Server box specs

[The_Earl]

http://lwn.net/2002/0404/a/elks.php3


No, i understand it would work w/ a machine with 3 cards in it, I was more wondering if VLAN or virtual interfaces would make it possible and secure for a single or dual nic MB.

In my experience, multi-home Windows boxes do not route well at all, but that may be more indicative of my windows networking skills than anything else.

[thedqs]

It might by editing the internet settings to use the virtual server as the proxy but the problem would be using the out connection to the router's wan port and have the same be on the lan side. Of course if you have a network hub then you could do it with two. Have the internet connect go into one port and the connection to the hub goes into the router. Your virtual server becomes the firewall and DHCP server (or DNS if everything is static IP) and all the information has to go through the virtual server. Though I don't know if you can disable the connection in the Host machine but still use it in Virtual machine.

[daddy-o-p40]

Good grief. Where do you guys find the time for all this stuff?

[morph-p40]

This posting in another thread got me started (and rmrichesjr seems to have a handle on the concept as well):



Not being a Linux expert, it's the "several hours of configuration" part that kills it for me.

I guess there are enough hardware differences between "old machines" that coming up with a common configuration "how-to" would be impractical. However, if we could settle upon a cheap, readily-available, stable hardware platform, we could at least cook up the how-to, and perhaps go beyond that to a plug-n-play install package.

I've been thinking one of those mini ITX boards would be a good starting point for a hardware platform. They've got nano and pico ITX boards if you want to get fancy, but I'm thinking that cheap is the way to go. That way, when a fellow ward member asks about blocking out the world, I can tell him how he can do it for $400 or less, or I can offer to do it for him at cost.

In the meantime I'll try to come up to speed on Linux, so that I know what you guys are talking about.

Smoothwall express is a good cost free option too. It's basically a firewall operating system that you install on a box and place between your modem and your LAN. It's really easy to install, you access it via a web interface (so no need for a monitor/mouse/keyboard to be connected to this machine) once installed and dansgardian is a free addon that you can install via the web interface. I had it set up in my own home in literally minutes. Runs on old hardware very well (it was designed to), though again requires two network cards. We use the corporate version of smoothwall along with dansgardian at work, I am very impressed with it.

http://www.smoothwall.org/

EDIT: My apologies, I didn't see how old this thread was

[daveloper-p40]

For many people, they see these solutions as unattainable because the depth of the skill required to make some of these things work is too complex and difficult. I've read through the threads and many of the solutions presented were single point (individual computer), complex (install this, then this, then this, configure that), or costly.

There are open source projects out there, and most of them use the same tools (dansguardian, squid, et al). SME Server is a very good solution and one of the key maintainers lives in Utah, works for the state, and is a devout member of the church.

Another solution which has not been mentioned on this board is ClearOS. I work with the company and the open source foundation so yes, this is a blatant plug.

I use this solution to protect my whole home and to protect my children. Here is an intro video. It is very easy to setup and configure, has an active open source community, and has delegation of administrative privileges so you can set up multiple named administrators. Administration of the box is from a web interface which is very intuitive and super easy. It is available in 20 languages so it is ideal for many members worldwide. The content filtration controls can be configured to just log activity (the free agency with accountability paradigm) all the way to white list only control with designated access based on time of day and user (the protect my family at all costs paradigm). My brother-in-law, for instance, used this to prevent his daughter from getting up in the middle of the night and chat with friends.

In addition to being a great content filter it is also a firewall, anti-spam, anti-virus, file, print, and intrusion prevention server and much more. Many charter schools and private schools use it because it works, it is simple to configure, and it is :eekeek:.

The corporate entity behind it makes their money by selling business grade services to businesses. They also sell content filter updates for those that want that level of control but for my family, the pattern files included in the latest releases are sufficient.

Many of the people that work on the project are LDS, and their offices are in Orem. The vast majority of users that use it worldwide are homes and private individuals who just want a working server for their home. It is in the top 30 linux distributions and has been compared as the MS SBS replacement by Linux Magazine.

It will easily run on older x86 hardware or on the ITX boxes talked about on this forum. At home, I run it on a older fanless LEX Twister with 1Gig memory, 80 Gig hdd, 800 MHz processor.

[blaineg]

I've been running Untangle for several years.

It's nothing that couldn't be done with a lot of Linux work, or Smoothwall, or such. But it's a pretty simple installation, and has a very slick GUI, so you don't need to be an expert at the low-level stuff. Mostly it just plain works.

It does require a dedicated box, and I'm using a mini-ITX homebrew system for space's sake. The basic free version is fully functional, but they'll be happy to sell you upgrades with more bells and whistles.

Combining Untangle with OpenDNS's filtering makes for a pretty solid filtering system.