hardware firewall distro for p3 933 mhz old pc

hello all

i have old pentium 933 mhz 256 ram with 2 nics.......i want to turn it to hardware gui firewall distro which is easy to setup not very complicated i have netgear router.....i know little about linux and cross cables i prefer easy to configure router/utm.
will endien work on my hardware configration or i should try PFSENSE is it easy to configure i have only 2 pcs at home so need no orange connection only red and green interface.......and some easy gui firewall to configure.


thanks

 

Have you tried Smoothwall or Devil Linux?

 

Endian will run on that....although it seems happier with a little more RAM. Depends how many PCs you have behind it. Great UTM distro.

PFSense isn't an UTM distro, but it's very fast, top notch traffic shaping/QoS features, good VPN features. I use it at home on an old P3 Thinkpad laptop with 256 megs...rock solid...have a full time IPSec tunnel to the office through it.

IPCop with Copfilter is another disto..and the "Copfilter" add-on ads UTM features. Endian is actually based on this...IMO Endian is "smoother", a more polished package. IPCop by itself is not UTM, but it's an old popular disto with a lot of add-ons.

I've tried Smoothwall and m0n0wall, but my focus is more on UTM distros...I just run PFSense at home for its traffic shaping, so the kids p2p/torrent stuff doesn't impact me.

For top notch UTM distros, if you have the horsepower (above rig isn't enough) look at Untangle.

 

I've often wondered if "recycling" an old computer for use as a firewall is a smart thing to do.

 

It's up to you, and what your needs are.

The *nix router distros out there can kick the snot out of any "off the shelf" router you could purchase for under $5,000.00 US. Not to mention any home grade router. Performance wise, latency wise, VPN feature wise, UTM feature wise, QoS/Traffic shaping feature wise, etc.

They are very easy to build, you really do not need to know *nix at all. Download the ISO, burn to CD, take a computer with 2x NICs..boot from the CD...follow the hand holding easy install wizard, configure and manage it via your web browser just like any other home grade router.

Some hardware isn't always supported...so the more "standard" your hardware is, the better chance of it being supported, and working, and giving you dependable stable service. Since I consult for small business networks...my resources are business grade computers...better quality components, I really don't deal with stuff like those 19 dollar budget motherboards 'n stuff.

Possible drawbacks of using older computer hardware...
*Reliability? Yes...older hardware may be more prone to failing. The more common component is the hard drive. Try to use a drive that has the most life left in it, or...small drives are pretty cheap, get a new one. Or better yet..many distros can run on CFCards, even SSD.

*Heat, noise, higher electricity bill? Try..it's another PC. But, seek using an ultra small form factor box, or better yet...what I run my PFSense on..is an old Thinkpad laptop. It's small, low noise, low heat output, takes up little space, low power consumption, plus it has a built in battery backup.

 

I did mine on a cheap Shuttle K45 box and it worked out well but I like your laptop idea. Not only does it have a built in battery backup but it has a built in monitor also.

 

If you don't need all the features of something like Untangle, an old PC works very well. My experience is limited to Smoothwall, so I can't comment on the abilities/limitations of others. I'm running Smoothwall 2 on a P5-133MHZ with 32MB RAM and 3 network cards. On 864/160 DSL service, there's no slowdown. I can't say if Smoothwall 3 will run as well on the same hardware.

Depending on how worn the hardware you're using is to start with, reliability might be a problem. That said, most of the wear on hardware happens during startup and shutdown. A hardware firewall runs 24/7 so its components are not subjected to that shock. Mine has lasted 2 years so far. That same hardware would take a lot more wear if it was being used as a Windows PC, with its need for regular reboots. Even if the hardware does fail completely, you can recover the network cards, The only thing you lose is some time. Even that time isn't a total waste. My first time was quite a learning experience.

Regarding energy usage, it probably does use more electric than a standard router. If you're running something like Smoothwall, you don't need a monitor so the power demands are less than a complete PC. With the right PCI cards, the converted PC can replace more than a router. At least one vendor makes a PCI ADSL card that's compatible with Smoothwall. Using it will enable the converted PC to also replace the DSL modem.

The heat given off by the can be an issue in warm climates. In colder climates, it's an alternate source of heat, and all the heat it produces is heat your furnace doesn't have to. Around here, that's more than half the year. After the initial setup, it doesn't require a mouse, keyboard, or monitor, which makes it easier to move it to a spot where any noise won't be a problem.

 

Yup..the small footprint is nice. Can admin it from console right there.

You can pickup older laptops for dirt cheap, tons of old Thinkpads on eBay. For about the same price as purchasing a new router at the store.

 

What do you think is the minimum laptop hardware requirements I'd need for home use with all of the modules installed (spam filter, antivirus, etc.)? What brand/model would you recommend and where is a good place to buy a used one? TIA

 

Which distro are you thinking about?
What speed internet pipe?
How many PCs behind it?
What kind of typical traffic/usage?

 

The newest Untangle
7mb DSL
2-3 pc's but only 2 on at any one time
Not much traffic, web browsing, email, and occasional gaming (BF2), no torrents.
Thanks

 

The minimum specs on UTs site is 1.0GHz and 512 megs of RAM.
I've installed on a P3 866 with 512 when I initially tested it, the GUI management wasn't a ball of fire...that was back with 5.1 or so and the sluggish JAVA GUI.

Some people have issues installing on 512 meg machines that have shared onboard video. It comes to life quite a bit more with 1 gig of RAM. I have a couple of clients with larger networks (in the 40 and 60 node range) running on midrange P4s with 1 gig of RAM...one of them on a 20 meg pipe, UT purrs along nicely, no slowdowns on traffic, online speedtests show the full 20 megs.

