Live-CD Firewall Solutions? 49
paRcat asks: "My company isn't huge, and up until now has done well enough hosting all of our websites/email/etc. We've done all of this over one T1, but recently added another circuit for that rare instance of a fibercut. So since then I have been researching different options for configuring the existing Linux firewall (debian+iptables) to allow using the second circuit for load-balancing and failover. The issues I'm running into mostly have to do with recompiling the kernel using certain patches and creating semi-elaborate routes. Faced with these options, I'm wondering if there are any open source firewall projects out there that will behave happily with the above scenario. Do any free projects actually give this level of connectivity without being overly difficult in the configuration? I've gone the compile-your-own kernel route in the past, but now I'd just like to drop in a premade solution. A configurable live-CD would be perfect."
IP Cop (Score:2, Interesting)
Re:IP Cop (Score:1)
Re:IP Cop (Score:1)
Re:IP Cop (Score:1)
I suggest that you implement load balancing and failover in your router.
Firewall LiveCDs (Score:4, Informative)
Re:Firewall LiveCDs (Score:1)
Re:Firewall LiveCDs (Score:1)
bonding (Score:3, Informative)
atleast if the operator on both of the links is same
you'll end up with one ip and both links in use, or you can configure the other to be failover
see
M0n0wall (Score:4, Interesting)
Re:M0n0wall - you're crazy if you DON'T try it !! (Score:2, Interesting)
I'm going to clock in here with my experience to date with m0n0wall which has been fantastic ( no I don't own shares in anything to do with m0n0wall *grin* - wish I did !! ).
I have to say that from my experience to date with it, m0n0wall is without a doubt one of, if not THE, leading firewall platforms currently available in the open source world, and it's fair to say that I've had a thing or two to do with firewalls and security in general over the past 20+ odd years.
with years and years of hands on des
Re:M0n0wall - you're crazy if you DON'T try it !! (Score:2)
It sucks that you haven't gotten a mod point yet for this, but I hope it will come your way. Meanwhile, I'll lend this reply with my Karma Bonus to try to draw attention to it. Good luck with that business venture of the firewall servers.
Re:M0n0wall - you're crazy if you DON'T try it !! (Score:2)
I've been using IPCop [ipcop.org] w/ Cop+ [sourceforge.net] for content filtering. I don't suppose m0n0wall would have an add-on to do the same?
Re:M0n0wall (Score:2, Informative)
fiber cut (Score:2)
OpenBSD's CARP (Score:4, Informative)
Re:OpenBSD's CARP (Score:1)
also pf syntax is a lot easier to understand than iptables
Re:OpenBSD's CARP (Score:2)
Re:OpenBSD's CARP (Score:2)
Re: (Score:1)
m0n0wall (Score:1)
Re:shame? (Score:1)
I think he was probably referring to the shame caused by the inevitable accusations of necrophilia that afflict anyone who dabbles in "BSD".
Or maybe the total loss of a sense of humour.
Summary of distros (Score:1)
http://www.distrowatch.com/ [distrowatch.com]
Devil Linux (Score:2)
Quagga/Zebra? (Score:1)
Re:Quagga/Zebra? (Score:2)
Because even 1337 h4><0r5 with m4d 5|<1llz can't write to it.
Astaro (Score:2)
Netboz, Smoothwall, and IPCOP (Score:1)
Netboz is a solution... it runs off a CD and has many of the popular options.
instead of running it off of the CD, I suggest that you use one of the pre-configured firewall options that installs off of your hard drive. These are just as easy to configure, but host a lot more options and mods.
Smoothwall Express - http://www.smoothwall.org/ [smoothwall.org]
or even better yet, IPCOP at http://www.ipcop.org/ [ipcop.org]
Wolverine (Score:2)
is FreeBSD an option? (Score:3, Interesting)
I started there with FreeBSD and have trimmed my cdrom to about 64Meg cdrom, with dhcp, dns, httpd ( to monitor the firewall ) and ssh to make changes when needed ) and it works out well. I can make changes to the system as needed then the next cdupdate I include those changes in the cdrom. Its worked for about 2 years now.
PFSense (Score:3, Informative)
Right now it offers both Live CD or HD install option, and it's nearing a stable (1.0) release, try it...
http://www.pfsense.com/ [pfsense.com]
Ipcop.. (Score:1)
work great with all nice plugins..
m0n0wall has to be seen to be beleived !! (Score:2)
I'm going to clock in here with my experience to date with m0n0wall which has been fantastic ( no I don't own shares in anything to do with m0n0wall *grin* - wish I did !! ).
I have to say that from my experience to date with it, m0n0wall is without a doubt one of, if not THE, leading firewall platforms currently available in the open source world, and it's fair to say that I've had a thing or two to do with firewalls and security in general over the past 20+ odd years.
with years and years of hands on des
Re:m0n0wall has to be seen to be beleived !! (Score:2)
Re:m0n0wall has to be seen to be beleived !! (Score:1)
Yea, sorry - didn't think my first reply worked and tried to put it in the main area, need more practice!
Dez
Simple Man's Solution (Score:1)
Obviously I have my DNS records set up to use the secondary route if the primary is unavailable. It wouldn't be too hard to add a watchdo
BGP (Score:1)
I
OT: hosting your own website? (Score:2)
I fail to understand this. Why would anyone want to do hosting themselves, when there's a gigantic market with good, professional and cheap third parties?
Flexibility? How many times is the website altered? Does this weight against the uptime of a professional data center?
Re:OT: hosting your own website? (Score:1)
Often it is very hard to get a web hosting provider to compile in a custom module, or adjust a
Then there are situations like I am currently experiencing. My website runs perfectly on my development server that I maintain. Often times at the hosted site my pages will mysteriously load up blank. Wait a few seconds and reload and the page loads fine.
Support says there
http://www.jtan.com/jtanoss/cdboot/ (Score:1)
This is probably the answer you are looking for.
IPTABLES is shit, really, if you want legible firewall rules, built on a secure OS, try Ipfilter/PF on Open/Net BSD.