Options for a 24-port firewall?

• Previous message: Options for a 24-port firewall?
• Next message: Nov 9: BayLISA Peninsula Meeting: Email/Collaboration Tools in the Workplace
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How about a linux box using the built-in gig NIC connected to a $300 24-port 
switch that supports 802.1q VLANs (e.g. netgear FSM726).  You run linux with 
8021q module and iptables.  If you're feeling fancy, use two e1000s in a 
pair under ANS.  Voila.  24 port gigabit firewall -- $1000.

P.S.  You will fail when you try to make this HA using VRRP.

-- Henry

----- Original Message ----- 
From: "Jim Dennis" <jimd at starshine.org>
To: "Alvin Oga" <alvin at Mail.Linux-Consulting.com>
Cc: <baylisa at baylisa.org>
Sent: Tuesday, November 08, 2005 3:33 AM
Subject: Re: Options for a 24-port firewall?


> On Sat, Oct 29, 2005 at 07:20:05PM -0700, Alvin Oga wrote:
>
>> hi ya michael
>
>> On Sat, 29 Oct 2005, Michael T. Halligan wrote:
>
>>>> On Sat, Oct 29, 2005 at 01:21:53PM -0700, Michael T.Halligan wrote:
>
>>>>> I'm sitting around, analyzing my firewall needs. My needs are pretty
>>>>> simple. I need to be able to throw a lot of customers on their own
>>>>> 100mb firewall ports. Most customers
>>>>> will never use more than about 3 mb/s. Given this, I expect the
>>>>> overall throughput for 24 customers, given some flux, to be about
>>>>> 150mb/s.  Ideally, I'd love to throw Linux or
>>>>> OpenBSD onto a box that has 1/2 dozen quad ethernet cards.. I'd also
>
>> motherboards with 6-pci slots is harder to find but if you're not
>> locked to a particular cpu or mb vendor .. its doable ..
>
>> yo'd probably want pci-x instead and there's probably not many
>> choices of mb for 4x or 6x 64-bit pci slot motherboards ..
>
> Why not get a $2000 white box 1U with a couple of 4-port PCI NICs
> (at less than $500 each)?
>
> That gives you 8 separate ethernet Interfaces, 3 or 4 drive slots
> (possibly hot-swappable ... SATA or SCSI ... for software or hardware
> RAID (depends on your preferences and motherboard).
>
> Duplicate the whole mess for redundancy and your up to $6-grand.
>
> Leaves you $1500 in your budget for doing your own installation,
> configuration, testing, or buying around a beers with the gang.
>
> If space is not an issue then get a couple of 3u servers with three
> or four PCI slots and fill those with the 4-port wonders.  12 to
> 16 interfaces.  (I know Linux can handle those, I've done it).
> I wouldn't try doing complex SNORT analysis and logging on even 8
> of the 100Mbps ports at once ... but simple routing and packet
> filtering should be possible at full line speed for those.
>
>> openbsd would be better os
>
> The proposed solution would let you pick whatever, suits your fancy.
>
>>>>> like to keep the budget per firewall under $7.5k, which rules out any
>>>>> commerical solution.
>
>> i'd go for 2 machines instead of 1 ...
>> and seems doable for the budget .. except for the "time for home brew" 
>> :-)
>
>> c ya
>> alvin
>
> -- 
> Jim Dennis
> 

• Previous message: Options for a 24-port firewall?
• Next message: Nov 9: BayLISA Peninsula Meeting: Email/Collaboration Tools in the Workplace
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]