linux box or appliance

can anyone suggest the pros of having a linux box.. debian 3.1 with
iptables or ipcop versus something like a pix 501 or AT ar440.. The
cable modem would connect to the fw, then I would need lan for the
desktop pc and a lan for a web/mail server, the server would actually
be more tied down than the desktop as only web and mail ports would be
open..

all i really need is to have the fw running nat, denying everything
bar web/mail stopping syn attacks and dos and stuff..

the server I have is a fairly old rackmount with dual power supplies
so its noisy, large and fairly power hungry, whereas an appliance is
small quiet and easy on the power.

anything a linux firewall can do that a pix cant?

Flamer.

Re: linux box or appliance

In article <1173318335.483438.251020@8g2000cwh.googlegroups.com>,
flamer die.spam@hotmail.com wrote:
>can anyone suggest the pros of having a linux box.. debian 3.1 with
>iptables or ipcop versus something like a pix 501 or AT ar440.. The
>cable modem would connect to the fw, then I would need lan for the
>desktop pc and a lan for a web/mail server, the server would actually
>be more tied down than the desktop as only web and mail ports would be
>open..
>
>all i really need is to have the fw running nat, denying everything
>bar web/mail stopping syn attacks and dos and stuff..
>
>the server I have is a fairly old rackmount with dual power supplies
>so its noisy, large and fairly power hungry, whereas an appliance is
>small quiet and easy on the power.
>
>anything a linux firewall can do that a pix cant?
>
>Flamer.
>

Depending on your electric rates, an old desktop PC could cost you (or
somebody) $10US/mo to operate. Your server sounds like it's much more
than that.

An old laptop is much better from this POV and it has a compact kbd
and screen that fold up and hide when not needed.



--
a d y k e s @ p a n i x . c o m
Don't blame me. I voted for Gore. A Proud signature since 2001

Re: linux box or appliance

On Mar 8, 3:45 am, "flamer die.s...@hotmail.com"
wrote:
> can anyone suggest the pros of having a linux box.. debian 3.1 with
> iptables or ipcop versus something like a pix 501 or AT ar440.. The
> cable modem would connect to the fw, then I would need lan for the
> desktop pc and a lan for a web/mail server, the server would actually
> be more tied down than the desktop as only web and mail ports would be
> open..
>
> all i really need is to have the fw running nat, denying everything
> bar web/mail stopping syn attacks and dos and stuff..
>
> the server I have is a fairly old rackmount with dual power supplies
> so its noisy, large and fairly power hungry, whereas an appliance is
> small quiet and easy on the power.
>
> anything a linux firewall can do that a pix cant?
>
> Flamer.

Hi Flamer,

I suggest switching to UTM ( Unified Threat Management) appliance
instead of using legacy firewalls like PIX-501 or PIX-506.

They have greater value with almost the same cost, but you will get
extra : Anti-Virus, IPS, Content filtering, Anti-Spam...... all in one
box!

Panda,

www.networkingland.com/utm_vendors.htm

Re: linux box or appliance

flamer die.spam@hotmail.com wrote:
> can anyone suggest the pros of having a linux box.. debian 3.1 with
> iptables or ipcop versus something like a pix 501 or AT ar440..

Greater flexibility. You can easily add/remove interfaces (for changes
in network topology, e.g. adding DMZs), run services on the box (which
is usually a not-so-good idea, but may be okay depending on the actual
network setup you have), add/remove filters for network or application
layer, etc.

The downsides are that it usually doesn't run out-of-the-box and will
probably be more power-consuming than firewall appliances.

> The cable modem would connect to the fw, then I would need lan for the
> desktop pc and a lan for a web/mail server, the server would actually
> be more tied down than the desktop as only web and mail ports would be
> open..
>
> all i really need is to have the fw running nat, denying everything
> bar web/mail stopping syn attacks and dos and stuff..

AFAICS any of the solutions you mentioned above will meet these
requirements.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: linux box or appliance

Thanks for the replies, I guess I want to try and avoid using the rack
server if possible without losing any functionality, also the server
has only one pci slot and one onboard 10/100 so a dual port ethernet
would be required which are generally pretty pricey.. where I live a
2nd hand pix 501 is $450 though so not cheap either.

Flamer.

Re: linux box or appliance

flamer die.spam@hotmail.com wrote:

> Thanks for the replies, I guess I want to try and avoid using the rack
> server if possible without losing any functionality, also the server
> has only one pci slot and one onboard 10/100 so a dual port ethernet
> would be required which are generally pretty pricey.. where I live a
> 2nd hand pix 501 is $450 though so not cheap either.

Pix 501 and 506 models have only two physical network interfaces.

Wolfgang

Re: linux box or appliance

On Mar 9, 11:35 am, Wolfgang Kueter wrote:
> flamer die.s...@hotmail.com wrote:
> > Thanks for the replies, I guess I want to try and avoid using the rack
> > server if possible without losing any functionality, also the server
> > has only one pci slot and one onboard 10/100 so a dual port ethernet
> > would be required which are generally pretty pricey.. where I live a
> > 2nd hand pix 501 is $450 though so not cheap either.
>
> Pix 501 and 506 models have only two physical network interfaces.
>
> Wolfgang

yeah good point, they only have inside and outside interface with an
integrated 4 port switch.

Flamer.