ClarkConnect transforms standard PC hardware into a dedicated broadband gateway and easy-to-use server. It includes firewall and security tools, along with file, print, web, e-mail, proxy, and VPN servers. Version HomeEdition 2.1 was just released (iso here), while a few days ago the similar product SmoothWall released version Express 2.0-RC1. These are excellent choices if you have an old PC sitting unused in a closet and if you need a gateway/firewall/etc to serve all your machines at home.
Well, I think that ClarkConnect has a different perspective than Smoothwall. Smothwall is, like the bether IMHO IPCop, just aimed at beeing a firewall/gateway. This is to not compromize the security with additional services running on the firewall thats conencted to the outside world.
ClarkConnect is a great Distor for what it was ment to do, but I would run IPCop/Smoothwall on a 486+ and have another Linux box inside my network running for example Debian or Slackware, serving the purposes IPCop/smoothwall can’t handle (Samba, Cups, ftpd etc). And don’t come and say that you can run services like these on IPCop/Smoothwall – I know you can, but then you can get just as good/safe results with ClarkConnect.
Anyone knows if ClarkConnect also does CVS and SubVersion? That would be cool (of course, not at the same time as serving as firewall/gateway).
I’m using Monowall as a gateway/firewall. It’s based on FreeBSD 4.9 and has an awesome configuration interface. It can be started from a CD+floppy (to store the settings) or from a very old HD (it’s just about 3-4 Mb). Check it at:
http://www.m0n0.ch/wall
Does anyone know how it compares to smothwall and/or ClarkConnect?
I’ve tried numerous “firewall/router” distros (Smoothwall, ClarkConnect, Freesco, etc) and none of them have worked well for me at all.
My solution? Plain debian. You get the debian network install image, install it (this gives you a VERY minimal system if you don’t run tasksel), apt-get all the necessary things like dhcpd, shorewall (VERY recommended), squid, cups, etc, configure them, and you’re ready to go. This gives you excellent flexibility (which is something the canned firewalls don’t have) and Debian’s ease of maintenance. It’s not really that hard to configure all of that stuff–for me, using the canned distros was much harder.
Hey all,
Firstly Thanks for the post, I’m currently working in an ever expanding network and we need something like this cos we’ve got old boxes lying around, and I thought perhaps instead of using a commercial Firewall, like Checkpoint, we could use one of the open-source ones…does anybody know how these compare in commercial situations?? Thanks in advance.
You know that if you are using an old pc as an firewall / router that it is more expensive than a dedicated little
router/switch box? Assuming you leave it running 24/7 the old PC eats so much more electricity that you could have bought an router for that money (based on 11 €ct/kWh)within a year.
You could offcourse equip the PC with large harddisks and samba so that it also does some fileserving, then it’s still not cheap but really usefull 🙂
why not try the best solution for this problem, namely OpenBSD?
Free version is badly configured and assembled, so it will work for you only by coincidence.
No real information on it, no user guide on site.
They advice to use forums as support but forum links lead to almost nowhere.
So you should buy SmoothWall, if your case is bit more complicated.
SmoothWall changed its site, so maybe things are better at moment than i described before. Will investigate
These products are free or low cost, which make them fine for very smal business or home, but you get what you pay for. None of them have near the features or support of MS ISA Server. ISA Server is one of Microsofts best products.
http://www.microsoft.com/isaserver/
Also at around $130.00 street price, for home or some SMB use, Netgear’s FVS318 is much better solution.
http://www.netgear.com/products/prod_details.asp?prodID=129
I’ve been using Clarkconnect 2.0 home for about 5 months on an old pc my brother was going to trash, and love it. Simple to install, use, and manage via their browser based config or the classic webmin. I have it set up as a file & print server on my home network, and I also have Apache & MySQL setup up when I want to tinker with some dev stuff.
We are using ClarkConnect at home since ver 1, and all of us are very pleased (4 adults and around 10 boxes). I am aware of security issues about that distro, but being hermetic is not a concern over here. If you are a security freek, dont connect.
Many people come over here for service or just plain pleasure (computing of course) and using that cheap 16 ports switcher is close to heaven. I gave away my small router to my sister since it is not fit for our needs.
