ChristianR

iTrader: (1)

All it is needed is to listen on port 25 and 443 on the internet for a lan, and forward it on to the relevant server.

Gedi

A Linux or BSD box running on an old machine. Say a 133MHz.

Cost - about £20

Failing that any you can always go the boring way as most people do and buy a router with packet inspection built in. Most home routers come bundled with a switch for the added security of a switched LAN.

It'll never ever compare to a well built unix like system though. These home routers are pretty easy to bypass.

ChristianR

iTrader: (1)

this is for a corporate network, not home.

But can't be too expensive (it is a charity), and they do not have the room for another box.

[Edited by ChristianR - 11/19/2003 1:33:17 PM]

Gedi

I normally work with IPTables and CiscoPIX stuff, but your situation rules them to out.

I have heard good reports about some of the netgear security routers. I did actually install a 318 for a friend a while ago that seemed good.
Only downsides I found were:
- I don't like HTML configurations. Too restrictive
- Although they did have a command line config method, it was not really supported and I wasn't familiar with the commands. Nothing like a cisco counterpart
- I like to add my own IDS sigs for checking packets, can't beat snort.

TolTec

You could have a look at Gnatbox (just do a search for a supplier). There are plenty of similar devices, I mention this one because we use one of the bigger ones for the college I work at.

The smallest is under £1000.

Depends on what you mean by cheap really.

BATNIEC - Best available technology not involving excessive cost

CATNIP - Cheapest available technology not involving prosecution

Jeff Wiltshire

Christain..

10 User SonicWALL TZ170 runs to £450+VAT....any good ?

Gedi

No price mentioned.

Agreed with the above comments, both systems are good.

The netgear I mentioned are only about £50.
When you said charity, I expected minimal costs.

Looking in the price range they mentioned, I would go with a cisco setup. Something like this

TopBanana

Does the netgear support port mapping?

Gedi

yes

AFAIK, pretty much all home routers do.

TopBanana

My DSL-504 doesn't

carl

Surely you'd be better off 'acquiring' an old PC, sticking a couple of NICs in and installing Smoothwall?

Gedi

deinitely a good idea. Esspecially as hardening a linux box from scratch is best left to the security pros. However he said there was no more room for another box

If you do decide to go down this route, make sure all the packages that come with it are up to date. Recently smoothwall 2.0 came with a vunerable version of snort (pre 1.91) a while after it has been announced. Bad advertisement for a security orientated system.

ChristianR

iTrader: (1)

thanks for the views will take a look at what has been mentioned.

dsmith

Best option imho is a MiniITX PC running Smoothwall from Compact flash - no moving parts but all the flexibilty and performane of smoothwall.

Can be bought all pre-built and tested from www.linitx.com

e.g.
http://linitx.com/shop/product_info....5635e10d957c6c

Deano