[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SnapGear

To: Luci Discuss <luci-discuss@luci.org>
Subject: SnapGear
From: Danny Sauer <sauer@cloudmaster.com>
Date: Wed, 25 Feb 2004 16:48:52 -0600
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

I figured that I'd pass along this nifty little firewall thing that I 
picked up recently.  SnapGear (www.snapgear.com) makes several cool 
little embedded Linux firewall things - I picked up a "Lite 2" recently. 
(https://www.snapgear.com/lite.html)  It does the typical NAT, DHCP 
server, NTP server stuff, but it's actually configurable.

In addition to being able to edit [most of] the config files that you'd 
expect to be editable on a real linux box (I added some custom options 
to dhcpd.conf for the Mac OS X boxes here), and being able to set up 
some basic packet filtering with a pretty GUI interface, you can stick 
in custom iptables rules in addition to or in place of the built-in 
firewall stuff (which is already pretty complete, BTW).  It's go an IDS 
that'll basically set up a honeypot and block anyone who connects to 
those ports, or anyone who runs a general scan.  It'll act as a PPTP or 
IPSEC client and/or server.  It'll let you do static routing, and can do 
IP aliasing on the interfaces.  It's got a serial port that you can use 
(with an external modem) as the WAN link with diald, or as a failover if 
the mail WAN link goes down, or set up as a dial-in server for either 
remote admin or just remote access.  It'll support several of the 
dynamic DNS sites, and will act as a DNS proxy.  You can change its MAC 
address to match your windows PC's card so your Chambana cable modem 
will work. :)  They've got some software that lets you admin several of 
the things remotely - which is what I'm hoping to do, as we've got 
several off-site people on broadband running "that other OS that's full 
of holes".

I know this thing isn't for everyone, as it's not a "real" computer and 
you're sortof at the mercy of SnapGear to keep it up to date. - but the 
one I got is running a 2.4.20 kernel, which is the October firmware, and 
there's a firmware update that I haven't gotten on there yet.  They seem 
to be good about keeping up-to-date.

Anyway, I think it's cool, and at $200, it's a lot cheaper (and a lot 
faster to boot up) than most full-blown PCs.  Heck, it's worth the 
couple hundred bucks in my view just to get VPN software that's easy to 
set up *and* works well with windows. ;)  The only thing it's missing is 
a wireless interface - I'd really like to have one of these that could 
act as the wireless access point, too...

--Danny

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: SnapGear
  - From: Kara Pritchard <kara@luci.org>

Prev by Date: Re: Q: Wine -- not using "msdos" filesystem, right?
Next by Date: Re: SnapGear
Prev by thread: Re: the problem of spam
Next by thread: Re: SnapGear
Index(es):
- Date
- Thread