|
-
October 11th, 2005, 11:12 PM
#1
Member
What firewall for a home LAN Gateway ?
Hi,
I would like to get a nice (and free)  firewall for my home LAN, on a XP gateway.
I have used an old PC for this, running Linux with web proxy, web content filter and a firewall.
Now I would like to do the same using XP, but I am a bit lost.
The XP internet connection sharing works fine, but it does not seem to be a great firewall compared to what I used to have with the Linux setup.
Main difference is that I can not block with different rules different PC acces to Internet.
Eg.
LAN PC's should not be able to access Internet on tcp port 80, but the firewall PC should.
-OR-
My PC on the LAN should be able to FTP to the Internet, but my kids PC should not.
It seems the personall firewalls is not designed for gateway use, and of some reason the XP firewall does not support this either.
But im sure this can be done with XP also, I just dont know how 
-
October 12th, 2005, 01:58 AM
#2
I'm not entirely sure why you'd want to switch to XP for a home gateway/firewall.
From my own personal experience, Linux provides all the tools for this without resorting to packages outside the distro.
Perhaps you could provide some further details as to why you want to switch.
\"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
Phillip Toshio Sudo, Zen Computer
Have faith, but lock your door.
-
October 12th, 2005, 02:05 PM
#3
Senior Member
If you really want to set up an XP box as a gateway you have a few options. There's always those application layer firewalls which work great on the computer they're on. Not so sure if they analyse traffic being forwarded in the case of a gateway but I would doubt it since they operate at a higher layer. I've never seen an implementation for iptables on windows but it could exist, the alternative I've been using is CHX-I. It lets you set rules on on the network layer and lets you assign specific rules to each network interface connected to the computer. The company was bought out but the free personal edition is still kicking around if you look for it.
Reality is the one who has it wrong, not you
-
October 12th, 2005, 02:58 PM
#4
Re: What firewall for a home LAN Gateway ?
Originally posted here by HippoDuck
Hi,
I would like to get a nice (and free) firewall for my home LAN, on a XP gateway.
I have used an old PC for this, running Linux with web proxy, web content filter and a firewall.
Now I would like to do the same using XP, but I am a bit lost.
I doubt that 'old' box has enough power to even run XP....
Please note that the specs for running linux are much, much lower than those of XP.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 12th, 2005, 03:34 PM
#5
I would like to get a nice (and free) firewall for my home LAN, on a XP gateway.
I would recommend Sygate from www.download.com has both inbound and outbound security and a lot of configuration options.
but it does not seem to be a great firewall compared to what I used to have with the Linux setup.
ICF for XP doesn't have any outbound security.
LAN PC's should not be able to access Internet on tcp port 80, but the firewall PC
Sounds like poor Network Architecture to me.
Also, externals systems should not be able to access ANY part of your internal network.
I would just buy a router all PC's behind the router are not exposed to the Internet. The only PC that is, is the one that an IP address is leased to you by your ISP.
-
October 12th, 2005, 03:49 PM
#6
Member
I'm not entirely sure why you'd want to switch to XP for a home gateway/firewall
I hope to have only 1 "server" that is on 24/7 at home. I hope the "server" shold be a:
- Firewall
- Proxy
- Web content filter
- Web server
All this works fine on linux. Was easy to setup, even tho I did not realy know Linux.
But now I would like the 24/7 box to function as a :
- TV/Multimedia center, that I can record TV programs with a dvb-t card.
- Skype "home" phone, that works directly from an USB-phone. (no need for display when calling)
The dvb-t should work under Linux, but I some how doubth that I will be able to get all to work in Linux, as it seems a bit complicated. So I want options with XP. Also I am interested in XP MCE as one option also.
When I realized that Skype does not work to great on Linux, and that the USB phone keyboard does not work in Linux at all, (exept in one old distro), I decided to see if I can get the Firewall to work on XP.
I doubt that 'old' box has enough power to even run XP....
The test box is a 400MHZ Pentium with 256MB RAM, and XP works fine. But if I get all of the above to work on XP or Linux, then I will buy new up to date hardware anyway.
I try to find CHI-X. Also I was recomended to have a look at "tiny personal firewall" that should be able to do hosts based rules.
-
October 12th, 2005, 04:00 PM
#7
Member
Originally posted here by Computernerd22
Sounds like poor Network Architecture to me.
[/B]
Ok im no expert, but my reasoning is :
I do not want the LAN pc's to access Internet port 80, in case some unwanted program gets on the kids PC's. Also it nice that the firwall PC can access the Internet, so that I can have, well Internet ?
Edit: Oh and the FW is running a Proxy server on say port 8080, to give the LAN computers Internet access.
But im open for suggestions
-
October 12th, 2005, 06:43 PM
#8
There is only one solution to this issue.
Install this:
http://freshmeat.net/projects/asl/?b...ease_id=209070
on a Linux box.
I use this product at home and I am VERY pleased with the performance.
If you want to see how it works before installing, go to:
https://demo.astaro.com
--Th13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 15th, 2005, 10:46 AM
#9
Member
Well for now I still try to do this with XP.
I now am using Tiny Personall Firewall Version 2, that is an old but free version.
It kinda does the job. It is not as nice as the Linux I had.
It does have rules for IN and OUT, but the problem is that IN is IN from the LAN side OR the Inet side So one has to use the XP firewall to block incomming from Inet side.
So one ends up with rules in 2 different products...
A nice thing about personal firewall tho, is that one can tie an exe to the rule. So if I want to run Skype on the gateway, I can give Skype.exe full access to Internet.
If I go back to Linux I have a look at "Astaro Security Linux". If one can get MythTV running on Astaro also would be nice
-
October 15th, 2005, 08:11 PM
#10
Personally, I think you may be putting too many eggs in one basket. I would consider getting a second-hand PC and turning it in to a dedicated Linux firewall/security device, and then use your current computer as a media center.
There are three bits of reasoning behind this:
-Media playback/VoIP can be resource intensive, and security apps can be as well.
-If your security box gets compromised, its JUST the security box
-You can harden your security box without affecting the performance of your media box
Just my $0.02
\"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
Phillip Toshio Sudo, Zen Computer
Have faith, but lock your door.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
