• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Time for a HARDWARE FIREWALL

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
skahtul

skahtul

Member
Joined
Oct 3, 2002
Location
SLC
I was trying to be nice. I finally got my BF1942 server up and running and what happens? Some one goes in to my computer and messes everything up. It was strange. As long as the Internet was off (by hitting the button on my Cable Modem) I was fine but as soon as it was on my computer would start sending and receiving tons of info, everything would slow down and bam, my system would restart. This really ****es me off. So now here comes the hardware firewall. What do you all think of

THIS one?

THANKS


PS> If it was someone on the forum that got me, I'm looking for you..... :eek:
 
Looks nice. Be sure you you will use the vpn features at some point or maybe save yourself some cash and go with one without the vpn support.

Personally I am using an ancient pentium II machine that I am running ipcop(http://www.ipcop.org) on and I love it. Alot better than the cable/dsl router I had been using before that. Work a look if you have an old machine lying around because it is totaly free.
 
NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO.

i still have nightmares from working with that peice of ****. please i beg you dont use netgear.
 
Hmmm. I was talking with a friend about firewalls and he told me I could build a Cisco PIX relatively cheaply. I don't remember what parts exactly. I can probably find out more if you're interested. It might be overkill though.
 
i would just go out and buy a router such as the d-link 604. that is what i have and it works great. you don't need a cisco router to just act as a hardware firewall for your home network...
 
I'd like to point out that an insecure machine is still an insecure machine no matter how much you put infront of it, maybe you should spend some time and look at why your machine is insecure. Might save you some cash.
 
Smokeys said:
I'd like to point out that an insecure machine is still an insecure machine no matter how much you put infront of it, maybe you should spend some time and look at why your machine is insecure. Might save you some cash.
Click to expand...

i find that having my router and setting it u properly protects me from these attacks that are happening... if you get a router and you don't know what things mean, read the documentation and find out. it will help you out in the long run ;)
 
Smokeys said:
I'd like to point out that an insecure machine is still an insecure machine no matter how much you put infront of it, maybe you should spend some time and look at why your machine is insecure. Might save you some cash.
Click to expand...

Putting that insecure machine behind nat makes it pretty much invulnerable to attacks from the Internet, except for people tricking you into running unhealthy things on it. And there is no 100% defense against user stupidity.

I'd recommend using a real computer for a firewall, not one of those appliances.
 
legendary said:
Hmmm. I was talking with a friend about firewalls and he told me I could build a Cisco PIX relatively cheaply. I don't remember what parts exactly. I can probably find out more if you're interested. It might be overkill though.
Click to expand...

the 500 series range from 400 - 600$USD
 
IPCop... eh, IPCop didn't thrill me, for some reason I just never liked it and never deployed it.

However, I found an awesome other solution. If you have a Pentium 100 Mhz lying around, a small 200 Mg hard drive, 32 mgs of memory, and of course a box for that and networking, go with a Smoothie (aka SmoothWall)!

Smooth Wall makes a neat firewall solution and I haven't had too many issues with my Smoothie. The box gets on the internet for you (whatever your connection is, even modem), shares internet to any computers asking for it (unlimited connections possible), and it also serves as a DHCP server, so you don't have to assign IP numbers out to your other machines. It is a quick install, has documentation that makes most anything possible, and a few fan sites too. IPCop was just scary, I never used that. Smooth Wall, I looked at their site and I wanted to do that hardware firewall like NOW! It was really an awesome place.

The only drawback I see is that the documentation is for Smoothwall 0.99, not 1.0 or the 2 betas... but that just means that the screenshots will not line up, but the info still worked perfectly.

Also, note, this company releases security fixes all the time for the Smoothie, so your never left with a firewall that has many holes.

