On Tuesday 12 April 2005 05:50 pm, kevin.kempter@xxxxxxxxxxxxxxxxx wrote: > Hi All; > > For several years now I've been using the Astaro Firewall solution for my > home network (http://www.astaro.com/). It requires it's own box with 2 nic > cards and serves up IP's for the network behind the firewall. It's been a > great solution however I wonder if there is an open source equivalent > available. I never use the Fedora firewall because I'm almost always behind > the main firewall on my home network or behind some corporate firewall. > Even behind the "corperate firewall" one can be attacked. > I would like to find a tool capable of the following: > 1. the ability to act as a domain firewall (maybe domain is not the correct > term?) with the ability to serve up IP's for the users behind the firewall > and provide access both to the internet and to each other within the > network > Linux was born (>literally<) on the internet. > 2. The ability to provide some sort of surf content filtering to keep my > teenagers from being exposed to crap via the web > Yes the name of the main one escapes me at the moment. But here are some to look at; http://www.zone-h.com/download/file=1429/ http://www.rogala.3d.pl/en/aldebaran.htm http://www.aimsniff.com/ http://www.packetfactory.net/ngrep/ http://ngrep.datasurge.net/ http://www.quaking.demon.co.uk/ksnuffle.html > 3. th ability to setup M$ style vpn access > Yes > 4. something that's easy to administer > Shorewall and iptables is a supurb firewall system that is tied to the linux kernel. Shorwall allows you to modify iptables in a faitly intuitive fashion. > 5. we generally are a Linux - only network save a few dual boot boxes for > the sole purpose of playing multi-player games. It would be nice if I could > prohibit any of the M$ installs from ever visiting the web but at the same > time allow within-network access to each other so multi-player games would > still work without acquiring an M$ based virus for every 10 minutes of game > time. > IMHO You should be able to block anything -- by content -- from any box -- with a bit of learning curve. > Thanks in advance for any suggestions... -- John H Ludwig
