[TCLUG] Floppy based firewall

Wed Jan 2 02:10:41 CST 2002

I've been planning to set up a firewall, and was about to try using
Smoothwall.  Thanks for pointing out those weak points out before I found
them the hard way.  Smoothwall is a nice looking product, but I think I'd
at least like complete port coverage.  There are win-do'hs machines on the
other side, and I'd really like to avoid that kind of thing.  Can we say,
"trojan bait"?

I've regretably been out of the Linux fold for a while, so all of my Linux
kung-fu has become rather rusty.  My old firewall/IP-masq box, while
theoretically still operational, is out of date and (at the moment) I can't
remember how the heck it was set up in the first place.  I've been avidly
reading this thread (and archived threads), but I haven't been able to come
to any definite conclusions.  Can anyone make any glowing recommendations
about the security, ease, magical properties, efficiency, and/or mojo of
any particular option?  Smoothwall was at the top of my list, but now I'm
not so sure.  Also on the list are FreeSCO and Coyote, but again, I'm at a
loss to choose one.  Can anyone help guide my re-education?

Thanks,
  --Lawrence Crisp
    cris0027 at tc.umn.edu

> From: "James Spinti" <jspinti at dart.dartdist.com>
> Subject: Re: [TCLUG] Floppy based firewall
> Date: Mon, 31 Dec 2001 08:19:56 -0600
> The only problem with it is that it runs on kernel 2.2.x, so you don't
have
> stateful packet handling.  And, they say right up front that they simply
> pass anything through that is above port 1024, which is of course where
all
> the trojans hide :(
> But, it is a very nice product, aside from that.  If they were to go to
> 2.4.x, I would use it immediately.
> Thanks,
> James Spinti
> ----- Original Message -----
> From: "Jim Herrick" <jim at bleedpurple.com>
> Sent: Sunday, December 30, 2001 10:21 AM
> Subject: Re: [TCLUG] Floppy based firewall
> > Very nice product.  It also includes Squid, Snort, and support for a
DMZ.
> I
> > love it!
> > Recently, they incorporated ALL fixes (1 through 6) and some additional
> > functionality into a "Special Edition" or .99 SE.
> > Jim
> > ----- Original Message -----
> > From: "shawn" <fertch at mninter.net>
> > To: <tclug-list at mn-linux.org>
> > Sent: Saturday, December 29, 2001 12:16 AM
> > Subject: Re: [TCLUG] Floppy based firewall
> >
> >
> > > http://www.smoothwall.org
> > >
> > > Not a floppy based install.  Rather a 25MB iso that is simple to
> install.
> > I
> > > spent days upon days of frustration trying to build a firewall
> machine....
> > > Downloaded the iso, burned it to cd at work.  Came home, less than 45
> > minutes
> > > later I was up and running.  Both nics recognized, web interface on
the
> > internal
> > > side.  DHCP/DNS capabilites.  SSH and VPN too.  I'm very impressed at
> > this.
> > >
> > > It's a free product, Linux based under the GNU license.  I'm
definately
> > sending
> > > some money into them to help support further development.
> > >
> > > One happy camper.  I have this thing running on my P-166/96MB ram
> machine.
> > > Scary thing is, it seems that internet connections are faster going
> > through this
> > > and two 10Mb hubs than it is for direct connection.  Either that, or
I'm
> > still
> > > in awe over the simplicity of this install.
> > >
> > >
> > > Shawn