kksdragons
Waiting For Godot
Premium
join:2000-10-10
Lake Forest, CA
clubs:
|  Resurrect an old PC as a firewall?
At one time, I had filed instructions for using an old PC as a firewall. Of course, I put them in a safe place and you KNOW what happens when you do that! I've done a couple of searches and so far, have only found ways to do this using Linux or FreeBSD. Seems to me my instructions were not OS-specific; it was a way of putting some (minimal) hardware together and tying it into your network.
Anyone know where I can find this "how-to?"
If this is the wrong place to ask, my apologies; please feel free to move me. 
--
KKd:)Ideal Job: Social Director on first intergalactic flight.(Project Manager, until then...) |
|
God
IN Vilseck Germany
Premium
join:2002-07-01
Colorado Springs, CO
clubs: 
| i can hook u up brotha !! = )
its a prog named Clarkconnect ..
easy to do ... check this link out ... »www.techtv.com/screensavers/prod···,00.html
i guess its great to be a loyal the screen savers fan = )
--
Anime Bouncing Boobies !!Forum Posts: 2100 |
|
crazycatz
join:2002-05-11
Calgary, AB
| reply to kksdragons
i just skimmed through that article, but with that software, would i be able to run a web server for a webpage or make my old computer a file server on my network?
--
ASUS A7N8X | AMD 2400+ | 256X2 KINGSTON 3200PC | ATI RADEON 9500PRO | MAXTOR 80GIG | LITEON 52X24X52 | |
|
kksdragons
Waiting For Godot
Premium
join:2000-10-10
Lake Forest, CA
clubs:
| reply to kksdragons
From what I'm reading, the ClarkConnect s/w allows you to "create" a router and the SmoothWall mentioned in this article would help you create a router/firewall. Now, I have always thought a router and a firewall were two different pieces of h/w. Has the game changed on me or am I losing it?? :O I have a router (Linky) but certainly have never considered it a firewall. But the info at SmoothWall DOES say it's for creating a quote:
hardened Internet firewall device, turning an Intel (or compatible) PC or server into a replacement for a hardware firewall router
So, does this mean something like this Smoothwall (or ClarkConnect?) would replace my Linky as a router WITH firewall-type security? I thought I could just make a separate hardened firewall in addition to the network I already have set up (and working just fine, TYVM ).
?????
--
KKd:)Ideal Job: Social Director on first intergalactic flight.(Project Manager, until then...) |
|
scottkeen
join:2001-06-05
Kailua Kona, HI
| I've set up a Linux SmoothWall before too. But, in the end I decided to go with a dedicated hardware firewall, in particular the ZyWALL-1 (which is a true firewall, not a router).
I think what sets firewalls apart from the "blocking" capabilities of routers are basically the ability to:
1) block incoming as well as outgoing ports
2) block certain types of content (i.e. Javascript or ActiveX) from incoming and outgoing
3) program rules for ports and IP addresses
4) protect from DoS, SYN Flood, LAND Flood, Ping of Death, and other types of attacks
5) SPI - Stateful Packet Inspection. Verify that the packet of data coming in is from someplace on the LAN that originated it.
Now, a firewall is just a firewall. It's not a router. Some firewalls having routing abilities and even include built-in switches, like the ZyWALL which is a hardware firewall, routes, and has a built-in 4-port switch. And only $130 bucks.
I don't know enough about SmoothWall to say if it has all the hardware firewall capabilities that dedicated hardware firewalls have. |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| reply to kksdragons
Just did it with Clarconnect - my P310 just couldn't do what I needed it to do anymore.
Clarconnect is a router, a SPI firewall and can host a variety of servers (web, mail, ftp etc.) you decide during/after setup what you want it to do.
I ran into a few problems due to cloning a MAC address with COX cable, but I got it sorted out. End result, my download speed increased (P310 limitation ?), and port scan come back complete stealth. I'm not running any servers off of it as of yet. See here.
Mike
--
Drugs are bad....um'kay. |
|
crazycatz
join:2002-05-11
Calgary, AB
| reply to kksdragons
would you need two network card it you wanted to use it as a router? and would you still need two if you just wanted it for a web or ftp server?
--
ASUS A7N8X | AMD 2400+ | 256X2 KINGSTON 3200PC | ATI RADEON 9500PRO | MAXTOR 80GIG | LITEON 52X24X52 | |
|
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
| reply to kksdragons
Well, if you are trying to protect other PCs on your LAN from outside attacks, then yes, you would need 2 NICs in the firewall/Router PC. One connecting to the modem, the other to the lan. (probably to a switch that the other PCs plug in to)
And I think the big difference between a firewall and a router is that the router is able to block incoming traffic only as a bonus. Network Address Translation is used, so the incoming data doesn't know where to go when it hits the router. outbound data still flows freely. A firewall processes the data coming in, to varying degrees based on software/hardware. They also allow outbound traffic limiting.
