Firewall Questions

Ted Kaczmarek tedkaz at optonline.net
Tue Apr 12 22:25:09 UTC 2005


On Tue, 2005-04-12 at 15:50 -0600, kevin.kempter at dataintellect.com
wrote:
> Hi All;
> 
> For several years now I've been using the Astaro Firewall solution for my home 
> network (http://www.astaro.com/). It requires it's own box with 2 nic cards 
> and serves up IP's for the network behind the firewall. It's been a great 
> solution however I wonder if there is an open source equivalent available. I 
> never use the Fedora firewall because I'm almost always behind the main 
> firewall on my home network or behind some corporate firewall.
> 
> I would like to find a tool capable of the following:
> 1. the ability to act as a domain firewall (maybe domain is not the correct 
> term?) with the ability to serve up IP's for the users behind the firewall 
> and provide access both to the internet and to each other within the network
> 
> 2. The ability to provide some sort of surf content filtering to keep my 
> teenagers from being exposed to crap via the web
> 
> 3. th ability to setup M$ style vpn access
> 
> 4. something that's easy to administer
> 
> 5. we generally are a Linux - only network save a few dual boot boxes for the 
> sole purpose of playing multi-player games. It would be nice if I could 
> prohibit any of the M$ installs from ever visiting the web but at the same 
> time allow within-network access to each other so multi-player games would 
> still work without acquiring an M$ based virus for every 10 minutes of game 
> time.
> 
> Thanks in advance for any suggestions...
Astaro is a Linux based solution that packages all these items nice and
neat for you. If you don't mind doing the setup and config you can
accomplish all of this.

iptables (fwbuilder is a decent object based gui, firestarter may be a
little simpler)

squid with a redirector, squidguard or dan's guardian will do content
filtering.

Openswan will support win32 vpn clients, probably the trickiest piece,
their are also ssl based solutions which will work fine when their are
minimal sessions, meaning you don't have a slew of simultaneous tcp
traffic.

I don't think this will be anywhere as friendly as the astaro from what
I have seen, but depending on your skill set and willingness to learn
one can easily provide all you require. You may be able to use webmin
and what it supports for a common interface.

Ted




More information about the fedora-list mailing list