Starting to explore various linux based routers with UTM features

Discussion in 'other firewalls' started by YeOldeStonecat, Jul 14, 2006.

Thread Status:
Not open for further replies.
  1. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Dunno if anyone's played with these much..but for the past several months I've begun to experiment with them. Many here have probably heard of these before..you take an old PC, stick in 2x NICs...and install one of the many different linux based firewalls..such as Smoothwall, m0n0wall, ClarkConnect, pfsense, IPCop, Endian, etc.

    The reason I'm bringing it up here..is because some of them are really getting into UTM (unified threat management)...features we're seeing appear on enterprise grade hardware that costs 3-5-10 thousand dollars and more.

    Besides the usual NAT...you have deep SPI, SNORT intrusion detection, application level transparent proxies for http/pop3/ftp/smtp...so they're scanned for viruses, spam, phishing, malware..at the gateway.

    You can also turn on adblocking for browsers, and robust content filtering. This can help with the ad/spyware.

    By default most of them run their AV with ClamAV..which updates itself..checking each hour. You can also get other plugins for other AV products if you favor them, such as F-Prot.

    I started with IPCop...on an older small form factor Compaq Deskpro EN..with a P3 833 with 256 megs.
    http://ipcop.org/
    Pretty much a bare bones product, built on top of Smoothwall....easy install and config..basic features like most consumer grade NAT routers..plus VPN stuff.

    I then came across the plugin for IPCop..called "Copfilter.
    http://www.copfilter.org/
    Here's where you can crank up the protection levels..adding all those transparent proxy features. And the computer I had started to feel the pinch of working harder. I also had a small form factor Compaq EVO d510 series small form factor..with a P4 2.4 and 512 megs. Same onboard Intel NIC, I took the hard drive out of the P3 box, along with the 3COM 905 I was using as a secondary NIC..put them in the d510...booted up just fine..ran much smoother.

    Then I came across "Endian". It seemed like a much more matured, groomed version of IPCop with the Copfilter add-on. It's built on top of IPCop actually...just..a more modern web admin, looks like a much more polished product. It's probably going to be a keeper for me.
    http://www.endian.it/

    Anyways..just wanted to post these here..as in my opinion...they're great products..since they're bringing along some enterprise level UTM features. They bring added protection to your computer(s)/networks...since they do scanning at the application level as a transparent proxy...basically you're having added protection being done at your gateway...no performance hit to your rigs since you're not installing additional software on your PCs.

    They're free! Just take an unused computer...a barebones unit. You'll end up with a router appliance that will usually run circles around any home grade NAT router you bought at the store.
     
  2. craigbass76

    craigbass76 Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    72
    Location:
    Maine, USA
    If you can get it to run off a floppy or cd it'd be even better--no hard drive failure to worry about. Monowall comes to mind.

    But then there'd be no GUI, if it matters.
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Or you could even build your own box from an openbsd installation and be uber secure :D

    Alphalutra1
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    They can run off of CDif you wish...you can even install to flash cards if you wish instead of a hard drive.

    I'm running off a business grade Seagate 'Cuda drive on liquid bearings..very quiet and cool drive. Long life expectancy. Regardless..even if I was stuck with some Maxtor or Quantum drive that would fry itself every few months..takes a few minutes to format/install, and another couple of minutes to configure..back in business.
     
  5. craigbass76

    craigbass76 Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    72
    Location:
    Maine, USA
    Well, the other nice thing about floppies or cds is that they're physically write protected. If for some reason you're hacked, reboot. No harm done. Fix the problem, make another disc, and reboot to that one.

    Note:
    I have not done this yet; I only know it's quite possible.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.