We are looking for a good firewall replacement which will basically do pot blocking and QOS. Our current solution just plain stinks.. We basically need to handle the traffic of a few web servers, mail server and asterisk box. The most traffic this device will need to handle is what can be shoved through a T1. I don't mind buying an appliance to get something solid but IP Cop just looks better than he appliances I see out there. I am only concerned if it is stable for a production environment. It says it's designed for a SOHO environment, we are doing a bit more than that. Will this thing hold up? Can it be trusted? Anyone using this for QOS and Asterisk in a production setup. Any thoughts or suggestions or warnings would be appreciated! Thanks! -- Start Your Own Internet Service! http://www.YourOwnISP.com
There are a dozen Linux based methods ranging from. Personally I like the Mandrake offering called Multi-Network Firewall. It is pretty turnkey and they have it available for download. It also supports bonding which allows you to use multiple nics bonded together and views as one connection. http://www.mandriva.com/business/mnf2 Other than that, like I said, there are dozens... W -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Mojo Jojo Sent: Wednesday, August 17, 2005 3:27 PM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] IP Cop as a firewall and QOS We are looking for a good firewall replacement which will basically do pot blocking and QOS. Our current solution just plain stinks.. We basically need to handle the traffic of a few web servers, mail server and asterisk box. The most traffic this device will need to handle is what can be shoved through a T1. I don't mind buying an appliance to get something solid but IP Cop just looks better than he appliances I see out there. I am only concerned if it is stable for a production environment. It says it's designed for a SOHO environment, we are doing a bit more than that. Will this thing hold up? Can it be trusted? Anyone using this for QOS and Asterisk in a production setup. Any thoughts or suggestions or warnings would be appreciated! Thanks! -- Start Your Own Internet Service! http://www.YourOwnISP.com _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
i have never used ipcop in conjunction with asterisk (just starting asterisk) but i have used ipcop quite a bit. ipcop is a GREAT alternative to appliance firewalls and does almost anything i have ever needed to do. it is easy to install and easy to maintain and just works. the hardest thing is the way they name their interfaces and it isnt all that hard. red is the internet port green is the local lan port orange (if you have one) is the DMZ blue (if you have one) is for wireless typically you just need to worry about red and green i set up a series of vpn links based on some cheap celeron 1.7s with 256megs of ram and i could saturate a 100MBit connection without the ip cop machine breaking a sweat (this was during testing, would have went with much lower powered machines except for the great deal the company i worked for had for those boxes.) i would try it and see personally, find a box you are willing to use for an ipcop test and go to it. Casey Boone Mojo Jojo wrote:> We are looking for a good firewall replacement which will basically do > pot blocking and QOS. > > Our current solution just plain stinks.. > > We basically need to handle the traffic of a few web servers, mail > server and asterisk box. The most traffic this device will need to > handle is what can be shoved through a T1. > > I don't mind buying an appliance to get something solid but IP Cop just > looks better than he appliances I see out there. > > I am only concerned if it is stable for a production environment. It > says it's designed for a SOHO environment, we are doing a bit more than > that. > > Will this thing hold up? Can it be trusted? > > Anyone using this for QOS and Asterisk in a production setup. > > Any thoughts or suggestions or warnings would be appreciated! > > Thanks! > > -- > Start Your Own Internet Service! > http://www.YourOwnISP.com > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > >
> I don't mind buying an appliance to get something solid but IP Cop just > looks better than he appliances I see out there.Astaro has been getting good reviews from Linux World. They have an appliance solution or a self-install solution. It features: -Firewall -VPN Gateway -Intrusion Protection -SPAM Filtering -Anti-Virus -Management Platform -Surf and Spyware Protection The details of the features are impressive. For the details visit: http://www.astaro.com You can download a 30-day demo. If cost will be a problem, IP Cop is also a good solution. This is what we have been using. Holden
On Wed, 2005-08-17 at 17:27 -0500, Mojo Jojo wrote:> I don't mind buying an appliance to get something solid but IP Cop just > looks better than he appliances I see out there. > > I am only concerned if it is stable for a production environment. It says > it's designed for a SOHO environment, we are doing a bit more than that. > > Will this thing hold up? Can it be trusted?I'm not using IPCop with * (I'm very much a * newbie), but I am using it as a general firewall, and it rocks. I have had no issues with it, and I have been running IPCop for several years. It is very stable - I have yet to have it crash on me. It is secure - the box has yet to be successfully hacked (and the logs show numerous attempts on a daily basis!) It will handle your bandwidth easily as long as your hardware is not too antiquated. For example, I've got it running on a 133MHz Pentium, 128Mb RAM on a 3MB/sec connection, and it hardly even notices... Try it - you'll like it. Regards, Austin.