--
AMD XP2100+ @2300mhz/ Asus A7N8X Deluxe/ 2x 512Mb Kingston HyperX PC3500/ WD 800JB 80Gb on serial/ Gainward GF4 4600/ Enermax 465P-VE/Air cooled |
|
m2pmd70
S.O.D.
join:2000-11-23
Mountain Home, AR
| reply to kksdragons
I've got BBIagent running until I get linux set up the way I want it. Only thing is, if you don't pay you have to re-enter all your rules if you ever reset the computer. But I just leave it plugged into my UPS so it's not a problem. If you leave a keyboard plugged into it it'll flash the keyboard lights for send/receive. lol
--
"You're Dead." - The Ballad of Jimi Hendrix - S.O.D. '85 |
|
kksdragons
Waiting For Godot
Premium
join:2000-10-10
Lake Forest, CA
clubs:
| reply to kksdragons
Sure do like the blocking aspects as you outlined them Bigtuna. I guess my thought of using up a bunch of extra hardware to set up a firewall might be a bit over my head at the moment. My main thought was, now that I have my sweetie living here, extra protection might be a good thing. I always knew where I surfed was safe (and have my own PCs nailed down really tight) but he's interested in so many things, I just don't want to take a chance that he might stumbles over something that would have a negative impact on my network... so to speak. And, I don't have the high security set-up on his machine because he doesn't have the patience to deal with a lot of the restrictions (yet). (It's not like he goes to X-rated.... more of scientific/experimental stuff, but you just don't know anymore.) And, my LAN is growing even just for the two of us. Might just be easier to tighten up his machine more. I don't have the $$ to purchase a dedicated f/w at the moment.... have a new machine coming on board soon and just thought this might be a neat thing to do w/this "old" one.
Still not clear if something like this would actually replace my Linky.... Think I will be following your thread, Mike. (Altho' your issues are partly what made me re-think this.)
--
KKd:)Ideal Job: Social Director on first intergalactic flight.(Project Manager, until then...) |
|
aurgathor
join:2002-12-01
Lynnwood, WA
 ·Verizon west (ex G..
| reply to kksdragons
Another one is FREESCO -- www.freesco.org.
This one can be run from a 1.44 floppy!!
The big difference between many HW routers and SW routers is that most home/SOHO HW routers have a fixed size NAT table while those Linux based SW routers have a NAT table that's limited by available memory. They also have a lot more option (and one can even modify their src) but on the other hand, it can be a real PITA to set one up correctly. I needed less than 5 minutes to get my RT314 up and running on PPPoE, while 5 days weren't enough for freesco.
[text was edited by author 2003-06-21 01:41:19] |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| reply to kksdragons
The Clark Connect router will definitely outperform the Linky. You'll just need to invest in a switch (I'm fairly certain you could use just the LAN ports of the Linky for this, not quite sure).
Clark and several of the other Linux router solutions mentioned in this thread and my thread over in the Unix forum at a minimum do NAT and SPI. SPI is only found in the high end dedicated routers (Zywall). Also, several of the Linux solutions offer true DMZ (not Clark - Smoothwall and Astaro do), built in server capabilities, web proxy, bandwith limiting per LAN IP, and all kinds of other fun stuff. Of course you're going to need a little more space for a whole PC. Had to rearrage my house this morning.
If you want some help setting up (or anyone else for that matter) - I'm more than willing. There's a ton of helpful folks over in the Unix forum and most of the Linux firewall sites have their own help forums also.
Mike
--
Drugs are bad....um'kay. |
|
crazycatz
join:2002-05-11
Calgary, AB
| reply to kksdragons
ok, i just installed the clark connect program on my old computer to give it a try, but what do i do now? how do i set it up to do what i want it to? i would like to make a web server or ftp server maybe and a file ferver for the rest of my network. but how? where od i go to set all of this up?
--
ASUS A7N8X | AMD 2400+ | 256X2 KINGSTON 3200PC | ATI RADEON 9500PRO | MAXTOR 80GIG | LITEON 52X24X52 | |
|
Mike_0580a
16 down, 4 to go
Premium
join:2000-09-06
El Cajon, CA
| After the install routine, the remainder of the configuration is done by accessing the clark box via a web browser - default address is »https://192.168.1.1:81 You'll have to have another PC on the same subnet.
From there you can forward ports, set up servers, etc.
Or, if you're linux literate, it can be done via command line from the clark box's console.
Mike
--
Drugs are bad....um'kay. |
|
