Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: I want to use a hardware firewall

  1. #1

    I want to use a hardware firewall

    im using a cable connection(Broadband) to use the internet....i have learned that only hardware firewalls can secure the system frm bieng identified over the net... so please tell me wot all should i look in for a good firewall..and please give some tips about buying one.....
    [shadow][gloworange]there are 10 types of people in this world,
    those who understand binary...and those who dont.[/gloworange][/shadow]

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    linux. a 2.4.x kernel and use iptables
    the *nix and kernel are free(ish) and the hardware need only consist of an old 486 + your xdsl modem.

    jcdux.
    [glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    You can do what I do with my DSL and get a router. Get a router with NAT and hardware firewall protection. However, there is a small price to pay using NAT (Network Address Translation), you can't host some games (let alone connect to a few of them), can't send files using MSN Messenger *gag*, along with a few other things. Good routers to choose (which are fairly cheap too) are SMC Barricade and Linksys. You can get these 4 port broadband NAT Firewall Protection routes for under $200 Canadian. (Or get the more expensive ones, whichever you prefer!)

    The best thing is that the router is taking the IP from your ISP and then it gives your computer a different subnet and IP all together. This makes your computer invulnerable to a direct attack. (So if blow-jo from Mars desides to launch a DoS attack against 192.168.1.5, well, your computer can't be hit because it needs to be send to the WAN IP, which is what your ISP gives you.) Another great thing about routers is you can network more PC's, share the same connection, etc. I have my router and I also run software firewalls. It works very, very well. Nobody has managed to get through my router, in fact, its not detected by ping sweeps because its configured to block all ICMP's from the WAN side. I also read that most of these routers drop almost everything sent to it from the WAN side unless its been requested from the LAN side. (I'm not sure about that, but its what I read somewhere)

    Just my personal recomendation...
    Alcohol & calculus don't mix. Never drink & derive.

  4. #4
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    What's your budget? As dstevens suggested, a routher w/ NAT is an alright solution if you have a low budget. If you're looking for a professional solution, I would recommend a Cisco PIX firewall. It's a lot safer than a cheap box with NAT enabled, though it's also significantly less expensive. If you're looking for a cheap solution and aren't able to set up a Linux box as jcdux recommended, I would personally recommend the Linksys EtherFast Cable/DSL Firewall Router. You'll get the most for your money with that, and, in my experience, Linksys has been quite reliable.

    AJ

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    I tend to agree with jcdux, get a cheap 486, slap linux on it, read up on hardening linux boxes, and run ipchains.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  6. #6
    Junior Member
    Join Date
    Mar 2002
    Posts
    10
    I think its budget.

    Cheap and basic is your IPtables Linux solution.
    Next up are the cheap ADSL NAt routers/firewalls
    Next up a pro box, something like a netscreen 5XT, these are fast and ideal for home use. They can also detect DOS and drop the packets from that source.

    all in all i you need a budget from £50 to £500 and that will steer you to the right ball park.

    as a side note many 'box' fiorewall solutions are Harden sealed Linux systems, such as www.watchguard.com solution.

  7. #7
    Originally posted here by dstevens1958
    Good routers to choose (which are fairly cheap too) are SMC Barricade and Linksys. You can get these 4 port broadband NAT Firewall Protection routes for under $200 Canadian.
    D-Link also has a good solution for a real cheap price, take a look... http://www.dlink.com/products/broadband/di804/

    Hope it helps !

  8. #8
    thanx all of u.... i have a low budget....and its for my personal use only...nothing professional...so i guess the 486 and the linux solution is good...as all of u say but the thing is i havent even touched linux yet...and no nothing about iptables and all.... so the problem still remains.. i guess i have to go in for a NAT only...
    [shadow][gloworange]there are 10 types of people in this world,
    those who understand binary...and those who dont.[/gloworange][/shadow]

  9. #9
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    Low budget, use a 80486 or a pentium I with a linux on a floppy firewall, easy to install, secure enough and good performance. If you want to upgrade your network, no problem update your hardware or linux software and everything is running fine again... great performance for a low price (FREE !!!).

    try bbiagent
    You don't need to be a linux guru at all to get this to work. You only need a 80386 or better, 8 Mb Ram, 2 Network Interface Cards (linux compatible) and a xDSL modem. Configuration is made through your internet browser by typing the gateway/firewall local ip adress.

    www.bbiagent.com
    www.bbiagent.net

  10. #10
    Originally posted here by mickylittle2000
    thanx all of u.... i have a low budget....and its for my personal use only...nothing professional...so i guess the 486 and the linux solution is good...as all of u say but the thing is i havent even touched linux yet...and no nothing about iptables and all.... so the problem still remains.. i guess i have to go in for a NAT only...
    There is only one way to learn how to use Linux... And that is to use it. Go out and find the best deal you can for a cheap box. You will also need two NICs(Network Interface Cards) in the box.

    If you only have one workstation then you don't need a hub/switch, just a crossover cable to connect the router to the workstation.

    As for the linux distro I would recommend something light. I.E Debian or Slackware, or a distro on a disk such as the Linux Router Project or FREESCO.

    You can easily find pre-made ipchains/tables scripts that will work in your situation.

    If you encounter problems along the way, you can be sure that someone on the net will be able to help you. After finishing this project you will be left with an excellent firewall and a good understanding of the Linux OS.

    Links:
    http://www.Debian.org
    http://www.slackware.org
    http://www.linuxrouter.org
    http://www.freesco.org

    Originally posted here by VictorKaum
    Low budget, use a 80486 or a pentium I with a linux on a floppy firewall, easy to install, secure enough and good performance. If you want to upgrade your network, no problem update your hardware or linux software and everything is running fine again... great performance for a low price (FREE !!!).

    try bbiagent
    You don't need to be a linux guru at all to get this to work. You only need a 80386 or better, 8 Mb Ram, 2 Network Interface Cards (linux compatible) and a xDSL modem. Configuration is made through your internet browser by typing the gateway/firewall local ip adress.

    www.bbiagent.com
    www.bbiagent.net
    I tried this one. And to be honest, I was NOT impressed. All of the initial configuration is done through a java applet on their website. Then, based on your settings, it provides you with a boot image.

    Then, after you have booted the disk, they expect you to do ALL of the configuration from some stupid java applet that connects to a telnet port on the router!!

    Well, that may be ok, but what if after you boot your network doesn't work?

    There is no way to access the router locally using a monitor and keyboard... the distro does NOT include TTYs!! That is just plain stupid if you ask me.

    Anyways, that is just my experience.. It may work just fine for other people.

    --Sudo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •