[ale] recommendations for a..... standalone Linux securityfirewall...

Courtney Thomas courtneycthomas at bellsouth.net
Wed Nov 5 10:21:54 EST 2008


Charles,

Thank you for your reply.

I have a couple of Schneier's books and as expected have not devoted my life to this subject so am content to rely on him and his ilk.

However, since you point out his position, why do you bother...... knowing his view on all this   :-)   which you, ostensibly, reject  ?

Cordially,

Courtney
  ----- Original Message ----- 
  From: Charles Shapiro 
  To: ale at ale.org 
  Sent: Wednesday, November 05, 2008 9:53 AM
  Subject: Re: [ale] recommendations for a..... standalone Linux securityfirewall...


  I'm a big phan of SentryCD ( http://www.sentryfirewall.com/ ) , although I think it's moribund at the moment. It's CD-based but runs boot scripts off a floppy drive so you can load custom packages or configure it for your hardware. 

  I use a couple of same-brand NICs mounted in an el-cheapo used Pentium 2 box which a buddy of mine fobbed off on me when I took some other hardware I wanted more from him. I think it has 128MB of memory, which is plenty for what I'm doing.  You can probably buy an equivalent one at some place like MicroSeconds ( http://www.microseconds.net/?page=AboutUs&set_location=GA ) for less than $100 if absolutely necessary. Tearing the HD out and running a CD-based distro will lower your power requirements and keep things quieter -- definitely an asset in a house where you're paying for heat, cooling and power.  Plus I think it makes the system more durable. I run the actual hardware 24/7 on a UPS and eventually the power-supply poops out. When that happens I spend a couple of hours transferring the NICs and reconfiguring the software and I'm back on the air. A box run in this fashion usually lasts 3-4 years for me.

  My wireless network is set up with coova ( http://coova.org) on a WRT54GL connected behind my firewall. I'm still workin' out some details on this, but it's functional and (reasonably) secure I think. I'm running an open hotspot with a terms of service page, but coova also has a variety of other authentication options which might be useful depending on your circumstances. Much khouler than Linksys's shipped software, yet easier to configure than raw OpenWRT can be. And I'm with Bruce Schneier  ( ( http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110 ) on offering a cup of internet  to my neighbors.

  -- CHS



  On Wed, Nov 5, 2008 at 9:19 AM, Jim Lynch <ale_nospam at fayettedigital.com> wrote:

    Geoffrey wrote:
    > Courtney Thomas wrote:
    >
    >> Greetings !
    >>
    >> I want to use a standalone Linux box, possibly running from a CD and through
    >> which all must pass, at least from the internet, that will be a firewall for
    >> my home LAN. But if running from a CD gains nothing, forget it. I have
    >> several older idle boxes if they'd suffice. I can also go wired or wireless,
    >> and am receptive to any setup.
    >>
    >> What recommendation(s) do you have for such a box, please ?
    >>
    >
    > Smoothwall
    >
    >

    Just curious, do you have to have a system with two NICs to run a
    firewall? From a security standpoint, it make sense but is it a requirement?

    Thanks,
    Jim.

    _______________________________________________
    Ale mailing list
    Ale at ale.org
    http://mail.ale.org/mailman/listinfo/ale





------------------------------------------------------------------------------


  _______________________________________________
  Ale mailing list
  Ale at ale.org
  http://mail.ale.org/mailman/listinfo/ale
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081105/f6cf37c4/attachment-0001.html 


More information about the Ale mailing list