Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#258030 - 11/06/2005 02:24 Firewall features
muzza
Pooh-Bah

Registered: 21/07/1999
Posts: 1765
Loc: Brisbane, Queensland, Australi...
Hey all,

My Dad's finishing some renovations this year and is thinking of getting some uni boarders next year and we got discussing internet connections.
What I'd like to put in is a firewall/ router box to share the internet connection (Telstra Cable). We figured out his needs are:
- privacy, each person cant see the others - (Easy, subnetting, filtering)
- logging, Telstra slows the connection to 28K at 10 Gig/month.
- rate shaping (QoS), when a person DLs 3 gig or so, their connection is slowed to make it fair on everyone else.
- easy monitoring - including personal accounting system for each boarder
- email notification of abuses/limits

I'm looking at something like Astaro or SmoothWall.
Does anyone have any suggestions?
_________________________
-- Murray I What part of 'no' don't you understand? Is it the 'N', or the 'Zero'?

Top
#258031 - 11/06/2005 08:20 Re: Firewall features [Re: muzza]
StigOE
addict

Registered: 27/10/2002
Posts: 568
I'm using ClarkConnect myself and I'm quite happy with it. I'm not sure of all the features at the moment, so I'm not sure if it will do everything you want...

Stig

Top
#258032 - 12/06/2005 03:23 Re: Firewall features [Re: muzza]
Shonky
pooh-bah

Registered: 12/01/2002
Posts: 2009
Loc: Brisbane, Australia
Although it won't do what you're asking out of the box, I second the recommendation of ClarkConnect as a firewall. I use it at home and used it at work until the hardware died.

To acheive true privacy you'd need separate ethernet interfaces.
Clarkconnect does do squid logging i.e. web proxy only. But it does not do logging of all traffic.
CC doesn't do any sort of accounting/monitoring/notifications that you are asking for.
CC has the bpalogin client for Telstra broadband as an option which makes things easy.

CC is linux based though so it's possibly a good starting point but you'll need to put in a bit of work yourself to reach your goals.

BTW: Telstra slows to 64kbps after 10GB. Optus slows to 28kbps.

There might be a better suited distro, but when I was looking I tried almost everything. I used Smoothwall intially but it's just a basic firewall/router. It doesn't have any of servers like mail and web like ClarkConnect.

I really didn't like Astaro, SME, Mandrake firewall or any of the others I looked at or tried.
_________________________
Christian
#40104192 120Gb (no longer in my E36 M3, won't fit the E46 M3)

Top
#258033 - 12/06/2005 06:44 Re: Firewall features [Re: Shonky]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Quote:
To acheive true privacy you'd need separate ethernet interfaces.


But you could get most of the way there by just putting a cheap switch between the users and the network. At least then they can't see each other's traffic.

Quote:

I used Smoothwall intially but it's just a basic firewall/router. It doesn't have any of servers like mail and web like ClarkConnect.



The guys at Smoothwall would of course point out that the lack of mail/webservers on their firewall is in fact a feature
_________________________
Remind me to change my signature to something more interesting someday

Top
#258034 - 12/06/2005 07:07 Re: Firewall features [Re: andy]
Shonky
pooh-bah

Registered: 12/01/2002
Posts: 2009
Loc: Brisbane, Australia
Quote:
Quote:
To acheive true privacy you'd need separate ethernet interfaces.


But you could get most of the way there by just putting a cheap switch between the users and the network. At least then they can't see each other's traffic.


True. And cheap switches are super cheap.

Quote:
Quote:
I used Smoothwall intially but it's just a basic firewall/router. It doesn't have any of servers like mail and web like ClarkConnect.



The guys at Smoothwall would of course point out that the lack of mail/webservers on their firewall is in fact a feature


Yeah I know and that was one of the issues I had. The majority of distros are aimed squarely at firewall/routing functions only. The correct thing to do is run the servers behind the firewall. However for a home situation, I could't justify running two separate machines. Security wasn't that much of a concern for me. And it's been up for about 2 years and hasn't been hacked yet.
_________________________
Christian
#40104192 120Gb (no longer in my E36 M3, won't fit the E46 M3)

Top