Protecting Home Network

[Jamo]

Hi,

My from the University I study I will get access MSDNAA and I can basically get one of each product for free, like Server 2008, Exchange server etc. A lot of stuff anyway.

So I might be interested to install and configure microsoft forefront threat management gateway 2010 and use it as a firewall for my internet connection at home. It might be a overkill, but a good firewall and malware protection would be nice. However I dont have that powerfull machine to run it, Im hoping to install it to HP 7700p, which I got for free from work.

But Im not sure I it's good idea to use microsoft forefront threat management gateway 2010 at home, with no domain, so Should I try first some opensource products? like smoothwall etc?

any opinion ideas thoughts?

[mubix]

My personal preference is pfSense. BSD based, fast and easy to use. And I have it running on an embedded system currently so I doubt you'll have any problems running it on anything you want.

[Jamo]

Well I think that My biggest problem setting that kind of server is that Im using dd-wrt wlanAP and it shares dhcp so if I put that between modem and wlanRouter it will see just one client. Ant it currently has just one LAN card...

[int0x80]

Can you bridge the NICs in your gateway box and insert it inline between the AP and modem? I did this with the first firewalls I built; one was OpenBSD with pf, the other was Linux with grsec/PaX/ebtables/iptables. This is fine for locking your front door, but what happens if Aurora Borealis breaks out in your kitchen?

[Jamo]

Yea I get your point :D

Actually I might not be looking just for a firewall product.

Im actually more interested on setting up this server which would work as a firewall, caching websites, maybe block ads, and that I wound connect to it using OS'es included proxy, so I would be able to use internet without the need of using that device.

Sounds like squid :D

[Infiltrator]

Yea I get your point :D

Actually I might not be looking just for a firewall product.

Im actually more interested on setting up this server which would work as a firewall, caching websites, maybe block ads, and that I wound connect to it using OS'es included proxy, so I would be able to use internet without the need of using that device.

Sounds like squid :D

2 options you could set up a firewall box using Iptables and then install Squid for web caching.

Or install Untangle, it comes with all the options you need, some of those will have to be subscribed for.

[The Sorrow]

Ive used pfSense for a while now and feel it is the smoothest and most reliable with the easiest learning curve. Ive tried smoothwall and untangle and they're just akward for me. Advice: Try em out on VMWare. Find what you like.

[macrohard]

I've used Untangle for quite awhile now, but lately its been getting a little too buggy for my tastes. I too was curious about PFsense and how easy it was to configure.

[Infiltrator]

I do have to agree that Untangle does have its downside sometimes, but with too many Linux Firewall distros, you just have to try them out and see which one suits your needs.

1) Smoothwall

2) ClearOS

3) Untangle

4) Pfsense

[Jamo]

Well as I have only one network card available I can't use it as firewall + modem, so Im now configuring http://www.howtoforge.com/squid-proxy-server-on-ubuntu-9.04-server-with-dansguardian-clamav-and-wpad-proxy-auto-detection Squid ClamAv and dansguardian on VM. It seems to be working well, yet It makes internet quite slow, and blocks a lot of sites. Im not sure if it's because of clamAV or something else.

EDIT:

Actually I now have privoxy insalled with https://aur.archlinux.org/packages.php?ID=43861 AdBlock Plus block sites and it works realy well. Tomorrow Ill try to get squid and privoxy to work so it can cache websites and block ad's.

Edited January 2, 2012 by Jarmo

[Jamo]

Hi

I heard about this great firewall os from Tekzilla. It's called astaro and it offers one of their products free for home use. http://www.astaro.com/landingpages/en-worldwide-homeuse

It will work as Firewall, cache http sites, scans web traffic for malicious content, etc. Just what I wanted.

And it's license last's till 2015 and you should be able to get another free license after that.

[The Sorrow]

Hmm... makes me wonder if you can make a router-on-a-stick sort of setup with some sort of a firewall application...

[Jamo]

Well I think that you could install it and actually any OS to usb stick, so it could be possible to get firewall on usb stick. You'll just need two Ethernet cards for a computer to use as firewall.

And btw I ended up purchasing another Ethernet card for my setup.

[Infiltrator]

Well as I have only one network card available I can't use it as firewall + modem, so Im now configuring http://www.howtoforge.com/squid-proxy-server-on-ubuntu-9.04-server-with-dansguardian-clamav-and-wpad-proxy-auto-detection Squid ClamAv and dansguardian on VM. It seems to be working well, yet It makes internet quite slow, and blocks a lot of sites. Im not sure if it's because of clamAV or something else.

Squid uses I/O to serve the cached pages, the faster the I/O the less time it takes for a page to load on your end. You will need to invest into a faster HDD or better yet an SSD for optimum performance.

I would also suggest running Squid by itself with no other services running, the more services, the more hit in performance your VM will take. Also make sure you have allocated enough RAM, ideally between 2 to 3 GB of RAM.

I would also suggest, If you have more than one NIC available on your computer/server, to assign one of them to the VM. Dedicating one of the NICs will improve speed and delivery of the content.

Edited January 7, 2012 by Infiltrator