> I tried set one up a few months ago connected to the upmarket (Ethernet)
> ADSL modem. I am using this to provide internet access for a small office
of
> 11 people. I am well impressed it has been running since February on a 486
> without a hitch.
>
> I'm currently looking at www.smoothwall.org this looks even better than
> Freesco. It appears to claim IPSEC support which is of particular interest
> to me I will post details when I have more to tell.
Freesco is still linux-2.0.38 based, they did have IPSEC support but removed
it due to stability problems. Something that might be important is ppoe
which smoothwall has beta support for and are currently appealing for ADSL
testers (h ttp://www.smoothwall.org/dyn/news/#20010522.01). A lot of the US
DSL offerings require you to run it, I'm not sure whether UK ADSL modems use
it (if it does MTU's need to be lowered slightly to account for the extra
PPP encapsulation in the ethernet packets, otherwise most packets will be
fragmented).
Smoothwall does seem to have a lot of momentum behind it, and is very
active, it's auto install feature, makes it tempting to leave smoothwall in
NT server's CD-ROM drives.
One main difference, is that freesco is floppy based, smoothwall hard disk
based, neither are ideal. A hard disk is bad, because a router ideally
doesn't want to rely in heat generating, noisy and fragile mechanics,
particularly as it's aimed at older machines. Floppies are bad, due to the
unreliability of the medium and the low capacity. Nice would be the ability
to boot from a CD-ROM and use RAM drives without a hard disk, though this
means anything like SMTP or Browser proxy servers, need to run somewhere
else, which _is_ the right thing for secure firewalls.
OpenBSD actually has a very interesting possibility for firewalling, which
even Linux 2.4 can't match yet, that is to do packet filtering whilst
transparent bridging. A firewall which does not have an IP address you can
connect to, and it's existent is even hidden from you, makes attacking that
box problematic to say the least. Obviously an extra ethernet interface, or
a serial connection to the machine is used for management purposes.
Rob
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
This archive was generated by hypermail 2.1.3 : Thu 22 Nov 2001 - 13:13:18 GMT