creating a DMZ -- seeking firewall advice

Ryan Erickson ryan at ericksonfamily.com
Tue Mar 8 15:56:36 MST 2005


Lars beat me to it on mentioning Monowall.

What Lars didn't say is that Monowall's configuration is entirely
web-based.

It can run easily off of a CompactFlash IDE adapter (< $20), and that's
how I have mine setup, using an old 64M CompactFlash that I don't use
for my camera anymore.

If you need a CompactFlash adapter for the project, my brother-in-law
bought a few for a project, and would likely have one or two to sell.

M0n0wall is also based on OpenBSD, which is by default a very secure OS.

Ryan



On Tue, 2005-03-08 at 15:41, Lars Rasmussen wrote:
> On Tue, 08 Mar 2005 13:25:07 -0700, Gabriel Gunderson <gabe at gundy.org> wrote:
> > Hardware is your big concern here.  Just avoid moving parts and heat as
> > much as possible.
> 
> I agree with these points about hardware.
> 
> Try Monowall.  You could install it today.
> 
> >From http://m0n0.ch/wall/features.php :
> - NAT/PAT (including 1:1)
> - DHCP client, PPPoE, PPTP
> - IPsec VPN tunnels (IKE; with support for hardware crypto cards and
> mobile clients)
> - PPTP VPN (with RADIUS server support)
> - static routes
> - DHCP server
> - caching DNS forwarder
> - DynDNS client
> - SNMP agent
> - traffic shaper
> - SVG-based traffic grapher
> - firmware upgrade through the web browser
> - configuration backup/restore
> 
> I've used commonly found hardware but Soekris boards can be used too:
> http://m0n0.ch/wall/gallery/serge_huber/web-m0n0wall.jpg




More information about the PLUG mailing list