I recently decided to get off my ass and put some flavor of firewall in place to protect my network.  Sure, the important stuff was behind a NAT gateway, but that really only keeps things out of the prying eyes of the general ‘net public.  I’ve got more systems here at the house than just the typical family PC with the kids photos as well, and they were sitting right out in the open.  Granted, those systems are Linux-based, and they are only listening on the needed ports, so security really wasn’t a huge risk.  But there’s a risk none the less.  Not to mention, adding in a layer between things offers levels of additional flexibility.

I should come clean.  What really drove this little endeavor, was the weak CPU performance of my trusty Linksys WRT-54G (version 2 for the curious), running dd-wrt.  When I would play Xbox with other machines doing their various things, the little WRT would become overwhelmed and start lagging traffic.  Lagging network packets on a real-time interactive multiplayer game means less fun.  My first jaunt was to install the x86 version of dd-wrt on an old clunker PC, to more or less mimic the WRT54’s functionality.  That worked well, but didn’t give me the flexibility I wanted — again, I have machines I want behind a firewall, and dd-wrt didn’t do everything I wanted, how I wanted.  Great piece of software though, can’t knock it at all, I just wanted more.

So, I went with what I know — Linux, and iptables.  Then I started thinking, “hey, there’s folks out here who package up nice interfaces for this kinda stuff.”  So I looked at three so far, that are more or less branches of the same base: IPCop, Smoothwall, and Endian.  Cutting to the chase, I liked the look and the featureset of the new Endian 2.2, which is in a release candidate stage.  These guys market appliances, and if I didn’t already have a bunch of older hardware itching for a purpose I’d strongly entertain picking one up.  The software so far seems to be nice and stable, easy to use, easy to understand, and packed with lots of extras.  If anyone is interested in a SoHo type firewall, so far it looks to be a nice choice.  Heck it might even scale well enough for larger networks too.