[clug] Home Firewall dedicated OS

Ian McLeod ianmcleod75 at gmail.com
Tue Aug 25 23:38:57 MDT 2009 

So either Shorewall or Clark Connect will be fine then - and don't 
customise it...  All I want is a gateway / router / VPN server...  So 
these things are save to expose directly to the Internet then - or no 
less safe than my NAT / firewall Billion modem sitting directly on the 
Internet.  Updated Snort and firewall systems does sound like an 
improvement though - compared to the basic firewall on my modem..

What about VoIP and wireless?  Currently my modem provides VoIP and VoIP 
QoS functionality - won't this break if I bridge the modem?  We have 
Naked ADSL so VoIP is not an option - it's an essential utility.

David Tulloh wrote:
> Ian McLeod wrote:
>> Seems a better solution to set up home VPN is to bridge the modem to 
>> a dedicated OS.. Is this a *viable* option in terms of investment in 
>> time and maintenance required for the average small home network? And 
>> secure enough compared to a hardware firewall and NAT (modem)?
>>
>> Seems there is SmoothWall and ClarkConnect free editions and 
>> something called Devil Linux..
>>
>> Any experience with these things? Not concerned with philosophical 
>> implications of a commercial company vs puritan GPL or whatever, just 
>> something that is free and works well and is relatively easy to set up.
> I used the free version of Smoothwall for several years and was happy 
> with it, I was using it as a gateway/firewall/nat router, I never 
> explored any VPN options.
> The installation and setup was very simple, management was done 
> through a web interface. It was very much like a modern modem or 
> router to run.
>
> My only criticism was that I had to manually update it, it would 
> indicate when updates were available but only if I actually looked at it.
>
> Keep in mind that these distros are good firewalls but aren't really 
> designed for general use, I recall the updates would happily replace 
> configuration files you shouldn't have changed. So if you are trying 
> to do something that the distro isn't designed for (web hosting, file 
> serving or whatever it doesn't support) you should probably go with a 
> more general choice.
>
>
> David

More information about the linux mailing list