firewall

Wondering why the blog hasn't been updated recently? Cuz I was busy setting up a firewall using the computer that my friend returned.

The Linksys BB router I have been using is aging. It also have difficulties when coping with WAN traffic more than 2Mbps. This is especially obvious after I have swiched to HGC - when my download speed reaches 300kB, all computers running Windows XP often return a warning messages saying "Disconnected", which is an indication that the router has rebooted and all connections were dropped.

The FYP server has got a new life: running at 770Mhz, the RAM increased to 512MB, added a 3Com 3C982-TXM dual port server NIC and a 3Com 3C905B NIC, loaded with Astaro Security Linux V5. I choose ASL over m0n0wall or LEAF because ASL as a commercial grade product, it should provide higher stability and is properly maintained over the others. I think the problem of open source is that many projects are not properly managed/maintained, and the qualities vary.

Performance-wise the ASL box is amazing: I can reach speed over 1300kB, that translate to 10.4Mbps, both Up and Down link at the same time. ASL also allows VPN connection for me and my sister to the home network. While commercial grade firewall like Netscreen often cost over HKD$4000, the ASL is a sweet alternative: even more features and powerful, at no cost. The extra computational power of the ASL box should easily fill the 10Mbps pipe with VPN traffic.

My next goal is to setup the VPN, and add a wireless AP to the last port of the server NIC. With ASL, it feels more secure to use wireless as I can define strict firewall rules on WLAN traffic.

The ASL box does have some drawbacks - space and a bit fan noise. Nevertheless I am very happy with it.