[KLUG Members] Broadband firewalls.
Bruce Smith
members@kalamazoolinux.org
06 Dec 2002 11:06:14 -0500
As another option for those extremely frugal people: It was noted at the
recent KLUG firewall presentation that people have been buying Pentium
class PC's, more than capable of handling broadband, as cheap as $5 at
the computers sales that come to the fairgrounds ~~monthly. Those boxes
run IPCop, FloppyFW and other FREE Linux based dedicated firewalls fine.
(I'm not saying anything bad about the NetGear solution, only mentioning
a different choice - I don't know anything about the NetGear box)
As for wireless, the last I heard security is weak. At my home, I put
my WAP (Wireless Access Point) in it's own subnet on a DMZ (a 3rd NIC)
off my Devil-Linux Linux based firewall to isolate it from my desktops.
(another nice option some firewalls offer is a DMZ for servers/WAPs/etc)
> I just replaced my OpenBSD broadband firewall/gateway with dedicated
> hardware. I freed up a computer I paid $800 for (three years ago)
> and got one noisy fan out of my office.
>
> I did have to move my network's stunnel connection point and DNS to
> another machine, but that's OK, my backup server wasn't doing much
> anyway.
>
> I bought a NetGear MR314, which is not only a cable/DSL modem and
> LAN gateway, but also a wireless access point. So it replaced both
> the (depreciated) $800 computer and the (still!) $300 Apple Airport
> Base Station. It cost me $99 plus shipping.
>
> So far I'm quite happy with it. Configuration was easy, much easier
> than either OpenBSD or the Airport Base Station, and I'm confident
> about security.
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------