Monowall [modified]
-
I was thinking of replacing my Zyxel Zywall2 router with a PC running a Linux/BSD-based firewall distribution. I've kinda decided on Monowall for the software end of it. Does anyone have any experience with it? The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001modified on Saturday, May 15, 2010 8:29 AM
I've worked quite a bit with a derivative of monowall, pfsense[^]. I use it at home and I've installed 6 corporate installations so far. How can I help you?
If the post was helpful, please vote, eh! Current activities: Book: Devils by Fyodor Dostoyevsky Project: Hospital Automation, final stage Learning: Image analysis, LINQ Now and forever, defiant to the end. What is Multiple Sclerosis[^]?
-
I was thinking of replacing my Zyxel Zywall2 router with a PC running a Linux/BSD-based firewall distribution. I've kinda decided on Monowall for the software end of it. Does anyone have any experience with it? The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001modified on Saturday, May 15, 2010 8:29 AM
I used to use a virtual machine with linux on it as a router for a while when the network on my vista machine went bust and I didn't have time to reinstall vista. I configured iptables directly and it was pretty messy. I did try a few of those packages where you write a configuration in an easier format and the software generates iptables rules but didn't really like either of them too much. From what I see monowall has a web gui so it might be more user friendly that ipf. Good luck :)
____________________________ I didn't know what to put in here.
-
I was thinking of replacing my Zyxel Zywall2 router with a PC running a Linux/BSD-based firewall distribution. I've kinda decided on Monowall for the software end of it. Does anyone have any experience with it? The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001modified on Saturday, May 15, 2010 8:29 AM
The last time I used a PC with Linux as a firewall was some time ago (about 7 years) when I used SmoothWall GPL. I think the newer open-source version is SmoothWall Express. It found it very easy to manage. I think that MonoWall is a fork from the earlier version and would therefore hope that it would be as easy to use.
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
-
I've worked quite a bit with a derivative of monowall, pfsense[^]. I use it at home and I've installed 6 corporate installations so far. How can I help you?
If the post was helpful, please vote, eh! Current activities: Book: Devils by Fyodor Dostoyevsky Project: Hospital Automation, final stage Learning: Image analysis, LINQ Now and forever, defiant to the end. What is Multiple Sclerosis[^]?
I don't nee help yet, I'm just toying with the idea...
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001 -
I was thinking of replacing my Zyxel Zywall2 router with a PC running a Linux/BSD-based firewall distribution. I've kinda decided on Monowall for the software end of it. Does anyone have any experience with it? The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001modified on Saturday, May 15, 2010 8:29 AM
Looks very similar to http://www.astaro.com/[^], which is free for home use. A little annoying getting all your ports and NATs setup but very nice over all.
// Steve McLenithan
-
John Simmons / outlaw programmer wrote:
my Zyxel Zywall2
is that the one that treats allergies ?
Chris Losinger wrote:
treats allergies ?
that probably would be Xyzall, by UCB. Although drug names may vary from one country to the next. :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
I only read formatted code with indentation, so please use PRE tags for code snippets.
I'm not participating in frackin' Q&A, so if you want my opinion, ask away in a real forum (or on my profile page).
-
I don't nee help yet, I'm just toying with the idea...
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001Sure thing. Installations are dead simple. If you need anything, just drop me an email.
If the post was helpful, please vote, eh! Current activities: Book: Devils by Fyodor Dostoyevsky Project: Hospital Automation, final stage Learning: Image analysis, LINQ Now and forever, defiant to the end. What is Multiple Sclerosis[^]?
-
I was thinking of replacing my Zyxel Zywall2 router with a PC running a Linux/BSD-based firewall distribution. I've kinda decided on Monowall for the software end of it. Does anyone have any experience with it? The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001modified on Saturday, May 15, 2010 8:29 AM
John Simmons / outlaw programmer wrote:
The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
Your hardware is total overkill for Monowall. IIRC, they target embedded CPU's. A Celeron 350 with 64mb RAM and a 10MB harddisk is sufficient.
xacc.ide
IronScheme - 1.0 RC 1 - out now!
((λ (x) `(,x ',x)) '(λ (x) `(,x ',x))) The Scheme Programming Language – Fourth Edition -
John Simmons / outlaw programmer wrote:
The hardware will be a motherboard with 3 PCIe slots for NIC cards, a low-power CPU, and 2gb RAM, and a small SSD (16gb).
Your hardware is total overkill for Monowall. IIRC, they target embedded CPU's. A Celeron 350 with 64mb RAM and a 10MB harddisk is sufficient.
xacc.ide
IronScheme - 1.0 RC 1 - out now!
((λ (x) `(,x ',x)) '(λ (x) `(,x ',x))) The Scheme Programming Language – Fourth Editionleppie wrote:
Your hardware is total overkill for Monowall.
