Linux Firewall or Netgear

I myself would go with the hardware device.

You may want to look at the WatchGuard SOHO 6 line that is a real FW appliance.

You can get them at a good price at CDW.

Duane :)

The choice is yours really, a PC running a firewall or a small appliance that is a very low-end firewall that supports IPSec tunnels between points.

Your connection, is typical of a small office. I would have expected that with the price of 200 Advanced Server that they could have afford a first class firewall, but your choice of the FVS318, while not a upper end firewall, does offer most of the needed features of a high end NAT box that will protect them.

Neither, you need to pick the one you are sure you can setup based on the rules you determine will protect their network. If you pick something new, something you've never worked with, you may not configure it properly and it may leave them exposed.

2000 Advanced Server can be setup as a VPN Server and supports simple PPTP inbound sessions. The FVS318 will allow you to setup inbound PPTP sessions mapped to the server. Don't use the device to for VPN to the network, use the server.

One that you have experience with that you know can secure their network, one that you are SURE you have setup correctly.

This is where you may be screwed when it comes to VPN's. If you don't have a static IP then you will have to find a means to let you know what the new IP is (Dynamic DNS registration service).....

I can't understand how the client can "afford" windows 2000 Advanced Server but can't afford a business class internet connection or a business class firewall device?

If your network is home-based and small enough (10 protected IPs or less), you can get a free home user license for Astaro

and run up an ICSA level-4 corporate certified firewall. For $79 a year, Astaro will also give you a license to enable all the firewall's subscriptions features (IDS/IPS, Antivirus for Web, Antivirus for Email, Antispam, Content filtering, etc). All you need is a machine to run it up on, almost anything will do as long as it's not TOO old. I use Astaro here at my home and it totally rocks -- I also use it to protect several corporate networks and I wouldn't use anything else. Too bad Astaro doesn't do much national advertising, they could really clean up.

Hi

I was in the same situation, I setup a small network for my fiance, she had a $300.00 Symantec hardware wall (which I found to be a waste of 300) going through a linksys wireless AP. Some lill idiot kiddies started lots of flooding and DDOS attacks, the logging and options I had on the hardware device was very limited and very annoying. Also even tho I updated the darn thing constantly it died under these conditions. Ive now replaced it with a P3 IPCOP box with some addons installed. I get daily emails of my IPTABLES logs, IDS logs and proxy LOGS (any unwanted sites visited) This box sits n laughs at the DDOS's and the like.

I have found it not only to be FAR FAR cheaper to install a small conpact nix/bsd wall, but also the options you have as far as logging apps and the like that you can put on the box outweigh the hardware option.

For a large network ofcause you may want to go for an expensive hardware wall like a PIX or the like. I think for a 10 or even 20 PC lan a Smoothwall or IPCOP install is very well suited. If you plan on installing such a wall, take a look at the addons like Addons Server 2.2 from:

(with Squidguard)

Or

which works with either IPCOP or Smoothwall.

Cheers n goodluck

Sheldon

Hi thanks both of you. and thanks for the links.

Cause of you info I have decided to go the software root. but now I am unsure which software to go for, Smoothwall or IPCop.

Which one is best for a small network? Win2000 Adserv and 4 XP clients.

Thanks for all your help so far.

Paul

Ask yourself this question - if you don't know the answer to the above, if you don't have any experience with either application, why do you want to trust them until you've learned about them?

At least get a cheap router, install it, then setup your firewall application on a system and learn how to use it. With this method you can forward ports from the public network through the NAT router to the server AFTER you get setup and determine that you understand what you are doing. You can also use the NAT box to act as the first layer and allow you some breathing room and initial blocking.

If your choice lies between IPCOP and SMOOTHWALL id suggest IPCOP. No offence to Smoothwall, IPCOP just has much more going for it, you can pretty much imagine this for yourself when smootwall is the free version of a commercial product. Even ol Dick Morrel now supports IPCOP.

Cheers

Sheldon

Everyone has their favorites in this business and I learned years ago not to become TOO opinionated. Astaro remains my absolute favorite right now, and it's free for home use. Just go to Astaro's site and download the ISO file. They also have a very active user bulletin board at

Lots of people on that site, many of them home users, will tell you that Astaro blows everything else away.

Happy Holidays!!

FW_ENgineer I completly agree with you on that. Generally all the well known nix/bsd walls are good, from Mandrakes old SNF/MNF to Smoothwall to Astaro to something bootable like netboz. They all are good in their own ways, Ive used astaro for a while about a year ago, its a good little product, I have fallen back on IPCOP tho just due to the fact that it does more require as much hardware as Astaro and seems alot more simplified. I've passed the days of having something like Mandrake MNF installed, the likes of IPCOP take less than 10 minutes to setup.

I think it is true not to fall into the camp of "this is the best one". The only real way to find out whats for you is to try them all one by one.

Cheers

Sheldon

Thanks everyone for there help. I have decided to opt for IPCOP. I was originally going to use Smoothwall which I had read a tutorial on. I'm going to look for some, but can anyone point me in a good direction for info/tutorial on IPCOP. I would like to be fully immersed in it before I attempt installation.

Thanks again for all your help.

Paul.

Hi

On IPCOPs site there is alot of FAQ's and info, there is also IPCOP IRC servers and FORUMS. The Authors are also really nice n real helpful to any query you may have.

IRC: irc.freenode.net; channel: #ipcop

Cheers

Sheldon