
    >>> this with success?

    >>
    >> A hardware firewall has the advantage of just plugging it in and letting
    >> it work, but is less flexible than doing it with linux on your old
    >> laptop. You'll want 2 network interfaces on the laptop if you decide to
    >> go that route.
    >>

    >
    >He does not need to have two interfaces. I know this for sure as I
    >have a Linux firewall with just one. The home network should have
    >private IP addresses. The linux box would be in the middle between
    >them and internet.


    And what interface does the Internet come in on?
    >
    >some entries from my comfig files
    >
    >$IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    >
    >echo 1 > /proc/sys/net/ipv4/ip_forward # - Enables packet forwarding by kernel
    >
    >
    >i


    --
    http://bugsplatter.mine.nu/

  6. Re: Building a Firewall out of a Laptop

    Am Sat, 19 Jan 2008 20:04:13 +1100 schrieb Grant:


    > And what interface does the Internet come in on?


    I guess he use 802.1q.

  7. Re: Building a Firewall out of a Laptop

    On 2008-01-19, Grant wrote:
    > On Fri, 18 Jan 2008 20:01:16 -0600, Ignoramus29897 wrote:
    >
    >>On 2008-01-18, John Thompson wrote:
    >>> On 2008-01-18, robertbbm@tidni.com wrote:
    >>>
    >>>> So what do you suggest? A hardware firewall off-the-shelf or a
    >>>> firewall built from an old PC/laptop under linux? Has anyone tried
    >>>> this with success?
    >>>
    >>> A hardware firewall has the advantage of just plugging it in and letting
    >>> it work, but is less flexible than doing it with linux on your old
    >>> laptop. You'll want 2 network interfaces on the laptop if you decide to
    >>> go that route.
    >>>

    >>
    >>He does not need to have two interfaces. I know this for sure as I
    >>have a Linux firewall with just one. The home network should have
    >>private IP addresses. The linux box would be in the middle between
    >>them and internet.

    >
    > And what interface does the Internet come in on?


    Same interface. All computers are plugged into the same hub or switch.

    The private computers have 10.* IP addresses and route through the
    Linux box.

    i

    >>some entries from my comfig files
    >>
    >>$IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    >>
    >>echo 1 > /proc/sys/net/ipv4/ip_forward # - Enables packet forwarding by kernel
    >>
    >>
    >>i

    >


+ Reply to Thread