[Cialug] New Firewall

Dan Hockey icepuck2k at mchsi.com
Fri Jan 5 17:46:17 CST 2007 

Have a look at http://www.clarkconnect.com/ it used to be red hat/ fc based
the only problem is you have to buy it in order to get support for more than
a year. If you do roll your own have a look at the debian firewall project
http://www.cyberdogtech.com/firewalls/ I did manage to get it installed but
that's all the farther I got with it.
-dh

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf
Of Tom Pohl
Sent: Friday, January 05, 2007 2:24 PM
To: Central Iowa Linux Users Group
Subject: [Cialug] New Firewall

I'm building up a new firewall box and I'm running into silly issues.

It's a brand new dell PE1950 with 4 NICs (2 embedded Broadcom  
NetXtreme II 5708 and 2 single port Broadcom NetXtreme 5721 pci  
cards) as well as a PERC 5/i raid controller with 2 160GB SATA drives.

I know this is overkill for a firewall, but hey, it's a cute little  
box and the 160gb drives were $30 more than the smaller (cheapest)  
option :)

I wanted to try out an all-in-one firewall distributions (firewall,  
QoS, VPN, proxy cache, etc) for some time, so I downloaded 3 of them  
(IPCop, Smoothwall Express 2.0, and pfSense).  While any of these  
*should* solve my needs, none of them seem to actually work.  Both  
IPCop and Smoothwall are linux based (kernel 2.4 era), and pfSense is  
an offshoot of m0n0wall and is FreeBSD based.

With the new hardware, of course I have issues.  Neither IPCop or  
Smoothwall work for me because they don't recognize the PERC 5/i raid  
controller and pfSense recognizes everything but after a small while,  
I get kernel errors regarding my onboard ethernet "bce0: Error  
mapping mbuf into TX chain" which a quick google search shows many  
people with similar issues.

It appears that these distributions really aren't geared towards  
newer hardware :)  I think I'm just going to be forced to roll my own  
firewall, but before I do, I wanted to ask y'all.  Does anyone know  
of a set of tools that will give me what I'm looking for that will  
install on top of a standard distribution instead of a stand alone  
distribution with a purdy web interface?

I'm totally cool with rolling it all by hand, but just would rather  
not if I don't have to!

-Tom

_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list