[dba-Tech] IPCop Firewall

jwcolby jwcolby at colbyconsulting.com
Sat Jun 16 18:54:43 CDT 2007 

I currently have a router that serves just fine as a simple firewall - NAT
and all that.  However I really want to get VPN working so that I can VPN
into my office when I am out of town.  My current router does VPN
pass-through, i.e. I have to have some PC inside of the firewall running VPN
functionality and then allowing the other machines to see the VPN.  I looked
at small business and personal routers that claim to do VPN and basically it
appears to be a crapshoot.  Of those users who say they try to use VPN, 50%
say they do it no problem, the other 50% claim to have tried and given up.
It doesn't seem to matter what brand / model, they all seems to be less than
stellar.  Until you are willing to pay 300 and up for a Cisco, whereupon you
can get great reports, and comments like "great if you are a notwork guy,
hard to set up".
 
I do not particularly want to spend hundreds of dollars for a big iron
router, and I don't want a router that I have to have a notworking cert to
get running.  I kind of thought I would be able to find a Linux software
package that would do this, a "boot from cd and go".  I googled and searched
and read and studied (for several hours) and found nothing like that, not to
say that it doesn't exist.  I found a lot of "free" firewalls, but they all
seem to have dropped development a couple of years ago, no updates etc.  I
don't want that either.  I am willing to spend $50 or $100 for the software,
assuming that it is good, and easy, and I have a machine that will run it.  
 
I gave away all of my old motherboards awhile ago to a good cause.  So I
have two machines left that fit the bill, both are MSI K8N Neo Platinum
motherboards, nForce3 250g chipset with Athlon 64 3ghz processors.  Should
be way more than the Linux needs for the application.  I actually got IPCop
to install, but it is a royal PITA I can tell you that.  If you make a
mistake anywhere it wants to reboot (forces you to reboot) and then has to
reformat and build two partitions, copy files, 10 minutes of crap just
because you didn't get something right.  Or maybe not, who knows.  I am not
a Linux guy, and to be honest don't want to be a Linux guy.  I wanted a
package I could boot, configure and forget.  I dicked around with IPCop for
2-3 hours last night and then for some unknown reason the machine decided to
not boot any more (won't even post).  
 
So I am moving on to other things ATM.  2-3 hours is already more of my time
than I want to spend and I never even got to the configure point.  
 
Silly really.

John W. Colby
Colby Consulting
www.ColbyConsulting.com 

 

  _____  

From: support at cheqsoft.com [mailto:support at cheqsoft.com] 
Sent: Saturday, June 16, 2007 6:26 PM
To: jwcolby at colbyconsulting.com
Subject: Re: [dba-Tech] IPCop Firewall


Hi John
 
I graduated from IPCop to monowall and pfSense, based on FreeBSD, much the
same idea as IPCop, but arguably better in may respects.
 
Particular differences are pfSense is preferable if you are serving from
your LAN and wish DNS to work properly, otherwise monowall has less hardware
requirement.
 
Can run from CD and floppy disc, with config all in xml.
 
I run from IDE / CF card without a HD at all.
 
What are your requirements?
 
For some reason the list is rejecting my email, something about
relaying...???  Can you forward to the list?!  (It might be our ISP email
server being down though)
 
Kind regards
David Hingston.

More information about the dba-Tech mailing list