Router + firewall + NIDS questions
beesond001 at hawaii.rr.com
beesond001 at hawaii.rr.com
Sun Aug 26 02:08:46 PDT 2001
Dusty,
Thanks, I'll consider this as I am still compiling a shopping list.
Ben
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 8/25/01, 11:07:16 PM, Dusty <dusty at sandust.com> wrote regarding [luau]
Re: Router + firewall + NIDS questions:
> For this system I can only recommend OpenBSD. Linux is great, but
security is NOT the first consideration with Linux. With OpenBSD it is.
IPfilter, which currently comes with OpenBSD (ver 2.9) is awesome (one of
the best firewalls around free or commercial) and much easier to configure
than IPtables/Netfilter in Linux. Snort is a great choice for IDS. A 486
or (preferably) old Pentium running OpenBSD with 32mb ram and a 500MB hard
drive is all you would need. I use an 85mhz Sun Sparc5 with 32mb ram to do
this same thing, plus mail, web, and dns. It sits 98% idle!
> Having multiple NICs would be fine, a little more difficult on the
config, but nothing too much. Basically your system will just have to route
traffic to each interface and you will need to use bigger netmasks (ie
255.255.255.248 instead of 255.255.255.0). But your firewall can control
the traffic much tighter. If you don't already have the extra NICs, I
would spend the money on a cheap HUB or switch.
> For more info on OpenBSD goto http://www.openbsd.org and for info on
configuring http://www.nomoa.com/bsd. The network install for OpenBSD is
pretty easy and I recommend it.
> ---------------------------------------------------
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> > <HTML>
> > <HEAD>
> > <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html;
charset=iso-8859-1">
> > <TITLE>Router + firewall + NIDS questions</TITLE>
> > <META NAME="GENERATOR" CONTENT="StarOffice/5.2 (Linux)">
> > <META NAME="CREATED" CONTENT="20010825;19020300">
> > <META NAME="CHANGEDBY" CONTENT="Ben Beeson">
> > <META NAME="CHANGED" CONTENT="20010825;19170400">
> > </HEAD>
> > <BODY>
> > <P>Aloha all,</P>
> > <P> I would like some advice on how to do something. I would like to
> > build a router + firewall + NIDS from scratch to use for my home LAN.
> > I was thinking of building a box to act as a router and firewall for 1
> > Sparc, 1 VALinux box, one Mac, and one Windoze box. I envision a Linux
> > box for this that should boot headless. I also want this router +
> > firewall box to share one internet connection with all the others.
> > BTW, the Mac and Windoze boxes will need a wireless connection
> > (wireless 802.11???). I was also thinking of running Snort on the
> > internal side of the router + firewall to monitor what gets past the
> > firewall. Because of all this, I don't think that the linux router
> > project will work, but the idea is mostly the same.</P>
> > <P> What I would like to know is what does the community of experts
> > think is:</P>
> > <P>
> > ---
> > You are currently subscribed to luau as: dusty at sandust.com
> > To unsubscribe send a blank email to leave-luau-436Q at list.luau.hi.net
> > -- a fast enough CPU for such a task,</P>
> > <P> -- how much hard drive should I buy,
> > </P>
> > <P> -- and should I run a hub behind the firewall, or should I
just
> > throw in some extra NICs?
> > </P>
> > <P> Any ideas would be greatly appreciated.
> > </P>
> > <P><BR><BR>
> > </P>
> > <P>Thanks in advance for your help,</P>
> > <P>Ben
> > </P>
> > <P><BR><BR>
> > </P>
> > </BODY>
> > </HTML>
> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list