[KLUG Members] re: choice of i-filter/firewall/squid box

[Mike Williams]

>
> Subject:
> [KLUG Members] choice of i-filter/firewall/squid box
> From:
> "J.A. Sarma" <jqaksl1967@quixnet.net>
> Date:
> Thu, 1 Apr 2004 20:57:48 -0500
>
> To:
> <members@kalamazoolinux.org>
>
>
>I am asking for some guidance on a choice of /firewall/squid/& internet web
>filtering/ for a small school lab environment.  There is already a Windows
>2000 server and a separate Printserver locked in place, along with WinNT
>boxes for teacher access.
>
>There have been many positive responses with a tryout of an LTSP & thin
>client setup.  Now there is a requirement to install a box between the
>broadband cable modem and the rest of the school's internal LAN to filter
>Internet access.
>
>My first choices have been a second box with an LTSP install with
>squid/squidguard/shorewall and two ethernet NIC's.  Other possibilities are
>a box with Devil-Linux, if I can run squid and squidguard on it.  There
>might be other suggestions.
>
>Recommendations, Anyone?
>
>John S., KLUG supporting member.
>  
>

I'd give Astaro Linux a try.  It's a commercial package, but you get a 
lot for your $400.  That's if you even have to buy the commercial flavor 
for a non-profit organization..  Anyway, I tried out Smoothwall and 
Gibraltar before moving to Astaro.  Smoothwall's web management was laid 
out strangely, and Gibraltar's web management was, well, absent.  
Configuring Astaro is complicated at first, but only because it's so 
flexible.  Installation was flawless, and I was particularly impressed 
to find that every single process running on the box is chrooted.  I 
think there's a content filtering option on the commercial version, but 
I've never played with it.  Just within the last few days they released 
a new version.  I hope they're continuing the "free for non-commercial 
use" policy. 

BTW, I agree with previous posts that you want your firewall to be a 
dedicated box.  Don't try to run LTSP on it.