[SunRescue] Router vs. PC with router/firewall software...

Gregory Leblanc rescue at sunhelp.org
Fri Jan 5 01:18:23 CST 2001 

On 05 Jan 2001 00:38:17 -0600, Mike Hebel wrote:
> Basically I'm planning for when I can get DSL into the house which is
> looking like some time in the next two months to get the process started.
> 
> I just need a good firewall/NAT solution that I either don't have to pay a
> lot for or can build myself using the spare PCs/SPARCs I have laying around.

I've gone the computer based thing, rather than a smart router.  Oh, and
I've gone that way for a few friends too.  :)

> I'm leaning towards a Linux box doing NAT/firewall but if a router will do
> that well enough then I'm open to that suggestion as well.

Go with the box, but run OpenBSD instead of Linux.  It's a whole bunch
more flexible, and a lot easier to secure.  I've used ipchains a lot,
and iptables a bit, and the stuff with OpenBSD is MUCH nicer.

> Here's what I will probably have on my Internet connection:
> 
> 4 systems used to browse the web, get e-mail, etc.
> 
> 1 e-mail server.
> 
> 1 personal news server, maybe.  Specific groups only to keep the drive size
> down.  alt.comp, etc.  (I wonder what it costs to subscribe to a news feed?)
> 
> 1 web server.  For family updates, personal rants, etc.
> 
> 1 VPN machine.  (Thank any supreme being that you might name - speakeasy.net
> is in my area.  They don't care what I run.)

VPN in, or out?  using ipsec?  processing power is nice to have on these
boxes...

> 1 bnetd or FSGS server. (BattleNet) Personal use only.
> 
> 1 ftp server.  Personal use only.
> 
> 1 DEC MicroVAX II - telnet.  Just because I want it on the Internet. ;-)
> 
> There may be other things somewhere down the road but those are the basics I
> want.

I'd definately go with the computer, as it will give you a bit more
flexibility.  Plus, routers are generally not that fast at packet
filtering, and expensive.  I put my firewall/router box together for
exactly $0.  Somebody gave me an old 486-50 with 16MB of ram, I grabbed
a couple of ISA network cards that I had laying around, and installed
OpenBSD.

    Greg

More information about the rescue mailing list