Casey Bralla on 3 Jul 2017 11:57:44 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall choices for a small software development business

On Monday, July 3, 2017 2:40:05 PM EDT K.S. Bhaskar wrote:
> Both Comcast and Verizon are available on the building, and I haven't
> chosen one.
> This e-mail is to solicit opinions about a firewall. 
> It seems to me there are three choices:
>    - Buy a router (discussed on the list recently), or perhaps
>    ​flash ​an existing router from OpenWRT 12.09 to a newer release.
>    - Get a dedicated PC and:
>    ​​
>    - run a specialized distro like IPFire or ClearOS; or
>       - run a general distro like Debian Stable and a firewall like
>       Shorewall.
> Comments, suggestions, and recommendations welcome. Thanks in advance.

I have a comcast business account.  As far as I can tell, they don't filter 
anything (which I like).   You didn't say what internet services (if any) you 
intend to provide, but I provide DNS, eMail, and Web servers.  I therefore set 
up Shorewall on a stable Debian system with 3 interfaces (Internet, DMZ for 
the servers, and Local for internal use).

I chose Debian because I am familiar with it and that removes one complication 
from the setup.   

I found Shorewall VERY easy to setup and customize.  Their online docs are 
excellent, with lots of examples that mimic my setup.  The only problem I 
faced was mapping my NICs to eth0, eth1, & eth2 after I had replaced them  
with gigabit devices on a running system and all the assigned names changed.

BTW, I did have problems with outgoing SMTP mail.  Many recipient servers 
block whole ranges of IP addresses to prevent spam, and my IP was within one 
of those ranges.  This meant that some of my outgoing eMails were simply 
dropped, and I never knew it.   I therefore relay all my outgoing eMails 
through comcast.  They allow up to 1,000 eMails per day outgoing, which has 
always been plenty for me.

Good luck!


Casey Bralla
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --