Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Setting up a firewall: Need for advice.

1 view
Skip to first unread message

ComputerGuy

unread,
Jun 21, 2003, 4:42:37 PM6/21/03
to
Hi,

I would like to use Linux as a firewall for a small 35 computers network
(mainly Macintoshes).

Is it possible with one of the available flavors of Linux (Suse, Debian, Red
Hat, etc.) to create a firewall with the following requirements:

- Connection to 2 ADSL modems or 2 cable modems or even one of both (1 ADSL
and 1 cable modem), so the machine would have at least 3 NICs, 1 or more on
the LAN side, and 2 on the WAN side (one on each Internet connection).

- Load balancing between the 2 WAN connections is essential, for billing and
capacity/bandwidth reasons. (not just fail-over)

- Possibility to set priorities per protocol, like one would do on a CISCO
router, using IOS. (For instance, I would like FTP to have a lower priority
than HTTP and SMTP)

- SPI (Stateful Packet Inspection) and all the bells and whistles that can
be found on most standard firewalls (NAT, attack detections, etc.)

- The machine should act as a DHCP server.

- If the machine can also act as a proxy server, that would be even greater,
but this is not essential.

So, I guess that most Linux firewalls have most of the standard features,
but I am more interested in knowing if any of them can manage load balancing
and port priorities.

Thank you for any information on this.

Regards,

Xavier.


David Cook

unread,
Jun 21, 2003, 5:32:11 PM6/21/03
to
Yes, you could certainly use any of the Linux distros and hand-craft
yourself a 'router' and 'nat firewall', such as you describe. (I did that
once about 3 or 4 years ago.)

But, when I look back at what I know now, that's a LOT of work
(and ongoing maintenance to tweak it). Low-end 'router/nat-firewall'
boxes that are pre-built for exactly those purposes are for sale at
your local Circuit-City. A four-port wired (cat5) box sells for around
$40, and combo-boxes that also support wireless-ethernet-connections
start around maybe $80.

That said, for your scenario of approx 35 PCs, the boxes you would
want would cost more. But, before I built one as you describe, I'd
strongly consider shopping around, maybe even call in a small-company
who sell/install SOHO-size networks, and have them talk prices with
you, etc.

On the other hand, if you want to LEARN all the underlying technology
yourself (and time is not an object), then go for the build-it-yourself
approach. After all, most of those pre-built boxes I'm talking about
probably run a copy of some flavor of Unix inside them.

My 2-cents...

Dave

My 2-cents...

Dave


"ComputerGuy" <4gh324...@tijd.com> wrote in message
news:3r3Ja.851$h5.7...@iguano.antw.online.be...

ComputerGuy

unread,
Jun 21, 2003, 6:45:04 PM6/21/03
to
Thank you for your insight.

I have looked into several brands of SOHO firewalls, and none of them do
*exactely* what I need for this specific config.

Not that I consider myself so special(!), but it is actually hard to find a
low/medium priced router that is flexible and configurable enough.

Most of them do of course DHCP, NAT, SPI, etc., but when you come to load
balancing, flexible DHCP scopes (range and lease time), protocol priority,
etc, it is really a problem to find something ready "out of the box".

"David Cook" <David...@comcast.HIDDEN.net> wrote in message
news:OKWdnReydOl...@comcast.com...

David Childs

unread,
Jun 21, 2003, 8:17:57 PM6/21/03
to
Try Astaro


"ComputerGuy" <4gh324...@tijd.com> wrote in message

news:Sd5Ja.853$h5.7...@iguano.antw.online.be...

0 new messages