This computer hasn't ever crashed. The only downtime it has had was due to a few power outtages and also the power supply had an issue... I used that PSU for about 5 years and let it sit for a few more... so when I went to use it, one day the fan died... oh well, replace the fan and I am still using that PSU! :)

Get the Smoothwall GPL. The same company makes a corporate product, but I find that product overkill. Still, since they make an actual corporate product off of the same codebase, you know it is good.

Smoothwall Limited
Really neat info about Smoothwall 1.0 GPL

You use a keyboard and monitor to set it up, and then you take it away once you are done setting it up. A floppy drive and CD drive is needed to get the software on there, and a vid card is needed of course to drive the monitor. You can take all that away when you are done, but considering that I had an 8x CD drive in there and I don't need floppy drives (or that pathetic video card), I just took the keyboard and monitor away.

Eitherways, you don't loose anything in trying a Linux Firewall before you get a Netgear or alike. So, why not try it? At the very least, it was a neat stroll through memory lane working with a 100 Mhz box again... reminded me of what I like and hate about newer computers. I really liked building the box and it works nicely too. :)

If you have a computer that doesn't meet minimum spec, there are other software programs that could work as well. IPCop was mentioned and FreeSCO (as in Free ciSCO) can run on really low end system and got my attention. I found these from the Linux Online Distro page but they show up in other areas as well. Eitherways, choose what you want to try, and take a stab at it. If it doesn't work, then you haven't lost anything but some time. If it does work, then you can mod your Linux Firewall box. How cool would that be? :)

IPCop, just for some reason I didn't like how it looked. I dunno, it just wasn't for me perhaps. But IPCop and Smooth Wall are similar, so just choose one and go with it.
 
Last edited:
Smokeys said:
I'd like to point out that an insecure machine is still an insecure machine no matter how much you put infront of it, maybe you should spend some time and look at why your machine is insecure. Might save you some cash.
Click to expand...

Humm… Point well taken. But I am not an idiot and never open emails and such when I don’t know what they are about. My machine being on the net running a server 24/7 is my security hole. So that is why it is time for a “real solution”.

Humm, so no Netgear. I do have a Netgear NIC that I always have problems with (waste of 30 bucks).

So some here think that a seperate machine would be the best to use.

Put these in order for me...
Software Firewall (eg. Black Ice)
Hardware Firewall
Seperate Machine (ie. Smoothwall)



PS>
THANKS Smokey. The virus that I got was- Backdoor.IRC.Flood.E is a Backdoor Trojan Horse that will attempt to connect to an IRC server on port 6667. Once the Trojan is connected to the IRC server, it will await the commands from its creator.
 
gt24 said:
If it does work, then you can mod your Linux Firewall box. How cool would that be? :)
Click to expand...

Don't get me started, I already have a ROOM full of modded cases.
 
I built a linux firewall a few months back, a 486 DX with 12 megs of ram, and a 340 meg hard drive. I ran Freesco on it. I found it a really neat way to learn more about programming linux. Not that it's that hard to set up the softwae, I just wanted to reprogram it to add things like a GOOD ftp server. I eventually took it down because I could only get 2mbit bandwidth with the old computer.

I suggest trying it though. Cheaper than a new router, and infinitely adjustable. But, if you must get an out-of-the-box router, I run a Linux 4 port (BEFSR41). It runs fine for my network (3 PCs, 2 Xboxes), but I find it freezes too often (Hence the desire to build the linux box)
 
I use a SOHOware broadguard secure cable/dsl router and it works suprisingly well. Its not that expensive and has stopped everything so far. My only gripe is that I cannot do traceroutes through it.

I have a box totally exposed on the outside of my home network and that poor thing gets pounded so I know that my home addresses are getting probed.

I think they go for around 100.00 I would recomend it. I also do ALOT of online gaming and have never had a problem. I know Linksys has problems with EQ and a few other online games and you have to use port fowarding.
 
Smoothwall is great. I belonged to their email list for a while, and I never found anyone that could remember a Smoothwall firewall failing.
 
