Turning an old laptop into a firewall

Discussion in 'all things UNIX' started by Hungry Man, Apr 2, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man
    Offline

    Hungry Man Registered Member

    I have an old laptop:
    1.66ghz dual core
    1GBB DDR2 RAM
    110GB HDD 5.4kRPM

    It sits around collecting dust and I thought I could potentially turn it into some type of hardware firewall running OpenBSD or some such thing.

    I have multiple computer sont he network.

    Right now it goes:

    ISP -> Router -> All Computers

    What I'd like is:

    ISP -> Router -> My Computer

    +

    ISP -> Router -> Other computers


    Any ideas/ suggestions? I figure that it's old hardware but for somethign like a hardware firewall it's probably overpowered.
  2. x942
    Offline

    x942 Registered Member

    I have done this a few times now. What works for me:

    ISP -> Router -> Wireless router -> computers

    Why? Because of two reasons:
    1) The good router distros don't support WiFi AP's.

    2) Using an off the shelf WiFi card is not that great for an AP. The best one I have used is an Alpha WiFi card with 9Dbi Antenna . I used it on my router.

    ===============================

    Okay. With that out of the way. What you need to look into is what distro you want to use:

    Untangle - This is what I use. Great options for security and good app selection.

    PfSense - Another Great one. Used it before. Found it a littler more limited than Untangle. Based on OpenBSD.

    OpenBSD (As you mentioned) - Essential OpenBSD you just set it up as a router.

    DD-WRT - Can run on x86 based systems. Good option, works well and supports WiFi cards for wireless AP's.

    Open-WRT - same as dd-wrt.

    There are more but these are the ones that worked for me. Again only the last three support wireless AP.

    ============
    Setup #1 (With wireless router - you will need two (2) ethernet ports)
    ============
    Setup the distro you chose as per your preferences. After it's setup and hooked up to the modem via Ethernet hook up your normal "plastic" router. Access the router's config via it's ip address (i.e. 192.168.0.1) and log in (default is normally admin - admin or admin - no pass). Find the settings for ip address and DHCP, Disable the DHCP server (so it doesn't conflict your new routers server) and have this router receive an IP from your new "router" box. Also disable NAT (it's provided by the new router box instead).

    Setup the WiFi access point as you wish.
    -----------------------------------------
    What does this do? Gives you the benefits of having a hardware firewall and NAT as well as giving you an easy way to have WiFi.
    Cons: Need two (2) ethernet ports. Ethernet to USB does work.

    =================
    Setup #2 (One (1) Router)
    =================
    Chose a distro that supports WiFi APs, or patch one that doesn't (Untangle can be patched) and find a WiFi card that can support master mode and has drivers for linux. The One I mentioned above does support master mode and has drivers. The chipset is a Ralink. Alpha is a good company too.

    Other good ones are: Atheros, Intel (hit or miss), and Ralink. Stay away from broadcomm they have just started releasing drives OpenSource so support can be non-existent.
    ----------
    You can use the distros settings to setup a "guest" AP or Isolate clients.
  3. Hungry Man
    Offline

    Hungry Man Registered Member

    Awesome. Thank you.

    I'm going to go for an OpenBSD hardware Firewall right on the edge of my network actually. It shouldn't impact performance and OpenBSD is very secure so I'll be that much more confident.
  4. x942
    Offline

    x942 Registered Member

    I agree. If I had more time i'd setup OpenBSD too. I only untangle since it's click-click-done and has a nice web GUI.
  5. Hungry Man
    Offline

    Hungry Man Registered Member

    Well I could do DD-WRT or OpenWRT but there's no real point in that. My router already has DD-WRT.

    I'm looking for perimeter security and if they can blow through two layers with one exploit it serves me no good. Throwing OpenBSD out at the front line is going to deter exploitation.
  6. x942
    Offline

    x942 Registered Member

    So true. PfSense if built on OpenBSD but If you have time, which I assume you do :p, than doing it your self is much better. If not just for the knowledge gained from doing it.
  7. mack_guy911
    Offline

    mack_guy911 Registered Member

    read my threads lot of info there

    http://www.wilderssecurity.com/showthread.php?t=315343


    i have ISP modem in bridge mode -> astaro gateway (dialer i created in astaro) -> router for wireless

    my hardware spec is dual core 1.66 + 4gb ram 80 gb hardisk

    astaro has one advantage over others is it have free avira antivirus + clam av free

    free for full suite home use only

    limit up to 50 ip's and 32000 concurrent connections at a time

    no clustring or hotspot they also not needed for home i guess :p

    more advantages are in 9 they adding sophos antivirus as well as second antivirus instead of clamav

    its base on novel suse enterprise linux

    best part its have everything installed in one package not like untangle and so much tweak options its up to user how deep he/she wants to dig in.

    many advance like amazon cloud base services virtual servers.........etc

    you can block files by ext default it block exe so you can add sites you download .exe's from this way 80-90% virus sites stop by default before even triggering antivirus. site on reputation bases google safe search..... block on applications base p2p .........etc

    forums are very friendly and nice :))

    untangle is also 2nd option if you looking for complete suite.

    endian/ipfire also worth checking please check and see which suite you best

    for BSD pfsense it awesome firewall.
  8. mack_guy911
    Offline

    mack_guy911 Registered Member

    http://www.youtube.com/watch?v=XoYXHGqTK1A

    some very old reviews ...etc

    http://www.pcmag.com/article2/0,2817,2366773,00.asp

    i tested my self astaro few years back againt malware test it block all links i tested becoz of the pcmag editor argued in his test that one should open .exe and dont block it

    where i say you download thing form let say about 2-30 sites at most you should add them to exclusion list of file .exe extention where as antivirus still check them :D

    i used to download form download.com, filehippo.com, softpedia, microsoft drivers and antivirus(KIS) site which i use rest all it blocked .exe by default and it work perfect if you want paranoid mode security :thumb: or keep it simple


    http://www.scmagazine.com/astaro-security-gateway/review/3615/

    http://www.astaro.com/resources/astaro-success-stories/logansport-savings-bank
  9. mack_guy911
    Offline

    mack_guy911 Registered Member

  10. mack_guy911
    Offline

    mack_guy911 Registered Member

  11. jitte
    Offline

    jitte Registered Member

    pfSense runs the FreeBSD OS and the OpenBSD pf firewall.

    I just set it up on an old Dell with a 2.66GHz P4, 1.2GB RAM, and a 13.6GB HD and really like it. I'm running it through my router, with 3 FreeBSD boxes behind it and haven't seen it use over 8% memory or 4% CPU yet. I've got it's monitor sitting in the corner with pftop running, which is kind of like netstat, so I can keep an eye on connections.

    It's a breeze to install and configure, sets up the subnet addresses for you, and comes with packages like Snort and pfblock (where you can block whole countries by default) you can choose to enable if you like. Rules are configured through a web GUI that has a lot of other nice features as well.

    I highly recommend giving it a try if you've got an old computer sitting around collecting dust. The download is right around 100MB and can run off a Live CD and I believe off a USB stick too.
    Last edited: May 4, 2012
Thread Status:
Not open for further replies.