[Cialug] New Firewall

Tom Pohl tom at tcpconsulting.com
Fri Jan 5 21:03:19 CST 2007 

Thanks for reminding me of clark connect!  I remember hearing about  
it when I saw a presentation on Hajjinets (http://www.hajjinet.com).   
I'll definitely give that a shot!

-Tom

On Jan 5, 2007, at 5:46 PM, Dan Hockey wrote:

> Have a look at http://www.clarkconnect.com/ it used to be red hat/  
> fc based
> the only problem is you have to buy it in order to get support for  
> more than
> a year. If you do roll your own have a look at the debian firewall  
> project
> http://www.cyberdogtech.com/firewalls/ I did manage to get it  
> installed but
> that's all the farther I got with it.
> -dh
>
> -----Original Message-----
> From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org]  
> On Behalf
> Of Tom Pohl
> Sent: Friday, January 05, 2007 2:24 PM
> To: Central Iowa Linux Users Group
> Subject: [Cialug] New Firewall
>
> I'm building up a new firewall box and I'm running into silly issues.
>
> It's a brand new dell PE1950 with 4 NICs (2 embedded Broadcom
> NetXtreme II 5708 and 2 single port Broadcom NetXtreme 5721 pci
> cards) as well as a PERC 5/i raid controller with 2 160GB SATA drives.
>
> I know this is overkill for a firewall, but hey, it's a cute little
> box and the 160gb drives were $30 more than the smaller (cheapest)
> option :)
>
> I wanted to try out an all-in-one firewall distributions (firewall,
> QoS, VPN, proxy cache, etc) for some time, so I downloaded 3 of them
> (IPCop, Smoothwall Express 2.0, and pfSense).  While any of these
> *should* solve my needs, none of them seem to actually work.  Both
> IPCop and Smoothwall are linux based (kernel 2.4 era), and pfSense is
> an offshoot of m0n0wall and is FreeBSD based.
>
> With the new hardware, of course I have issues.  Neither IPCop or
> Smoothwall work for me because they don't recognize the PERC 5/i raid
> controller and pfSense recognizes everything but after a small while,
> I get kernel errors regarding my onboard ethernet "bce0: Error
> mapping mbuf into TX chain" which a quick google search shows many
> people with similar issues.
>
> It appears that these distributions really aren't geared towards
> newer hardware :)  I think I'm just going to be forced to roll my own
> firewall, but before I do, I wanted to ask y'all.  Does anyone know
> of a set of tools that will give me what I'm looking for that will
> install on top of a standard distribution instead of a stand alone
> distribution with a purdy web interface?
>
> I'm totally cool with rolling it all by hand, but just would rather
> not if I don't have to!
>
> -Tom
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list