[Cialug] New Firewall
icepuck2k at mchsi.com
Fri Jan 5 17:46:17 CST 2007
Have a look at http://www.clarkconnect.com/ it used to be red hat/ fc based
the only problem is you have to buy it in order to get support for more than
a year. If you do roll your own have a look at the debian firewall project
http://www.cyberdogtech.com/firewalls/ I did manage to get it installed but
that's all the farther I got with it.
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf
Of Tom Pohl
Sent: Friday, January 05, 2007 2:24 PM
To: Central Iowa Linux Users Group
Subject: [Cialug] New Firewall
I'm building up a new firewall box and I'm running into silly issues.
It's a brand new dell PE1950 with 4 NICs (2 embedded Broadcom
NetXtreme II 5708 and 2 single port Broadcom NetXtreme 5721 pci
cards) as well as a PERC 5/i raid controller with 2 160GB SATA drives.
I know this is overkill for a firewall, but hey, it's a cute little
box and the 160gb drives were $30 more than the smaller (cheapest)
I wanted to try out an all-in-one firewall distributions (firewall,
QoS, VPN, proxy cache, etc) for some time, so I downloaded 3 of them
(IPCop, Smoothwall Express 2.0, and pfSense). While any of these
*should* solve my needs, none of them seem to actually work. Both
IPCop and Smoothwall are linux based (kernel 2.4 era), and pfSense is
an offshoot of m0n0wall and is FreeBSD based.
With the new hardware, of course I have issues. Neither IPCop or
Smoothwall work for me because they don't recognize the PERC 5/i raid
controller and pfSense recognizes everything but after a small while,
I get kernel errors regarding my onboard ethernet "bce0: Error
mapping mbuf into TX chain" which a quick google search shows many
people with similar issues.
It appears that these distributions really aren't geared towards
newer hardware :) I think I'm just going to be forced to roll my own
firewall, but before I do, I wanted to ask y'all. Does anyone know
of a set of tools that will give me what I'm looking for that will
install on top of a standard distribution instead of a stand alone
distribution with a purdy web interface?
I'm totally cool with rolling it all by hand, but just would rather
not if I don't have to!
Cialug mailing list
Cialug at cialug.org
More information about the Cialug