firewall distro

[ot]donkey applauds AT[/ot]i still listen to people who claim to know nothing about computers because I personally am still always learning, even so, i think you'd have more luck at the laundrette than PCWorld if you wanted advise

BTW: mega has also gone up in my estimation, yeah, i know he has always known more than me, but BIG respect for stating you opinion & standing by it, & hopefully i will keep learning

Edit: @AT i also welcome rational discussion on difference of opinion

 

If you wanted, you could always build a Soekris box...

 

[ot]
Is the firewall box sitting between the ADSL modem and the LAN (or single PC for argument sake)? or does the firewall box include the modem? If so, what would be a good PCI ADSL modem to go for?
[/ot]

 

i've never built one, but, yes it does make sense to build it like that

i've looked & PCI ADSL modems are not easy to find (at least in UK) so, i would assume you use a standard modem / router like you have

 

Fair points by everyone. I'd certainly be interested in comparing power usage, between PSUs as well. I've bought some PSUs for various projects / studies not because of how powerful they claim to be, but by how efficient they are. I did this because the study PCs were going to be run 24/7 and an more efficient PSU should, in theory, save a bundle on electricity costs. But I've never actually seen charts to compare say, a router with a PC, or a Pentium 2 based PC up against a Intel Core. That'd be quite interesting. I don't run any computers 24/7 in my house so I can't make any comparisions.

Moving back to the "reasons for Donkey not to use IPCop" discussion (and by the way, I really do like IPCop :chk, has anyone considered the noise pollution?! I don't know what size house Donkey has or where his firewall is located, but if he were to set up IPCop on an older machine and place it in the lounge, he'd have the sound of a boeing 747 taking off and landing 24/7! I've not yet found a machine quiet enough that I can bare leaving on 24/7 and stay in the same room as it! Sure I don't mind if I am using my computer, but if I am watching TV and the PC is left on it drives me insane after a while!
Sure there are workarounds like watercooling or a specialised "no noise" PC, but then we are looking at a higher price range. At that point, the advantage / disadvantage of IPCop starts swinging toward the dedicated hardware firewall.

If I remember correctly, I think IPCop has some ADSL modem functionality, but as Donkey said, finding the hardware might be tricky.

Certainly the more common connection would be the ADSL modem running transparently, passing all traffic to the IPCop firewall. IPCop would then act as the default gateway for the LAN.

 

Right. Plus, the CPU isn't going run at full-bore probably ever on a *nix-based firewall appliance, so that makes it even tougher to gauge. It would be an interesting study, but for now, suffice to say it's pretty close in terms of overall power consumption.

Mine is built from a little business-class IBM Aptiva, which is small form-factor and nearly silent. You cannot hear the fans from further than 8" away. My last one was a little louder since it was an AT with some 80mm fans, but even so, I couldn't hear it over the hum of traffic outside or the nearly constant rumble of military aircraft overhead (I live in San Diego, FYI). If you're a total noise-freak, it might be worth it to either use low-RPM fans or large-diameter ones.

Yeah, IPCop does have full ADSL capabilities. I'm not sure about the popular BSD-based firewalls like m0n0wall though; they may only care about IP stuff, not ATM.

In IPCop most PCI ADSL cards will work just fine for this purpose, though here in the states there isn't much price difference between a new PCI ADSL card or a standalone ATU (aka "DSL modem"); that is to say about $30.

That's how my current box is, but I have setup a few PCI-based ADSL modems in IPCops in the past. It's as simple to setup as a PPPoE or Dialup connection, no big deal.

BTW, just to make my own position clear, I'm not saying "IPCop/m0n0wall/PFSense/Untangle/whatever is best for everyone!!1" What I am saying is that for power-users, building their own firewall out of commodity hardware and free software is the most powerful, cost-effective solution you can hope for. Home-grade routers are barely suitable for most purposes, so if you want to get the most out of your network, I recommend a custom firewall appliance instead. If you don't care whether BitTorrent chokes WoW or whether the little plastic router is programmed to reboot automatically every 12 hours, then any old off-the-shelf plastic router will do just fine. People who just surf one user at a time and get email probably wouldn't even notice a difference.