Tips for an (advanced) home firewall/router
August 14, 2006 1:58 AM Subscribe
I have a setup for my SOHO firewall in mind. Help me perfect it.
I'm moving to another city, and there my new office will be at home for the forseeable future. I want the firewall/router have the following features:
- Connect wired SOHO network, wireless entertainment network, DMZ for client FTP, and the internet.
- Allow access to wired network from both the internet and WIFI only through VPN
- Intrusion detection
- Must be (almost) totally silent
What I have in mind is a hush B1 (sorry, no direct link because of frames) with 3 ethernet connectors and either the personal edition of the Astaro firewall or ClarkConnect.
Now to the questions:
- While the B1 seems to be quality hardware, and I'm ready to spend the money, are there cheaper fanless solutions with enough CPU power to run a packet analyzer and IPSec, with enough ethernet connectors, and in the same size category?
- Are there other/better software solutions than the two mentioned? Experiences?
- Any hints for improvement are welcome :)
Thanks!
I'm moving to another city, and there my new office will be at home for the forseeable future. I want the firewall/router have the following features:
- Connect wired SOHO network, wireless entertainment network, DMZ for client FTP, and the internet.
- Allow access to wired network from both the internet and WIFI only through VPN
- Intrusion detection
- Must be (almost) totally silent
What I have in mind is a hush B1 (sorry, no direct link because of frames) with 3 ethernet connectors and either the personal edition of the Astaro firewall or ClarkConnect.
Now to the questions:
- While the B1 seems to be quality hardware, and I'm ready to spend the money, are there cheaper fanless solutions with enough CPU power to run a packet analyzer and IPSec, with enough ethernet connectors, and in the same size category?
- Are there other/better software solutions than the two mentioned? Experiences?
- Any hints for improvement are welcome :)
Thanks!
Response by poster: Thanks, WRAP looks very interesting.
posted by uncle harold at 10:25 AM on August 14, 2006
posted by uncle harold at 10:25 AM on August 14, 2006
What about the soekris engineering boxes? I see them set up as SOHO firewalls quite often. The Linux & *BSD types love the little things.
It all depends on how much time and effort you want to put into it. Personally, I got sick of homebrew computer crap at home, so I bought a used Netscreen firewall instead. To be specific, I have the Netscreen 5XP. the newer products, like the Netscreen 5GT, have 5 ethernet interfaces that allow you to segment traffic & firewall rules six ways from Sunday. They can do everything that you're asking and a whole lot more.
In the long run, it all boils down to how much money you feel like spending.
posted by drstein at 12:16 PM on August 14, 2006
It all depends on how much time and effort you want to put into it. Personally, I got sick of homebrew computer crap at home, so I bought a used Netscreen firewall instead. To be specific, I have the Netscreen 5XP. the newer products, like the Netscreen 5GT, have 5 ethernet interfaces that allow you to segment traffic & firewall rules six ways from Sunday. They can do everything that you're asking and a whole lot more.
In the long run, it all boils down to how much money you feel like spending.
posted by drstein at 12:16 PM on August 14, 2006
This thread is closed to new comments.
If you're experienced enough to build your own custom firewall configuration from a bare Linux or OpenBSD install (and it sounds like you are), I can thoroughly recommend them. I've got a couple installed around the place acting as combination firewalls / VPN endpoints / 802.11g access points, and they've been no trouble at all.
posted by Pinback at 5:53 AM on August 14, 2006