I just installed the Smoothwall 2.0 GPL beta5 (+ updates) on a Celron 366 to test. Very nice, and actually dropped my average ping by ~20 on my usuall BF1942 server. Took me all of about 20 minutes to fully install & update. Works a lot better than my el-cheapo hardware router. Virgin case too ;) Will be modded one of these days.

The new version uses IPTables. Old version used IPChains, I beleive.
 
Okay, I found some hardware. Got me an older Soyo Motherboard with an AMD 600 (Slot A!) and some ram. Have an old 8 Gig hard drive now I am ready. I do have one question. Does the hardware firewalls software (i.e. Smoothwall) communicate with your system? For example, I have Norton Security Running right now (just installed it for a temp. solution) and it is getting hammered. Would I know this running Smoothwall? And what about programs like Black Ice Defender, can they run on dedicated machines? (sure would like to try out its tracing features)

Thanks for all the HELP!
 
Black Ice has been shown time and time again to not protect machines it is on. It instead fools firewall testing programs to show that it is working but that fooling is easily removed. Gibson Research Corporation is where I got that info.

Anyways, Smoothwall will block all malitious traffic and forward what is left to machines behind it (in the Green area as it is called in the documentation, with Red being the internet). Your computer does not get hammered in any way.

However, once you finally set up Smoothwall, you remotely administer it via an internal network IP (192.168.27.1, for instance) by going to that address with a browser in the Green area by your choice of encripted or non-encripted communication. Here you can see stats on the machine and what it is doing as well as how the firewall and IDS is holding up (IDS stands for Intrusion Detection System, and is refered to as snort as well I think. It detects people trying to break into your Smoothie). You can install updates from that interface as well. Also, note, you can use web caching (have 5 computers all wanting www.msn.com? You only have to download it once!) and also DHCP (no more assigning IP numbers).

A few tips. On your green machines, set TCP/IP to use the internal IP you choose as the DNS server. You only need to fill in the primary DNS server number. Also, set your default gateway to be the same thing (this is what caught me when I was setting up my Smoothie). Another issue was that DNS wasn't working for me for some odd reason so I got the DNS numbers from my ISP and filled them in the dialup tab (being that I use dialup) and I had no more problems.

I love this Smoothie as of late... this latest virus wouldn't have touched my machine because it is patched (and besides, I use a software firewall when I am not behind the Smoothie). However, my sister and my parents have computers of their own and none of them have ran Windows Update despite me telling them to. If it wasn't for my Smoothie, I would be fixing 3 computers now. Overall, I am very pleased by the box and I wish you good luck in setting up yours!

The only issue with firewall solutions like this is that it turns the whole computer into that firewall box. You can't use a Smoothwall box to do ANYTHING else, such as an FTP server or alike. The reason behind that is for maximum security and protection. If you want to do another solution, essentially Smoothwall is a firewall and internet connection sharing, so I suppose any OS, such as a recent copy of Windows, could do the same thing while making the machine workable for other things.

Oh, if you want IP tracing, try getting NeoTrace. I really like it and it works just fine through the Smoothie. It costs money though, so it might not be for you, but then again Black Ice costs money too, so I thought to mention NeoTrace.

Anyways, rambling done! Good luck!
 
Smoothwall *is* Linux, you *could* run an ftp on the same box. But by using Smoothwall you are using the solution they rolled and they probably didn't throw in anything but firewalling.
 
You must log in or register to reply here.

Similar threads

atticusedwardsv2
power led not turning off, weird issue. Thanks!
Replies
1
Views
372
don256us
don256us
J
RAM overclocking issue
2 3
Replies
42
Views
2K
JLK03F150
JLK03F150
dfonda
Folks...Down for an 8 count...
Replies
12
Views
696
dfonda
dfonda
TransformedBG
Not sure if it's hardware or software at this point...
Replies
4
Views
536
Evilsizer
Evilsizer
K
need help choosing a mobo for a build
Replies
2
Views
372
EarthDog
EarthDog
Back