Nice. My firewall is an old Compaq machine.
So I was really bored this weekend and I decided to rebuild my firewall box and add some stuff to it I had laying around. Its really pretty stupid and was totally over kill for a old firewall box however I say "So what", "who cares" and "I had fun doing it". Anyway I started with a dell dimesion 2300 I got at the flea market for 50 bucks. It only had 128mb of ram so the first thing I did was bought 2 sticks of 512 kingston PC-133 ram for a total of 1 gig which is the boards max.
Next as there were no nic cards in the board I went out a purchased 4 nic cards 1 for WAN, 1 for wired LAN, 1 for wireless LAN and the last one is not yet being used but the idea will be a DMZ for a web server or something. The idea behind multiple nics is that I can create firewall rules which prevent the subnets from reaching each other. So for example even if someone manages to hack my wireless network they will only be able to reach the internet and not my wired network because the wireless subnet is not allowed to talk to the wired subnet.
Ok so I got the 4 nics installed. One snafu I ran into was the stupid dell machine would not boot with more than 2 of the PCI slots filled even though there were 4 slots. This was extremely annoying and baffled me for a few days until I finally had the bright idea to update the bios. ok so now I was booting with 4 nics
Next I decided to use the openbsd operating system due to its PF (packet filter) I'm not going to go into all that but its by far the best opensource firewall solution. Its what they use to secure the defcon network every year.
Ok so I got that installed and configured and then I noticed there is only a old crappy heatsink on the cpu and not one fan in the whole box! WTF
So the next order of business was to do some thing about that. Now this is where I went overboard a little. Rather than go out and spend any money on a aircooler I decided to use this "all in one " water cool system I bought from a kid at school a while back. It got shitty reviews and I was probablly never going to use it on a real computer due the the fact that the radiator was small and only had 1 fan so I though what a great opportunity to put some old hardware to good use.
Since I was going to do that I decided to rip the whole computer apart and start from scratch. I painted the whole thing black, moved the location of the hard drive and replaced almost all the wiring. I then added the cpu cooler. I know its silly but who cares. Anyway I just thought I'd make a little post about the project because I had a lot of fun and built a firewall that can rival most 5000 cisco firewalls as long as the user configures it correctly.
Cost of Project est.
Dell computer = $50
4 nic cards = $80
2 sticks of PC-133 mem. = $100
coolfactor = Priceless
Here is a pic of the finished product
Nice. My firewall is an old Compaq machine.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Just a little tidbit.
Intel makes a Dual and Quad NIC card. Many times you can pick them up real cheap on Ebay.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
That's great! I use an old P3 Gateway for firewall just need to add some memory to it and I'll be rockin' it.
Gonna check out that openBSD packet filter! Thanks.
I don't know if anyone else is interested, but if we are on the subject of custom firewalls I'd like to see if you are doing anything interesting or unique with your rule set. I have made a few Iptables firewalls, one with a single packet auth system that would dynamically open a port for the ssh server.
I just recently built a vmware freeBSD machine so as to learn more about pf and would be interested to see how you or anyone else for that matter is using pf.
sure thing. pf and openbsd are unique in that it is possible to bridge the LAN nics to the WAN nic so that if you have a stand alone box like I have then the firewall in essence has no IPs on the LAN therefore it is impossible to attack. I got all my help from wyze and PrairieFire who were already implementing such a system.
@ pureh@te &/ wyze :
Any chance you can post your pf.conf? I'm at a similar project and it would
help me a lot to see some real configurations, not only the manual examples.
My issue is the following:
I have a box that has a ppp connection via umts and i want to share this connection to the network (wireless & wired).
The only payoff i've got so far is to ping an url from a wired client, so dns therefore is working.
Any other attempts fizzled so far.
I would really appreciate if anyone can help me with the pf configuration or post your pf.conf.
Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:
* post your question to a forum where it's off topic
* post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
* cross-post to too many different newsgroups
* post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem