• 27
  • Nov

Untangle LogoMany people should be glad to know that an open source, all in one security appliance exists named Untangle. Although this is not news, it is to me. And frankly, I would probably not have implemented a Watchguard if I had known otherwise. Untangle also offers a “professional” support package if you are not confident with open source solutions or just prefer to have someone backing you up.

Untangle seems to have tons of neat features, but keep in mind that these AIO security appliances WILL slow your connection unless you have some beefy equipment running the system.

Untangle has all of the features of most enterprise all in one security appliances including:

Now, to the fun part. Version is 5.0.3 at this time of writing.

WARNING: Lots of images below.

Installation from Untangle Live CD:

Untangle 1
Untangle first boot from the Live CD installation.

Untangle 2
Welcome screen for installation. I can see the graphic designer had some fun with the hardware unit. First warning

Untangle 3
I think that is the shortest EULA I have ever seen in my life. Awesome.

Untangle 5
Yes, please own my sda. Second warning.
Read the rest of this entry …

  • 19
  • Nov

The Problem:

As big as Ubuntu is, I am really surprised there is no firewall included by default. Yes, I know that the functionality is built into the kernel, but do you think half of these newbs running Ubuntu know about iptables?

The Solution:

Guarddog is a GUI Linux iptables/ipchains configuration utility. This is going to save you from having to spend hours of reading about Linux firewall setup and setting up rc scripts, etc.

sudo apt-get install guarddog

Now you have a menu item under Applications -> Internet -> Guarddog. It is pretty much useless unless you are running as a superuser, so run

sudo guarddog

You should get a prompt about not having a rc.firewall, click ok.

Guarddog’s philosophy is to block if not allowed, just like any firewall. Keep this in mind if you go to try to play AssaultCube and it won’t connect.

Guarddog 1
Read the rest of this entry …

  • 03
  • Nov

 
 
You Get Signal

Trying to port forward through your cable or DSL router? Not sure if it is working?

Check for open ports by specification @ You Get Signal. You can even try other IPs other than your own. ;)

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 02
  • Nov

Vyatta logo

Open source routing operating system Vyatta, can get you out of the grasp of proprietary systems such as Cisco and Juniper. I am really surprised on the accomplishments and efforts this company has put into the product. With support for many multi-port ethernet, T1/E1, and T3 cards, often it is possible to switch to Vyatta and end up with a more dense routing infrastructure.

Vyatta is based on Linux, but the default user shell is customized to look and feel like a ‘router’ interface. Also, commands do not become live in the system until you ‘commit’. All configuration is stored on a separate partition in one single file and makes for easy backup and restoring, even if your hardware fails. This platform has really been built from the ground up to be a true Linux routing platform.

Vyatta has a WebGUI for administration as well:

Vyatta WebGUI

Vyatta also features support for BGP, clustering, VRRP, NAT, firewall, VPN, SNMP, Syslog, OSPF, RIP, IPv6, DHCP, VLANS, Frame Relay, PPP, HDLC, and more.

I am looking forward to working with Vyatta and plan to replace our Cisco 7500 that we use for a core routing function. I plan to configure Vyatta to do traffic shaping and bandwidth management. This is not included in the CLI or the webGUI, but is a possibility through the bash shell when logging in as root.

Look for tips and tricks and updates of my progress in future posts. Wish me luck.

More information on Vyatta

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 16
  • Sep

Running a firewall on each of your systems can be an administrative nightmare plus taking up unnecessary resources. My cup of tea is a dedicated box specifically for the reason.

I have been researching on open source “appliance” like firewalls and the following seem to be the best choices. All of these firewalls offer features similar to paid firewalls and include a web GUI (except Shorewall) plus much, much more.

Read the rest of this entry …