PINE64
Using Rock64 as a firewall - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: ROCK64 (https://forum.pine64.org/forumdisplay.php?fid=85)
+--- Forum: General Discussion on ROCK64 (https://forum.pine64.org/forumdisplay.php?fid=86)
+--- Thread: Using Rock64 as a firewall (/showthread.php?tid=5236)



Using Rock64 as a firewall - jl_678 - 10-08-2017

Hi,

I am pondering this and am wondering if anyone has tried any of the dedicated offrngs on a Rock64. Both ClearOS and IPFire have Arm builds, but I have no idea if they work with the R64. Has anyone tried those out or any similar offerings?

Thank you in advance.

Sent from my SM-T537V using Tapatalk


RE: Using Rock64 as a firewall - dkryder - 10-08-2017

i think there is [was?] a centos for pine64 but not sure of rock64. but to be honest the 1st thing that popped into my head was a concern that rock64 could be a bottleneck for the whole local network depending on what activity goes on in an average 24hr period. so, why the rock64 as firewall?


RE: Using Rock64 as a firewall - stuartiannaylor - 10-08-2017

(10-08-2017, 12:49 PM)jl_678 Wrote: Hi,

I am pondering this and am wondering if anyone has tried any of the dedicated offrngs on a Rock64. Both ClearOS and IPFire have Arm builds, but I have no idea if they work with the R64. Has anyone tried those out or any similar offerings?

Thank you in advance.

Sent from my SM-T537V using Tapatalk

Can not see why another Gig ethernet on that USB port shouldn't work as the latest Ayufan builds and base builds for Xenial seem quite solid.
Not really sure about the secondary eth on the rock which is 100mbs but think the linux drivers are relatively in place and if you can find a usb eth that works then its highly likely you could prob get something going.

Ipfire seems like a good choice would be good to know how you get on.


RE: Using Rock64 as a firewall - jl_678 - 10-08-2017

Hi,

I will order something and test it out. Regarding why, well, my home router is very old and needs an upgrade and so why not?

I will thoroughly test the R64 implementation prior to using it in production and so hopefully will identify any issues.

My near term plan is to test out the ipfire image on the rock as is. If it passes that smoke test then I will look to add additional accessories including a dedicated Rock64 for the project.

Sent from my XT1254 using Tapatalk


RE: Using Rock64 as a firewall - stuartiannaylor - 10-08-2017

(10-08-2017, 02:50 PM)jl_678 Wrote: Hi,

I will order something and test it out. Regarding why, well, my home router is very old and needs an upgrade and so why not?

I will thoroughly test the R64 implementation prior to using it in production and so hopefully will identify any issues.

My near term plan is to test out the ipfire image on the rock as is. If it passes that smoke test then I will look to add additional accessories including a dedicated Rock64 for the project.

Sent from my XT1254 using Tapatalk

Prob a lot of work getting it ready for the Rock64 and distro based firewalls are a better choice.
Zentyal is Ubuntu and actually the firewall / network / dhcp / dns part actually always worked really well.

Untangle I guess you could build it on debian.

Or Shorewall / webmin which is what I normally do in fact I tell a lie usually just iptables but use the webmin interface.
Lockdown webmin to local host and install openvpn.

Trying to think of more distro based firewalls that are buntu/deb versions.
Webmin gets a lot of criticism in its open state, which makes install and initial config easy then you just lock it down and you can always unlock it for maintenance.
Its pretty damn shit hot but Zentyal works well.

Post way as I might join you in the production of a Rockwall. Smile
Debian Jessie, Webmin & Shorewall look a good bet.
Zentyal no Arm64
Untangle.... mweh
http://shorewall.org/VPNBasics.html
http://www.webmin.com/deb.html


RE: Using Rock64 as a firewall - jl_678 - 10-09-2017

So you have got me thinking more about this. Thank you. To be honest part of the goal was to get some web filters going and it just seems like the Rock would not be good for this.

Yes, it can do a basic firewall with the tools that you suggest, but it seems that the more full featured options require an x86 or equivalent.

Sent from my XT1254 using Tapatalk


RE: Using Rock64 as a firewall - stuartiannaylor - 10-09-2017

(10-09-2017, 04:05 PM)jl_678 Wrote: So you have got me thinking more about this. Thank you. To be honest part of the goal was to get some web filters going and it just seems like the Rock would not be good for this.

Yes, it can do a basic firewall with the tools that you suggest, but it seems that the more full featured options require an x86 or equivalent.

Sent from my XT1254 using Tapatalk

I think your looking in the wrong place as yeah the rock64 could very well do web filtering and prob best way to go is to install squid or many of the proxy / web filtering piggy in the middle stuff then use DansGuardian.
The balabit zorp stuff is prob the best if I spelt that right.

In fact you might of set me a little project of a ubuntu xenial shorewall webmin squid dansguardian snort lizardfs box Smile

It is a struggle with Arm64 finding binary repos but Xenial seems to be the best bet for the above.