I really do recommend ClarkConnect for home or really small business. Its small, not resources ungry, easy to install and maintain and has a lot of punch for the price. Shurely its not close to BSD, but I dont have the time being paranoid
Lately I have been using Devil Linux on an old p1 with 64mg of ram, and I have been delighted at the ease in which I can configure it. Boot the CD, type setup at the command prompt, and it goes into a GUI interface. Set up your configuration, save config to a floppy, reboot for changes to occur, remove floppy after boot, and it just simply works. Easiest set up I have ever done. It boots from CD or USB pendrive. It also has many server packages available.
If you are going to run a old computer as a router, you might consider taking a look at Devil.
http://www.devil-linux.org/
I’ve been using Smoothwall for about ten months and I have found it to be absolutely outstanding. It’s easier to configure than many costly products, even the PHB can do it. It has intrusion detection built in, a proxy cache, logs, vpn support, too much to name here. It offers a lot more than an inexpensive hardware firewall router (which I also use for a different network). I’ve had no problem with documentation. I’ve had no need to seek support. Just make sure your NICs are different brands.
“None of them have near the features or support of MS ISA Server. ISA Server is one of Microsofts best products.”
If you think attaching a Microsoft product directly to the internet over a broadband connection is a good idea, I recommend having an MRI performed. WebTV is also “one of Microsoft’s best products”.
Similar in concept to Monowall, I’m using Netboz http://www.netboz.net
It boots from a CD-ROM with the configuration on a floppy disc. The I’ve been using it for over 6 months now – and running most of the day and it works great.
Thanks for the tip on Netboz, just what I was looking for. I’ve been running Smoothwall v2RC1 for a few days, but was disappointed to find that you can not alias additional external IP numbers to the “red” (e.g. external) nic (or at least not without buying their commerical version). Also their (smoothwall) use of port 222 for SSH just weirds me out.
I built myself a MicroServer on VIA C3.
I am seeking desperatly for a ready-to-run Firewall/Server mixed environment. I have found none so far. Since I do file-, print- and fax-serving on that system I do not like the CD/Floppy approach of many such products. I do not even have external drives in my box.
OpenBSD refused to recognize my 120GB hda, whatever I tried.
So I am going to build my very own mini-Linux, using Debian or LFS, patching grsec to the kernel. Or I go FreeBSD. All other is sub-optimal.
You’re welcome.
I actually happened to find it surfing around. I tried Smoothwall, etc and just wanted something that didn’t need an HDD since I’m using an older computer. I’ve only used it as a firewall/router. It works great, doesn’t crash, easy to configure and more reliable than the Linksys router I used to have. And you can get traffic graphs via web browser as well as re-configure it.
If you think attaching a Microsoft product directly to the internet over a broadband connection is a good idea, I recommend having an MRI performed. WebTV is also “one of Microsoft’s best products”.
If you don’t know the difference between WebTV and ISA Server, an MRI would be a waste of time.
“But what do you pay for that M$ ISA server? And can it run on a 486?”
If you can’t afford the hardware and software requirements for a full featured forward and reverse proxy, intrusion detection, application level firewall, that also intergrates with an AD domain for content control based on group membership. Then you probably don’t need ISA Server.
For the business’s that can’t afford ISA Server or don’t need that level of security, a Netgear FVS318 is very secure and cheap.
Squid does all the proxystuff just fine. Intrusion detection? Snort is an industry standard. Application level firewall? Businesses don’t run application level firewalls (at least the smart businesses). AD domain etc.? Samba.
Cost? $0+ HW ($10 for a 199 MHz PPro, not much at all)
So with Samba I can put someone in a group that only has access to a list of ten company approved webstites and put anoter user in a group that has access to 50 company approved websites?
Explain to me why an application level firewall is not smart? Do you even know what an application level firewall is?
With Snort and Squid I have two programs to administer. Will Squid reverse proxy and cache my companies website? Can I use downlevel proxy servers?
I suggest you do a little research on ISA Server instead of just supposing that OSS solutions are always better.
Something to remember, is that you can build a device to do everything that you’ve said that ISA does, as far as I have seen. Forward/reverse proxy, directory authentication, content filtering, etc, etc…are all very possible using the free software. The point behind these solutions is that they are powerful tools with minimal cost, and features that will cost you thousands more with other products.
Yes, squid will reverse proxy your companies website.
Yes, you can build squids to function as a group of proxies.