Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Project Firewall

  1. #1
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default Project Firewall

    So I was really bored this weekend and I decided to rebuild my firewall box and add some stuff to it I had laying around. Its really pretty stupid and was totally over kill for a old firewall box however I say "So what", "who cares" and "I had fun doing it". Anyway I started with a dell dimesion 2300 I got at the flea market for 50 bucks. It only had 128mb of ram so the first thing I did was bought 2 sticks of 512 kingston PC-133 ram for a total of 1 gig which is the boards max.
    Next as there were no nic cards in the board I went out a purchased 4 nic cards 1 for WAN, 1 for wired LAN, 1 for wireless LAN and the last one is not yet being used but the idea will be a DMZ for a web server or something. The idea behind multiple nics is that I can create firewall rules which prevent the subnets from reaching each other. So for example even if someone manages to hack my wireless network they will only be able to reach the internet and not my wired network because the wireless subnet is not allowed to talk to the wired subnet.

    Ok so I got the 4 nics installed. One snafu I ran into was the stupid dell machine would not boot with more than 2 of the PCI slots filled even though there were 4 slots. This was extremely annoying and baffled me for a few days until I finally had the bright idea to update the bios. ok so now I was booting with 4 nics

    Next I decided to use the openbsd operating system due to its PF (packet filter) I'm not going to go into all that but its by far the best opensource firewall solution. Its what they use to secure the defcon network every year.

    Ok so I got that installed and configured and then I noticed there is only a old crappy heatsink on the cpu and not one fan in the whole box! WTF

    So the next order of business was to do some thing about that. Now this is where I went overboard a little. Rather than go out and spend any money on a aircooler I decided to use this "all in one " water cool system I bought from a kid at school a while back. It got shitty reviews and I was probablly never going to use it on a real computer due the the fact that the radiator was small and only had 1 fan so I though what a great opportunity to put some old hardware to good use.

    Since I was going to do that I decided to rip the whole computer apart and start from scratch. I painted the whole thing black, moved the location of the hard drive and replaced almost all the wiring. I then added the cpu cooler. I know its silly but who cares. Anyway I just thought I'd make a little post about the project because I had a lot of fun and built a firewall that can rival most 5000 cisco firewalls as long as the user configures it correctly.
    Cost of Project est.
    Dell computer = $50
    watercooler $100
    4 nic cards = $80
    2 sticks of PC-133 mem. = $100
    coolfactor = Priceless

    Here is a pic of the finished product

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Nice. My firewall is an old Compaq machine.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Just a little tidbit.

    Intel makes a Dual and Quad NIC card. Many times you can pick them up real cheap on Ebay.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Just a little tidbit.

    Intel makes a Dual and Quad NIC card. Many times you can pick them up real cheap on Ebay.
    I used to have a four port intel nic. Had issues getting linux to see it correctly. Ended up giving it to a buddy to use in his vmware server.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by streaker69 View Post
    Just a little tidbit.

    Intel makes a Dual and Quad NIC card. Many times you can pick them up real cheap on Ebay.
    I actually thought that was the case and I asked about them at the local computer store and the dude gave me some line about bandwidth of a card like that and I was like "whatever". It wasnt a issue since I had 4 PCI slots and no need for any thing else in them but its good to know they really exist

  6. #6
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    That's great! I use an old P3 Gateway for firewall just need to add some memory to it and I'll be rockin' it.

    Gonna check out that openBSD packet filter! Thanks.

  7. #7
    Junior Member the_rooster's Avatar
    Join Date
    Apr 2008
    Posts
    25

    Default

    I don't know if anyone else is interested, but if we are on the subject of custom firewalls I'd like to see if you are doing anything interesting or unique with your rule set. I have made a few Iptables firewalls, one with a single packet auth system that would dynamically open a port for the ssh server.

    I just recently built a vmware freeBSD machine so as to learn more about pf and would be interested to see how you or anyone else for that matter is using pf.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    sure thing. pf and openbsd are unique in that it is possible to bridge the LAN nics to the WAN nic so that if you have a stand alone box like I have then the firewall in essence has no IPs on the LAN therefore it is impossible to attack. I got all my help from wyze and PrairieFire who were already implementing such a system.

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Does it work? 0o

    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    @ pureh@te &/ wyze :

    Any chance you can post your pf.conf? I'm at a similar project and it would
    help me a lot to see some real configurations, not only the manual examples.

    My issue is the following:

    I have a box that has a ppp connection via umts and i want to share this connection to the network (wireless & wired).
    The only payoff i've got so far is to ping an url from a wired client, so dns therefore is working.
    Any other attempts fizzled so far.

    I would really appreciate if anyone can help me with the pf configuration or post your pf.conf.
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •