Building a Free Firewall…Again

March 20th, 2008 | Tags: , , ,

It has been quite a while since I took an old PC, and loaded one of the various “Linux” firewall solutions.  I had been using a Cisco Pix 506E firewall for a very long time, but it finally pooped out on me.  As a stop-gap solution, I hooked my Airport Extreme directly to my cable modem, and worked from there.

While the basic functionality was ok, it lacked some features I wanted.  I wanted to track bandwidth usage, I wanted a decent Intrusion Detection System (IDS), and I wanted better control over port forwarding, etc.  This threw me back into the world of free, linux-based, firewall solutions that run on a PC. Being a geek, I had such a machine floating around.  It is a 2ghz intel Pentium 4, 512MB ram, 40GB HD, and a single network card (NIC).

The first thing to fix was the network card problem, as I needed a minimum of 2 NIC’s to make this whole thing work.  After rummaging through my bin of parts, I found an old Intel 10/100 NIC.  Assuming it would work, I installed it, and moved on.

Make sure you pay attention to the minimum system requirements, so you have the right experience.  Fortunately, these requirements are very low in today’s standards.

The next problem I ran into, was picking which firewall solution to use.  There are many options out there, such as IPCop, SmoothWall, M0n0Wall, pfSense, and more.  After looking through the current status of the projects, and looking at the available addons, I narrowed it down to IPCop or Smoothwall.  In the end, I picked IPCop as I had not built an IPCop box in a very long time, and I wanted to see how the development has come in the past several years.

Installation is basically a piece-of-cake.  You download a CD image here, burn to a disc, and boot from it.  Follow the quick start guide, and you are off to the races.  The key in this is the setup of the interfaces.  If you are like many people, this box will act as a gateway for one or more machines on your home network.  This means you need to setup Red (connected to your DSL/Cable modem) and Green (connected to your internal network) interfaces.  Without both of these, nothing will work.

If you make it past that, and you stumble around the IPCop website, you are sure to notice the addons.  The idea behind addons is that they can provide additional features or functionality not included in the original solution.  While this is potentially great, it can be a big problem as well.  These addons are not supported by the IPCop developers.  The quality varies greatly among them, and by providing some new features, they may impact the orginal functionality in a negative way.

All that to say, be careful what you do.  Make sure there is a means to completely uninstall any addon you install.

In the end, even without addons, you will find many of these free firewall solutions quite effective at delivering the capabilities most small networks desire.

Leave a comment | Trackback
  1. GeekGod
    March 20th, 2008 at 04:28
    Reply | Quote | #1

    So you ended up picking something you are familiar with then testing new waters? Why not try some of the others before deciding???

  2. Shannon
    March 20th, 2008 at 21:37
    Reply | Quote | #2

    Great question. When I played with IPCop many years ago, I liked where it was headed, but it was lacking some features and had some stability issues. It has seen a lot of development since then, and I wanted to see how far it has come. I did download ISO’s for Smoothwall (which I have also built before), and pfSense (which I have not built before). I may still switch to one of them at some point. Now that I have a dedicated machine available for doing that, making the switch is easy.

    Shannon

  3. web proxy
    February 21st, 2010 at 02:23
    Reply | Quote | #3

    Those are new working web proxy servers. They should go passed the filters. I checked all of them and they are fast and reliable. The complete list of them is here: http://anonymouslist.net