Firewall for network

[beafer]

Here is what i have:
Home lan with 5-6 pcs.
smc(4br) router and smc 5 port switch
alcatel 1000 dsl modem

What i want to do:
I run 2 websites on off my server and ftp. I want to be able to protect these pc's the best way possible. I can get a pc to be dedicated just to the firewall but i dont know what os to use. I would prefer linux but always will do use windows. I use to use zone but after a day or so, it would just start blockin all incoming traffic for my sites and ftp. Some bug i guess but i would love to have a machine just dedicated to doing that if there is a solution out there. Anyone?

 

[Nothinman]

Download a Linux distro or a BSD and start reading documentation, there's no quick way to really learn the stuff. You could use a floppy firewall like Coyote, but I don't know how customizable they are.

 

[beafer]

Netbsd or Freebsd? Where could i get coyote from?

 

[Heisenberg]

Check out SmoothWall or Coyote Linux or Sharethenet if you need something to run on an older PC. If you have a decent machine look at Astaro. These are all pre-configured linux based firewalls. If you want to spend the time you can set up a firewall with any linux/*NIX OS you choose.

 

[Nothinman]

I would choose between FreeBSD or OpenBSD, Net would work but it's more of an academic project than anything else =)

Coyote Linux is at *drumroll* coyotelinux.com

There are other floppy based, Linux firewalls but I don't know their names cause I use a full fledged distro (Debian to be specific)

 

[Heisenberg]

BSD distro's are great if you want an extremely high level of security and don't mind putting in a fairly large amount of time to get up and running. The pre-built linux-based solutions are good because they're very easy to setup and manage, and still have good levels of security.

 

[beafer]

How would i be able to protect my lan if the pc is not directly connected to the dsl modem. that is what the router is doing for me. I would use that firewall pc for server work like dhcp, port forwarding, etc...

 

[Nothinman]

BSD distro's

To clarify BSDs don't have distros. They are completely seperate OSes, different kernel, different user-land (somewhat), different boot sequence, etc. The only thing they bear in common with Linux is they're both unix-like and the BSD license is compatible with the GPL.

How would i be able to protect my lan if the pc is not directly connected to the dsl modem. that is what the router is doing for me

Usually the firewall would replace the router, hook the DSL up to the firewall and let it do the protecting and routing.

 

[Heisenberg]

<< BSD distro's

To clarify BSDs don't have distros. They are completely seperate OSes, different kernel, different user-land (somewhat), different boot sequence, etc. The only thing they bear in common with Linux is they're both unix-like and the BSD license is compatible with the GPL.
>>



Sorry - bad choice of words. I've messed with linux so much lately I got used to saying that.

I'm not familiar with the SMC router being used, but don't they usually have built-in firewalling of some type?

 

[LuckyTaxi]

u cant go wrnog with freebsd

 

[skyking]

The freeBSD solution works well. We use any old 486 machine, the system will run on as little as 8 meg of ram and a 350 meg harddrive. A couple of ISA NIC's, some programming, and you are ready to go. you msy be able to sell the router and get enough money to pay for the firewall, since the firewall can perform NAT.

 

[n0cmonkey]

One of the best books out there is "building and configuring Linux and OpenBSD firewalls". Its written for OpenBSD 2.7(I think) and RedHat 6.2, but the concepts are similar. I would personally recommend OpenBSD 2.9-stable. I can set one up without a ruleset in about 2 hours. And thats a long estimate. The rule set would take me another hour at most depending on how much customization you want. Debian or Slackware would be a great choice, but I dont know them as well. With OpenBSD you have the choice of about 9 different architectures too

 

[Iron Woode]

Don't forget freesco. Also runs on minimal hardware and is quite fast and secure.