RE: Linux Firewall Distributions

["Melson, Paul" <PMelson () sequoianet com>]

> I am looking for a cost-effective firewall capable of handling three 
> security domains (Internal Network, the Internet, and a DMZ) 
> for a SOHO.
>
> A hardened linux box running NetFilter/IPtables with three 
> network cards 
> looks like a good fit.
> However, I would also welcome suggestions regarding 
> low-budget hardware 
> firewalls meeting these requirements.

This may be tricky, since the typical SOHO device has only 'inside' and
'outside' interfaces.  Maybe somebody knows better than I do, but the
cheapest appliance that supports a DMZ that I am aware of is a Firebox
X500.  A good price on something like that is right around USD$1000.
Drop the DMZ requirement, and now you've got lots of options in the
$200-400 range.

 
I've not used Leaf or Devil-Linux, but I am familiar with Smoothwall,
and also Astaro and Mandrake MNF.  All of them work in a similar manner,
providing a web-ui to iptables, inetd/xinetd, squid, FreeS/WAN or
OpenSWAN, some logging, and an updating utility.  Real troubleshooting
still requires SSH to a shell to interact directly with the OS.  

I wouldn't just hand it over to a home user to install and manage on
their own.  But if you can set up RedHat and iptables without manuals,
then any of these distros would be no problem.

Anyway, if it were me, and I were going to be responsible for managing
it but it wasn't going to be in the same physical location as I am, I'd
buy the Firebox.  Conversely, if I had to pay for it, I'd put Smoothwall
on an old x86 box. :-)

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards