After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
Mike
Might I suggest an appliance? D-Link, SMC, NetGear and LinkSys all have them for just a hair over $100 provided you're sitting on a Cable or DSL connection. My SMC is web managable and does a lovely job. It also has a COM port so I can use it with dial-up networks if I have to. IPCHAINS/IPTABLES is cool, but you need to patch for IPSEC support in 2.2.x kernels. ccb -- Charles C. Bennett, Jr. VA LiNUX Systems Systems Engineer, Northeast US 25 Burlington Mall Rd., Suite 300 +1 617 543-6513 Burlington, MA 01803-4145 ccb@valinux.com www.valinux.com
Your suggestion of an appliance was a magnificent one. I bought a Linksys router and had it running in a very short period of time. Now for the $64 question...how do I monitor my network to minimize the chance of attack or at least know when my system has been compromised? -mike On Wednesday 04 April 2001 00:09, you wrote:
After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
Mike
Might I suggest an appliance? D-Link, SMC, NetGear and LinkSys all have them for just a hair over $100 provided you're sitting on a Cable or DSL connection. My SMC is web managable and does a lovely job. It also has a COM port so I can use it with dial-up networks if I have to. IPCHAINS/IPTABLES is cool, but you need to patch for IPSEC support in 2.2.x kernels.
ccb
-- Charles C. Bennett, Jr. VA LiNUX Systems Systems Engineer, Northeast US 25 Burlington Mall Rd., Suite 300 +1 617 543-6513 Burlington, MA 01803-4145 ccb@valinux.com www.valinux.com _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
participants (2)
-
ccb@acm.org -
Michael Long