Linux Home NAT Firewalls/Routers Information
From XCSSA Mail List: V2002-05-03
http://www.xcssa.org/
>>>XCSSA-HOME > Files > firewalls
This is a compilation of member comments on various floppy and hard drive based Linux- NAT firewall products. This is the type of review you would want to look at if you were wanting to research getting a home or SOHO firewall that would connect to cable modem or ADSL, and serve a multiple of machines in your home/private LAN.
Floppy Based NAT/Firewall/Router Distros:
Broad Band Internet agent (BBI):
http://www.bbiagent.com/en/index.html:
NOTES:
[John W.] I have used bbiagent for about 6 months. Setup is painless, answer a few basic questions and download a configured image ready for a floppy. BBI is simple. I have had no trouble administrating it via the built in java client. It has yet to have any problems. Only complaint is the forwarded ports are not saved and must be re-added if it is rebooted, [however they're] working on new version for saving and restoring all the settings. Overall works great and I have many friends use it, even works on that old 386!
[Chad S.] This is a very good firewall and router. Unlike the frazierwall distro this router will stay up even if you loose your Cable Modem connection (plus). You can also add multiple types of rules for both blocking and accepting (another plus). In fact you can have it apply rules at certain times of the day. For instance I want to run and sftp connection from work to my server in my house at 4:00 to sync my personal documents at work. Well you can schedule this disto to open up access to a particular port(s) or IP(s). Now for the negative notes. The logging on this server stinks. And unlike the frazierwall distro it does not have option to email the log files nor any excessive port monitoring logging like frazierwall (minus). I also had some major DNS issues with this distro. For some reason it was not resolving DNS traffic properly. I believe it has something with the "proxy dns" it has enabled by default. However even when I disabled this I had problems. This would be my next choice for a firewall distro if they could make some better logging and document any/all default rules or possible add some (like frazierwall). If you do not care about logging then this firewall rocks!!
Cyote Linux:
http://www.coyotelinux.com/
NOTES:
[Oscar Keet] Coyote is in one word great. I've used it for 8 months now and it never has let me down. I got an old 486dx for 10 euros and it works great. It's very easy to setup through the downloadable disk creation wizard and once running it stays running for months.
I'm really satisfied with Coyote.
Send Us Your Opinion!
Linux Router Project:
http://www.linuxrouter.org/
NOTES: Send Us Your Opinion!
Frazierwall:
http://www.frazierwall.com/
NOTES:
[Tweeks] Fast east setup. Answer five questions, and writes the 1.44MB floppy image out. Your boot your firewall from floppy, it grabs a DHCP IP from the outside, serves DHCP on the inside, and gives a telnet/web internal connection for configs (can also handle console). Very quick, easy, and secure (change configs on floppy and then write protect). I think the new version's web interface is a read only (log & settings) web GUI. BTW, I've never lost internal LAN connectivity when the cable modem looses its outside access as Chad complains below. But I'm running an older version than he is. I have been running it for almost two years now.
[Chad S.] I have been using this firewall for months. The only problem I have with it is as soon as there is any problem with my cable modem my internal LAN goes down. Other than that I love the one file you have to edit to allow/deny additional ACLs to the firewall. It has very robust logging and gives you the option to email. It even has a nifty text based menu you use when you first login. As far as the web interface Tom is right it is only read only to view network settings, ipchain info and log info. All and all this firewall rocks.
Linux Embedded Appliance Firewall:
http://leaf.sourceforge.net/
NOTES: Send Us Your Opinion!
FREESCO "Free CISCO":
http://www.freesco.org/ (the domain seems to be down at this time:2002-05-03)
NOTES:
[Matt G.]Simple set up. Web management interface. Supports any combination of three interfaces (ethernet, modem, serial). Built in support for dyndns.org updates.
[Tweeks] Their main site seems to be down. However I found an alternate mirror site here and a good alternate site and FAQ here,
CD/Hard Drive Based NAT/Firewall/Router Distros:
CD-Linux:
http://cd-linux.org/
NOTES: Send Us Your Opinion!
ThinLinux:
http://www.thinlinux.org/
NOTES: Send Us Your Opinion!
NetBSD/i386 Firewall Project:
http://www.dubbele.com/
NOTES:
MandrakeSecurity Single Network Firewall:
http://www.mandrakestore.com/en/storemdkinc-snf.php?LANG=en
NOTES: Send Us Your Opinion!
SuSE Linux Firewall on CD:
http://www.suse.de/en/products/suse_business/firewall/index.html
NOTES:
[Tweeks] I have configured this in a small office with interconnected WANS. It's cool because all the binaries are on CD... and your configs on floppy. So when a new firewall version is released, they send you a new CD.. youpop it in and reboot, and all of your old floppy-secured configs are loaded by the new distro and you're back up and running! Very cool... but I found it had problems automatically setting up the back end routing for non-contiguous LAN subnets (such as a mix of 192./168's and 10. networks)--I had to do this by hand. but this was the only glitch I found. VERY nice secure web-config GUI!
SmoothWall GPL:
http://smoothwall.org/community/home/
NOTES:
[Author ?] I'm rather fond of SmoothWall Linux. I've read a lot of both negative and positive reviews in terms of security from self-declared "security experts." Negative [because it] runs Apache for web-based admin tool and some other services ssh, dhcp, and dns [which] can be turned on or off.
IMHO, it's pretty decent, you can download a tiny little ISO 9660 image, burn it to a CD, and go. And it has cool graphics.
Sentry FirewallCD:
http://www.sentryfirewall.com/
NOTES:
Send Us Your Opinion!
<--BACK-HOME-<<<
Email The XCSSA "Reverse Dictatorially Elected Coordinator" Thomas Weeks: tweeksjunk@theweeks.org