Re: [tlug] *Small* NAT/DMZ/LAN h/w suggestions?

["Keith Bawden" <keith@example.com>]

> My initial thought is to get a low end server and configure up some
> iptables. But even such a server is really overkill for a router/firewall.
> (Don't need an 80Gig h/d, 1Gig RAM and a 3 or 4 Gig processor..... or a
> big power hungry box...)
>
> However that is the solution I would be most comfortable with since I
> have the most control and know what's going on.
>
> But, I wonder if there isn't a better (cheaper) solution.

G'day Edward,

Making a router out of any hardware that has three nics and will run
Linux is going to be easy enough (as other have suggested, distros
like smoothwall and ipcop will help out with this). However, I think a
really important question is, how much time do you want to spend on
setup, maintenance and disaster recovery.

I have built boxes to act as routers before when I was on staff at the
company that was going to be the end user. However, for "client" sites
I have usually gone with dedicated router hardware. The client can
then contact the vendor directly for support in my abscence, and if
the hardware is standard enough then any hack can help them out.

You should be able to find some half decent routers from around 4
through 10+ man. Anything around 10 man should also give you solid VPN
and other "advanced" capabalities.

In the end though if you are willing to take over maintenance of the
device you build - including business hour outages and what not
then...

Regards, Keith