Did you read their hardware requirements? This is going to support a GB LAN (with VPN capability), and to achieve decent throughput, you need at least a 2ghz cpu and a couple gb of RAM. I want decent throughput. Besides, how many embedded machines have you seen with more than one RJ-45 jack? To be a router you need at least two jacks. Since most PC motherboards I've seen only have one, that means I also need to buy at least one additional PCIe NIC, as well. As far as CPUs are concerned, it's getting tough to find something that wouldn't be overkill for a router. If I back off on the SSD and just get a laptop hard drive, the cost comes down to just over $200 for the hardware, and that's if I get a Sempron single core CPU ($32). I wonder if getting a multi-core CPU will help the VPN side with encryption/decryption... Oh yeah - try to find any of the hardware you suggested - anywhere. Celerons cannot be had, much less a motherboard to put it on (that also has onboard video and GB LAN). The smallest laptop SATA2 hard drive I could find was 80GB. Seriously... why buy hardware that's no longer supported, not to mention difficult to find? For what it's worth, I have several old Socket 939 Athlon dual core CPUs, gigabytes of DDR memory, almost a dozen "spare" hard drives, and a couple of 500-700 watt PSUs laying around. What's missing? a Socket-939 motherboard with the desired on-board components. My only recourse is to buy all new stuff.
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001 -
leppie wrote:
Your hardware is total overkill for Monowall.
Did you read their hardware requirements? This is going to support a GB LAN (with VPN capability), and to achieve decent throughput, you need at least a 2ghz cpu and a couple gb of RAM. I want decent throughput. Besides, how many embedded machines have you seen with more than one RJ-45 jack? To be a router you need at least two jacks. Since most PC motherboards I've seen only have one, that means I also need to buy at least one additional PCIe NIC, as well. As far as CPUs are concerned, it's getting tough to find something that wouldn't be overkill for a router. If I back off on the SSD and just get a laptop hard drive, the cost comes down to just over $200 for the hardware, and that's if I get a Sempron single core CPU ($32). I wonder if getting a multi-core CPU will help the VPN side with encryption/decryption... Oh yeah - try to find any of the hardware you suggested - anywhere. Celerons cannot be had, much less a motherboard to put it on (that also has onboard video and GB LAN). The smallest laptop SATA2 hard drive I could find was 80GB. Seriously... why buy hardware that's no longer supported, not to mention difficult to find? For what it's worth, I have several old Socket 939 Athlon dual core CPUs, gigabytes of DDR memory, almost a dozen "spare" hard drives, and a couple of 500-700 watt PSUs laying around. What's missing? a Socket-939 motherboard with the desired on-board components. My only recourse is to buy all new stuff.
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001John Simmons / outlaw programmer wrote:
Did you read their hardware requirements? This is going to support a GB LAN (with VPN capability), and to achieve decent throughput, you need at least a 2ghz cpu and a couple gb of RAM. I want decent throughput.
Sorry I did not.
John Simmons / outlaw programmer wrote:
Besides, how many embedded machines have you seen with more than one RJ-45 jack? To be a router you need at least two jacks.
My Routerboard 500 has 3 NIC and 2 wifi.
John Simmons / outlaw programmer wrote:
blah blah blah
:) If you want fast ports, just get a gigabit switch. The road to the internet and back will always be slow.
xacc.ide
IronScheme - 1.0 RC 1 - out now!
((λ (x) `(,x ',x)) '(λ (x) `(,x ',x))) The Scheme Programming Language – Fourth Edition -
leppie wrote:
Your hardware is total overkill for Monowall.
Did you read their hardware requirements? This is going to support a GB LAN (with VPN capability), and to achieve decent throughput, you need at least a 2ghz cpu and a couple gb of RAM. I want decent throughput. Besides, how many embedded machines have you seen with more than one RJ-45 jack? To be a router you need at least two jacks. Since most PC motherboards I've seen only have one, that means I also need to buy at least one additional PCIe NIC, as well. As far as CPUs are concerned, it's getting tough to find something that wouldn't be overkill for a router. If I back off on the SSD and just get a laptop hard drive, the cost comes down to just over $200 for the hardware, and that's if I get a Sempron single core CPU ($32). I wonder if getting a multi-core CPU will help the VPN side with encryption/decryption... Oh yeah - try to find any of the hardware you suggested - anywhere. Celerons cannot be had, much less a motherboard to put it on (that also has onboard video and GB LAN). The smallest laptop SATA2 hard drive I could find was 80GB. Seriously... why buy hardware that's no longer supported, not to mention difficult to find? For what it's worth, I have several old Socket 939 Athlon dual core CPUs, gigabytes of DDR memory, almost a dozen "spare" hard drives, and a couple of 500-700 watt PSUs laying around. What's missing? a Socket-939 motherboard with the desired on-board components. My only recourse is to buy all new stuff.
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001Jetway makes a spiffy bit of kit suited for this sort of thing. http://www.mini-box.com/Jetway-Hybrid-J7F2WE2G[^] with 3 port gigabit daughterboard[^]. Highly recommend mini-box -- have bought loads of stuff from them with no problems.
