|
|
| Joel Sing, Ionix Technology |
 |
| Using OpenBSD and a WRAP 1-2 for a reliable and cost-effective firewall, router and VPN |
|
As a company that provides business computing services, we are continually connecting business networks to the Internet. Obviously we want to secure our client's networks, preventing malicious attacks from the outside and often preventing unwanted traffic from reaching the outside world from the inside. In order to achieve this we will install an OpenBSD based firewall, making use of OpenBSD's excellent stateful packet filtering and Quality of Service (QoS) functionality, provided by PF and altq.
In the past we have made use of secondhand or retired PC hardware, however this can be problematic. Moving parts tend to eventually fail, resulting in the need to replace hard drives and power supplies. Multiple network cards need to be installed and a sudden power outage (or a client deciding to reboot the "Internet") can result in file system problems.
As a result, we investigated alternatives and opted to use the WRAP 1-2 units supplied by Yawarra Information Appliances.
The WRAP 1-2 provides us with all the hardware necessary to deploy a full featured firewall and router. The unit is compact and has no moving parts, making them extremely reliable and robust in the most harsh environments. A customised version of OpenBSD is installed on a Compact Flash (CF) card and is mounted read-only. This allows the firewall to be hard rebooted without any risk of data or file system corruption. The three network interfaces provided allow for the set up of WAN and LAN interfaces, along with a DMZ interface should the client configuration require it. A custom application allows us to utilise the three programmable LEDs providing status indicators that assist us in remotely troubleshooting and supporting the units.
The Geode 266MHz processor [Note: Now 233MHz] also provides sufficient "grunt" to allow for the installation of OpenVPN, providing our clients with a secure way of establishing a connection back to their business from a remote location. The miniPCI slot also allows us to install a crypto accelerator card should the VPN be servicing a larger number of clients. We have deployed these devices in a wide range of environments - they perform brilliantly and are extremely reliable, whilst being cost effective and fully functional.
- Joel Sing, Managing Director, Ionix Technology Pty. Ltd.
|
|
|
|
| Newsletter |
| Get the latest news direct to your inbox |
 |
|
|
|
|
|
