Re: appliance firewall
- From: David Brown <david.brown@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 09 May 2009 14:19:43 +0200
Keith Keller wrote:
On 2009-05-08, ToddAndMargo <ToddAndMargo@xxxxxxxxxxxxxxxxxx> wrote:mr.b wrote:I'm fairly certain Mr. Keller wasn't suggesting that NAT=firewallI did not think he was. Sorry for the mis-understanding.
That's correct, I wasn't. I also apologize for the misunderstanding. :)
It seems like the Sonicwall solution is close to what you want (I've
never used one, but have heard good things about them from others), so
this answer won't really help you, but perhaps it'll help others.
Remember that there's a bit of confusion as to what a ''firewall'' does.
Some people believe it's just NAT; others believe it's just
NAT+iptables; still others believe it's NAT+iptables+application-level
packet filtering. So when you (or others) need these functions, you
should specify which functions you want.
Now, as for OpenWRT, it's a minimal but fairly thorough linux
distribution meant for typical residential NAT/router devices, like the
Linksys WRT54G. Since it's a linux flavor, it can do everything that
linux can do, as long as you can fit it into the memory or storage space
of the device. NAT and iptables are standard; I do not know if there is
application-level filtering available. The upshot is that anything you
can do with iptables, you can do with OpenWRT. You can also do things
that the default firmware that comes with some devices can not.
The two features I particularly like with OpenWRT (rather than the standard WRT54GL firmware) are OpenVPN support, and VLANs. You can treat each LAN port as a separate NIC rather than as a switch, thus isolating network segments (except as allowed by your firewall). This means, for example, that your teenage kid's machines can be on a separate LAN from your "serious" PC. And OpenVPN support makes it very easy to set up VPNs - a WRT54GL makes a perfectly good OpenVPN server or client. Combining these you can have one Ethernet port that is effectively connected to a remote LAN while the others are ordinary NAT'ed ports.
A web interface is also available. The interface for the version I
currently use is not 100% straightforward for a n00b to use, but if you
configure the device for someone to drop in, it should really be just
like an appliance for the end-user. (I'm on White Russian, so the
Kamikaze interface might be more self-explanatory.)
Kamikaze itself doesn't have a very newbie-friendly interface either, although I believe there is a nicer web interface available. There are several other related firewall distros for these sorts of devices, some of which have easier configuration. Personally, I prefer a nice ssh and shell access to a web interface, so I haven't looked too hard at these.
.
- References:
- appliance firewall
- From: ToddAndMargo
- Re: appliance firewall
- From: Keith Keller
- Re: appliance firewall
- From: ToddAndMargo
- Re: appliance firewall
- From: mr.b
- Re: appliance firewall
- From: ToddAndMargo
- Re: appliance firewall
- From: Keith Keller
- appliance firewall
- Prev by Date: 69成人
- Next by Date: iptables - Open all ports between 3 ips
- Previous by thread: Re: appliance firewall
- Next by thread: Re: appliance firewall
- Index(es):
Relevant Pages
|
