Soon I'll be able to get cable!! With those thoughs coarsing through my brain, I am again thinking about firewalls. When I had a broadband (ADSL) connection before I used linux (mandrake) as a firewall/router. It seemed pretty secure, and as a bonus was mighty quick on the internet.

I know how to setup linux to act as a firewall/router, but I am wondering if a hardware solution is better?

Any opinions, comparisons or reviews? If it turns out that linux is as effective as a hardware solution, then I will definately go with linux.

Regards,
Troy

I use Mandrake 8 on a cable modem and love it. It's so much faster than Winblows. I use Bastille Linux (which comes with Mandrake) and love it. It seems to be a great firewall. It has no problem dealing with all of the port 80 scans I get (idiots on the @Home network running unpatched Windows). If you're okay with the Bastille setup, that's what I'd use, but what do I know? :D

Later,
orangganjil

<blatant advocate mode>

do you have an extra box lying around?

you don't need to spend 200 on a seperate firewall/gateway. you can spend 0 (or maybe a few bucks on some spare parts).
www.freesco.org (http://www.freesco.org)

(there's a nice paranoia script for freesco i've got bookmarked at home that stealths any ports not in use completely, fyi).

it uses familiar linux tools for firewalling, and runs on a floppy (or a hdd if you want. both just load to a ram disk). so if yer firewall gets compromised, or otherwise boinked, all you hafta to is reboot it to fix it.

and it runs on as little as a 386 (although you hafta add a module to emulate some math co-processor stuff or something) with 16 megs of ram (i think you can do less if you have a hard drive to use for a swap file. if you REALLY wanted to anyway).

</advocate>

there's also coyotelinux.com, and maybe (?) some others.

Thanks for the replies....

I will have a spare computer (amd k6-2 400 w/196Mb of ram) to put linux on after I buy my new computer.

I was just wondering if a hardware router/firewall was superior? I had mandrake 7.2 running as a router/firewall and it worked great. I have never tried a hardware firewall and was curious if it could perform as well as the linux setup I had.

Thanks Again...

there's nothing a hardware one can do that a roll-your-own can't, except maybe in terms of plug-and-playability, or power consumption.

argueably you have more control over it if you roll your own (especially if it's difficult to upgrade the firmware on a hardware router. or if you can't.).

I agree, as long as you have an extra box laying around, use that, and save yourself the $$$. It will also be much more flexible than one of cheap routers. However, after my parents got cable and I wired their house with ethernet, I bought them an SMC Barricade which has been working very well for them.

hardware routers are far better. dont beleive what these linux zealots tell you.

several advantages of having a hardware router is that

1) a router is a specialized device. it can perform routing functions better/faster more complete and secure than any linux box.

2) a hardware router is far far far simpler to setup (some have web based control panels

3) some hardware routers are firewalls (and are the ones that have web based control panels)

4) you need 0 knowledge to get one up and running. the first time i used linux as a firewall was almost 2 years ago and i still cannot get several things to work correctly (such as DCC transfers and any outgoing UDP connections). i hardware firewall will allow this without any problems, iptables stupidity or time.

5) you can have either this big box taking up space, or a little box with a built in hub that is probably smaller than your ADSL router

i just bought a linksys etherfast cable/dsl router for $100. (office max sale)

the set up was done through my browser. it was very straight forward. i might have gone with a seperate linux box to do the same thing, but i didn't have an extra box laying around to do it with. i also don't have to worry about an extra computer to perform maintenance on.

i think it basically comes down to what you already have, and what solution fits you the best.

Originally posted by binaryDigit:
<STRONG>i just bought a linksys etherfast cable/dsl router for $100. (office max sale)</STRONG>

CompUSA has them on sale for $69 (all instant no mail-in rebates). :D

[ 08 October 2001: Message edited by: Dagda ]

1) Do you have an extra computer that you can use for a firewall
2) Will you enjoy setting up a firewall box running linux?
3) Do you have space for the linux firewall computer
4) Will your firewall require any features not found on hardware firewall/routers?

If you answered yes to questions 1, 2, 3 you are a good candidate for a linux firewall box. If you also answered yes to question 4, then the linksys style box isn't an option.

Originally posted by Sweede:
<STRONG>1) a router is a specialized device. it can perform routing functions better/faster more complete and secure than any linux box.</STRONG>

Lets see, most SOHO routers are nothing but an embeded NAT box. What's better about that? The are built to be affordable at the consumer level so performance/latency is not of the highest concern. I could understand if you were talking about profesional equipment (like Cisco routers) but that's really not what being discussed unless your advocating someone spending the jack on a PIX firewall.

Originally posted by Sweede:
<STRONG>2) a hardware router is far far far simpler to setup (some have web based control panels</STRONG>

Honestly this depends. If you go and find an existing script and modify it, for the most part you just need to know some basic networking and SysV init. You still need to know the same basic networking to set up the parameters in the web based control pannel. Ohhh and you'll have to recompile the kernel.

Originally posted by Sweede:
<STRONG>3) some hardware routers are firewalls (and are the ones that have web based control panels) </STRONG>

OK, here we go. If you want a firewall compairable to (what you can do with) IPTables your going to have to spend over $200. Many SOHO routers do not have any packet filtering capacity, the ones that do are basic packet filters. The only three that I know of that has stateful packet filtering is by sonic wall (arount $300 with a 5 user license IIRC) and the Netgear FR314 and RO318 (the FR314 comes in right at $200 from www.pricewatch.com). (http://www.pricewatch.com).)

Originally posted by Sweede:
<STRONG>4) you need 0 knowledge to get one up and running. the first time i used linux as a firewall was almost 2 years ago and i still cannot get several things to work correctly (such as DCC transfers and any outgoing UDP connections). i hardware firewall will allow this without any problems, iptables stupidity or time. </STRONG>

I wish it required zero knowlage, then I wouldn't have to reconfigure my Dad's router everytime the power goes off. I have no problems with outgoing UDP connections and havent uesed DCC transfers (though I figure the way my rules are written that I would drop incomming DCC transfers cause it would not be a related packet but outgoing transfers should work fine).

Originally posted by fenris:
<STRONG>Thanks for the replies....

I will have a spare computer (amd k6-2 400 w/196Mb of ram) to put linux on after I buy my new computer.

I was just wondering if a hardware router/firewall was superior? I had mandrake 7.2 running as a router/firewall and it worked great. I have never tried a hardware firewall and was curious if it could perform as well as the linux setup I had.

Thanks Again...</STRONG>

Check out
SmoothWall (http://www.smoothwall.org) for that box. An excellent and free firewall distro with extras like DHCP server, VPN capabilities, and USB support.

Cheers :)

I would also try looking at OpenBSD (www.openbsd.org). It is VERY easy to setup to do NAT

You could also check out MandrakeSecurity Single Network Firewall. It's a Mandrake distro for exactly what you're doing. It has web-based interface, Bastille Linux (using iptables), and can be configured as a router pretty easily. It's kind of written for newbies, in my opinion. You should check it out. http://www.mandrakesoft.com/products/snf/features

Later,
orangganjil

ah.. just wanna add a comment that I bought a 3com router just because it's quiet.... I hate the noise of the fans.... and, it's enviromentally friendly (10V of power instead of 250W running a linux box)

:D I agree with Mandrakes Single network firewall being used it is very simple and fast to install. But It does not use IPTABLES it uses IPCHAINS.