[PLUG] Free Firewall

Sean Whitney sean at fork.com
Mon Nov 17 15:56:02 UTC 2003 

I have a firewall white box server that I built about three years ago
available for free.

It's running debian stable with a 2.2 kernel installed.  It's using
seawall (http://seawall.sourceforge.net/) for it's firewalling.

It has 4 interfaces

eth0 - inside
eth1 - outside
eth2 - dmz
eth3 - wireless

This setup is pretty standard with the exception of the wireless.  This
interface had a 802.11b access point on it and was set up like a normal
inside interface, except that the inside interface and wireless
interface can't talk to each other.  This effectively makes it a free
wireless node.

It's set up to support pppoe on eth1 but this could be modified to
support whatever broadband interface is needed.  It was set up to work
with Earthlink pppoe DSL.

The hardware is a 486x66 with 16MBs of memory, 4 ne2K nic cards (and I
have some extra ne2k cards I can through in as well), Buslogic BT-445S
scsi card, and a 500MB Quantum Maverick 540S hard drive.  Some people
might think that this is underpowered for a firewall, but the opposite
is true, it's greatly overpowered.  Most firewall's don't require much
in the way of CPU and memory.  Pushing packets isn't hard. 

This has been an extremely reliable working firewall.  Never compromised
(that I could tell *grin* ).  The only time if failed me was when I
first set it up.  I did a remote scan against the firewall to see what
vulnerabilities where there, and I filled up the only partition (big
mistake, now fixed) with syslog entries.  It now sends all logging to a
loghost.

I'm only replacing it for the following reasons:

1) I received a Sparc 10 dual proc computer.  This offers a smaller form
factor and fits on a shelf that I have.  It also has a nice qe card for
all the interfaces.
2) I wanted to upgrade the kernel to 2.4 to support iptables and ext3. 
This also required converting from seawall to shorewall firewall. 
Setting up a firewall can be difficult if the information you need to
make it work is on the Internet.  Settting up a different box made more
sense.

If anyone is interested they just need to send me an email and come and
pick it up in Vancouver.  First come, first serve.


Sean
-- 
Sean Whitney <sean at fork.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20031117/e8013424/attachment.asc>

More information about the PLUG mailing list