First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
More specialty Linuxes to the rescue
- — 25 February, 2009 08:19
IPCop has no specific hardware requirements other than that the host be i386 based. (An earlier release supported the Alpha processor.) Documentation even boasts that obsolete hardware is frequently used to host an IPCop system. The system comes with a number of services: intrusion detection via Snort, the IPSec VPN system, and Web caching via squid. Perhaps its strongest feature is its wide range of status and logging information. IPCop produces real-time scrolling graphs of CPU usage and memory usage, as well as traffic statistics on each of the colored networks. You can also view a table of all connections established on each network.
Setup time is less than a half hour (depending on the complexity of your network), and the online documentation is sufficient even for someone setting up a firewall for the first time.
With m0n0wall Linux, the hardware platform of choice is an embedded x86 PC, so it's no stranger to small memory spaces and modest processor power. The system officially supports embedded PCs from Soekris Engineering and PC Engines. Nevertheless, m0n0wall can run on a stock x86 PC. Documentation indicates that m0n0wall will live happily on a 486 with only 64MB of RAM.
When m0n0wall boots, the host system's screen displays a rudimentary text-based menu good only for setting fundamental parameters such as network cards' IP addresses, the administration GUI's password, and so on.
m0n0wall assumes two networks, WAN and LAN, each on its own NIC. The WAN is the unprotected, outside world; the LAN is the protected, private network. As with IPCop, interaction with m0n0wall is via the administration Web user interface, webGUI, available at a pre-defined IP address on the LAN side. The webGUI is well arranged in a two-frame format: The left frame holds the navigation pane, while editing takes place in the right frame.
From the webGUI, you have complete control over the system. This includes operations such as creating VPN and PPTP tunnels (m0n0wall comes with a PPTP server); configuring the DHCP server; and defining firewall and traffic shaping rules
The last item is the most interesting. You define firewall rules through a fill-in-the-blanks-style Web page form. Select the action (Pass, Block, Reject), the associated network interface, and the protocol to which the rule applies. You then enter filtering restrictions. For example, you can specify that a particular rule block packets coming from a range of source IP addresses or bound for a range of destination IP addresses.