|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] Hardware firewall recommendations?
- Subject: [NMLUG] Hardware firewall recommendations?
- From: _sarang_ at sarangworld.com (Sarang Gupta)
- Date: Sun Feb 5 21:21:27 2006
Does anyone have recommendations for a simple, 2+ port, inexpensive,
home-use hardware firewall/router? Specifics:
% The firewall/router would sit behind my cable modem, accept a public IP
address (via DHCP) from the cable modem, and pass on NAT'd IP addresses to
two machines, so that both machines could access the Internet via a single
cable modem.
% I don't run servers at home, so all incoming packets should be replies
to packets I've sent out-- all "unsolicited" packets should be dropped.
% The firewall/router should log the time, IP address, and port of all
outgoing packets (ideally w/ exceptions for a set of "trusted" IP
address/port combinations I specify), ideally storing these on its own
hard drive. This log should include UDP, IPX, and other non-TCP packets.
I'm particularly curious to see what packets are being sent when I'm away
from the computer (I run cron jobs, continuous ssh sessions, realize that
browsers will reload pages w/ "refresh" set, etc, so this traffic won't be
zero-- but any unrecognized packets when I'm not at the computer will be
highly suspicious)
% The firewall/router should ideally be configurable only via a hardwired
connection (eg, COM port using minicom). Less ideally, machines on the
inside should be able to configure the firewall/router. Configuration from
outside (even w/ a password) should not be allowed.
% The firewall/router should block (or, ideally, redirect) packets to
certain IP address/port combinations I specify.
% I looked briefly at AlphaShield (alphashield.com). It's a bit too "black
box"y, I don't trust it's "artificial intelligence", it doesn't seem to do
any logging, and they don't have a good technical explanation of how their
device works (you have to register just to get a white paper!). However,
this is close to what I'm looking for -- a simple firewall (no VPN, no
tunneling, no DMZ, no opening specific ports, no multiple routes, etc)
for computers connected to the Internet as "clients". IE, what I need is
something much closer to an AlphaShield than to a PIX.
% I realize that Linux itself can do a lot of firewalling, and that I
could use IP masquerading to connect multiple machines to a single cable
modem connection. I even feel a bit rube-ish considering a hardware
firewall. However, if my Linux box has been compromised, using it as a
firewall would be a false sense of security. I'd rather have a clean,
single-purpose, harder-to-crack device monitor and block packets.
--
Sincerely, Sarang Gupta (_sarang_@sarangworld.com)
Backup Email: sarangorama@gmail.com
|
|
