Endian firewall

Discussion in 'other firewalls' started by Gez, Jul 26, 2006.

Thread Status:
Not open for further replies.
  1. Gez

    Gez Registered Member

    Joined:
    Jan 15, 2006
    Posts:
    65
    Location:
    Ireland
    Hi - been trying this over the past couple of days, with thanks to YeOldeStonecat for tip. Very happy with the extra features, such as antivirus, spam and content filtering. One thing concerns me though, and that is that the firewall does not completely pass the ShieldsUp test at www.grc.com. All service ports are stealthed except number 1, a TCP multiplexing port, which is closed. In addition, the firewall replies to pings from the outside.
    Perhaps somebody could enlighten me about these and whether I should be worried. I should add that I am also using a software firewall.
    Thank you
    Gez
     
  2. Gez

    Gez Registered Member

    Joined:
    Jan 15, 2006
    Posts:
    65
    Location:
    Ireland
    For those people not familiar with Endian, or hardware firewalls in general, here is a brief introduction. A number of solutions exist, including Smoothwall Express, IpCop, m0n0wall and latterly Endian, which allow you to transform an old PC into a hardware firewall at the outer edge of your network. Generally you need two network cards in the box -- one RED, which connects to the outside, and one GREEN, which connects to your LAN. With all but the Endian you don't need a big hard disk or a lot of memory. A 4 gig hard disk and 128 of RAM is plenty. m0n0wall doesn't use any more than 64 megs of RAM, as far as I know. Endian is a bit more demanding, however, because besides acting as a firewall it is filtering viruses, spam, and inappropriate web content. I've found it needs at least 256 of RAM, and a fast hard disk with plenty of space for all the logging, if you so require it.
    For those who are really unfamiliar with this kind of stuff, all you do is download the community-build ISO and burn it to CD. Boot your old Dell PIII or whatever it is from this CD and it will set the firewall up for you. There's no need for a monitor, keyboard or mouse once it's set up.
    One of the advantages of a hardware firewall such as this is that it takes the pressure off your main system. Viruses and other malware can be filtered out before they ever reach your network. Highly recommended. If anyone needs more advice on how to set these things up just let me know.
    Regards,
    Gez.
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    The port you mention is port 113...the ident port, it's set to that by default..however you can go into the firewall rules and disable that (remove checkmark) if you wish. It's not an issue to have in that status...some software wants it.

    It seems "most" of the linux router distro's allow replies to ping requests. Endian is built on top of IPCop..and IPCop is that way also.

    There are quite a few heated debates over in various linux firewall forums..about wether responding to ping requests or not is really a security factor. IMO..responding isn't. You're behind a firewall with IDS and NAT and all that stuff...let it do what it does..so what if it answers to "Hello..are you there?"

    I'm not worried to have my firewall answer back..."Yeah..I'm here..what are ya gonna do about it?"

    Horsepower of your PCs to install it on...with the cool transparent proxy services..yeah you'll want some horsepower. Same thing with IPCop with the Copfilter add-on..which I tried. I had it on a P3 833 with 256 megs..and enabling that..you could feel it a hair. Ran much smoother when I moved that same hard drive to a P4 2.4 with 512 megs.

    P3's with 20 gig hard drives are "old" PC parts these days. :D

    But those "UTM" features are the whole reason I'm getting into these..without the http/pop3/smtp/ftp antivirus/anti-spam/anti-malware/anti-phishing features (all that transparent proxy stuff)...I'd not be interested in them...the plain vanilla stock IPCop or Smoothwall or m0n0wall boxes now have no benefits..to me..over a mid-range small business class router like a Linksys RV0 series.

    The one thing the Copfilter add-on for IPCop had..that Endian doesn't...is ad-blocking feature...I do miss that. I "might" put my IPCop w/Copfilter hard drive back in.
     
Loading...
Thread Status:
Not open for further replies.