I had scrounged up a Pentium M 1.6 laptop which I intended to get UT on...but that rig died a slow death. I bet it would have run nicely on it.

If finding a rig with a decent processor for UT is difficult, I do also recommend Endian...it's a nice solid distro.

When I ran UT at home a while ago in learning it, BF2s online server scan had some issues pulling up lists of servers. I found that when I disabled the attack blocker, BF2s server scans behaved fine...so the attack blocker module of UT had an issue with it. I don't know if that's been tamed down since then in newer versions. Someone on UTs forums had a post about it also, and another member there posted what to enter in the attack blocker to cure it (make some exclusions for BF2 traffic if I recall). ... Or maybe it was the Spyware block module? //very tired at the moment...on medications (percocet 7.5) for by back...so a bit foggy.

 

Thanks, I appreciate it.

 

THANKS To All

For your replay


YeOldeStonecat i am new to this stuff i got 2 pc behind a router no need vpn tunnling just some good firewall features in router + if there is any free antivirus like clamav will be greatly appreciated as harddisk i have almost new hardisk 40gb hardly fast formated 5 times only during all its life cycle.

i tried some home routers against Nmap and nessus and they are not good so i wanna try with smoothwall or pfsence or endian i guss i just want to built 1st machine just for a try with my old configuration

p3 933mhz
256 mb ram
40 gb hardisk

used for 2 pc behind it for some basic surfing, chating and watching youtube...etc

i like it or get used to it then i go for utm pcs just want to take 1st step with my old configuration..


one more question to YeOldeStonecat (The *nix router distros out there can kick the snot out of any "off the shelf" router you could purchase for under $5,000.00 US.) where smoothwall or pfsence stand as a home basic router how will you rate it.

http://www.linux.com/feature/154568

 

You just have to look at the distros that interest you....look at the features of each...and see which ones have the features that you desire, and which ones will run on the hardware that you have.

Untangle will not run on the hardware you have.

You mention that you want antivirus scanning...so unless they've added the feature recently...that rules out the basic distros of Smoothie and m0n0wall. PFSense too.

That leaves you with Endian....and IPCop with the Copfilter add-on. Comixwall, ebox, and Astaro...to name a few others.

I stand by my recommendation to try Endian on your setup.

 

i installed smoothwall 3 but unable to connect green interface via cross cable

green ip 192.168.0.1

255.255.255.0

red ip 192.168.7.11

255.255.255.0

before starting to connet it my via router or modem bridge mode i tried to connect green ip with 192.168.0.1:441 or smoothwall:441 or smoothwall:81 192.168.0.1:81 but i was unable to get into gui mode.

i remove all my firewall of system and tried again its pinging but not connecting i set my lancard of laptop 192.168.0.2 mask 255 255 255 0

and also put a gateway 192.168.0.1 255 255 255 0

and does ping to smoothwall on 192.168.0.1

its pinging and i try reverse by pinging from smoothwall shell to my laptop at 192.168.0.2 its also working

then i did some thing weird i change ifconf eth0 to 192.168.1.1 255.255.255.0

and after reboot its change back to 192.168.0.1 255.255.255.0

now its not even pinging ......please help as i am quite confuse

2ndly
do i need to put a gateway to 192.168.0.1

please help me to connect green interface ist then for gui i guss i can set my router/modem in bridge more or via static ip....


re-edit: i remove smoothwall and reinstall endian this time green interface is configured + from shell mode i tried to login in from root and password: endian its worked but still unable to ping and connect i got cross cable......no pinging

ip of endian firewall 192.168.0.15 mask: 255.255.255.0
ip of laptop lan card 192.168.0.2 mask : 255.255.255.0


i have both interfaces of same subnet please correct me wondering what i am doing wrong it still not pinging

lan card is working as i done loopback pinging

 

The one thing I remember with Endian....it's rather generic in naming your NIC interfaces....(last version I used you don't see name brand or chipset, but rather eth0 and eth1).

As Endian boots up, the NICs activate if they're plugged in. If not plugged in, they may appear dead.

I "think" DHCP is disabled by default during the install...so you need to remember the LAN IP address you have Endian...configure a PC with a static IP like you did...log into the web admin, enable DHCP.

Default firewall rule might not allow reply to pings. Are you able to log into the web admin? Your username and password are set by you during the install process.

 

thanks for your replay YeOldeStonecat yes its works great....i also tried


smoothwall but like endian more like you said realy thanks very much endian is much easy to configure and run ...

1. you can block ip my giving site name which is not possible in smoothwall in which you have to all ip mannualy
2. i found icmp setting in endian very good you can set it to ping your local network and block the external one.. while in smoothwall you have to block all icmp ping ...

3. calmav antivirus scan http and pop3....etc while in smoothwall its only scan pop3

please confirm


great software

but my RAM goes up to 80-82% by default if i enable antivirus in porxy mode.....and without proxyserver its stick 50-55 %

is it okies if i go with that i mean 80-82 % ram usage

my swap ram is 0% i wonder why will it act after my original ram get fully filled

2ndly i was unable to stop time server, and few servers run by default....


thanks a lot for sugesting me such a gr8 software.....
.

 

Endian does antivirus scanning of http traffic, yes. I don't recall seeing that in Smoothie.

I remember Endian having a sweet spot in the mid 300's for RAM use. For a small home network. It'll scale to whatever RAM you have, but if 256 is all you can do, I wouldn't worry about it. The way I look at it...I have the RAM there to use, any unused is wasted RAM. You may find that downloading huge files may take a hair longer..as they're scanned in small chunks through the minimal RAM. But normal web traffic..if you find it acceptably snappy...sit back and enjoy.