Quwery about firewall software
Daniel Anderson
kd4jdl1 at verizon.net
Sat Nov 14 11:51:54 UTC 2015
On 11/14/2015 06:27 AM, Bret Busby wrote:
> On 14/11/2015, Bret Busby <bret.busby at gmail.com> wrote:
>> On 14/11/2015, Petter Adsen <petter at synth.no> wrote:
>>> On Sat, 14 Nov 2015 18:10:20 +0800
>>> Bret Busby <bret.busby at gmail.com> wrote:
>>>
>>>> Hello.
>>>>
>>>> I have been using a computer as a firewall/gateway computer, with an
>>>> old version of Debian Linux, and Firestarter, both of which are no
>>>> longer supported, and I have forgotten the relevant passwords for the
>>>> computer.
>>>>
>>>> I am thinking of installing Ubuntu Linux on the computer, with
>>>> possibly either Firewall Builder, or gufw, to set up a new firewall.
>>>>
>>>> This is a computer via which, a number of computers within the LAN,
>>>> access the Internet, the LAN computers using various operating systems
>>>> (which should not make any difference to the firewall/gateway
>>>> computer), and using static IP (v4) addresses.
>>>>
>>>> The firewall/gateway computer has two network cards; one for the LAN,
>>>> and, one for the router/modem.
>>>>
>>>> Whilst the gufw seems simple enough, to enable, for a single computer,
>>>> I do not know whether it would be suitable for using on a LAN
>>>> firewall/gateway computer.
>>>>
>>>> Please advise which of these two firewall applications, would be most
>>>> appropriate in this context, for a relatively simple person.
>>> (This might be the "wrong" answer to give on a Ubuntu mailing list, but
>>> since it is a solution I'm very happy with I'm going to give it anyway.)
>>>
>>> If the machine is going to function solely as a firewall and home
>>> router, I would take a look at something like pfSense - this is what I
>>> use at home. It's based on FreeBSD, and has a web interface for
>>> administration. IMO it's a much better and more integrated solution
>>> than putting together the pieces you need on a standard Linux
>>> distribution. It provides a number of packages that extend the base
>>> functionality, no licenses required. The documentation is quite good.
>>>
>>> There are also specialized Linux-based distributions similar to
>>> pfSense if you would prefer that, but I'm not familiar with them. One of
>>> them is called Smoothwall, and there are others.
>>>
>>> AFAIK, gufw seems to be intended as a firewall for a single machine
>>> more than as a gateway for a network.
>>>
>>> I'm not saying you can't do what you suggest, but that a specialized
>>> firewall distribution might be better suited. You can run pfSense off a
>>> USB stick or CD/DVD as a test to see how you like it.
>>>
>>> Just my 0.02NOK :)
>>>
>>> Petter
>>>
>>> --
>>> "I'm ionized"
>>> "Are you sure?"
>>> "I'm positive."
>>>
>> I had wondered about using a BSD as the underlying operating system,
>> for the firewall/gateway computer, due to the perceived greater
>> stability of BSD, relative to Linux.
>>
>> The only problem that I see with that, is that I have no experience as
>> an administrator, on a BSD system, and, it is now about 30-35 years (I
>> think), since I have used a BSD (it was BSD 4.2, running on a VAX
>> 11-785, from memory). However, I should be able to learn enough, to
>> install and operate, BSD, sufficiently, to install and operate a
>> firewall/gateway, I expect.
>>
>
> I am going to try to rewrite what I had just written, using a text
> editor, to then copy the text into the email software, the previous
> attempt, having all got deleted by the software - it appears that, in
> using gmail, with the web browser that partly works, and rabid mouse
> software in the operating system, everything that gets entered at the
> keyboard, can go absolutely anywhere, and, can all be deleted, by
> whichever software is responsible, destroying anything up to hours of
> work, at a time.
>
> Two things have occurred to me, regarding the suggestion to use
> pfSense, after I sent my previous reply, as I may have misconstrued
> the post content, in the first reading.
>
> The first is thus; is the pfSense thing, an encapsulated suite, that
> includes the operating system, so that it would take only one sequence
> of installation and configuration, rather than first installing the
> BSD and gonfiguring it, and then installing pfSense and then
> installing it? If it is indeed, encapsulated, then it should not be as
> difficult as I had assumed, and, the operating system presence, and
> thence, which operating system, should be transparent.
>
> The second thing, is thus; with you having mentioned that "You can run
> pfSense off a USB stick or CD/DVD as a test to see how you like it.",
> it it available, as a "live" system, like the Debian and Ubuntu and
> formerly, Gnoppix, LiveCD's?
>
Another one is IpCop. Been using it for many years with great results.
--
When Government fears the people there is Liberty.
When People fear the Government there is Tyranny.
IN GOD WE TRUST
More information about the ubuntu-users
mailing list