I use Astaro as my firewall/proxy server for my home network of about 9 machines.
I have 4 NICS in it: External Internal - Wired workstations DMZ - Servers WLAN - wireless network
I run behind it a web server, and email server. Along with an internal only DNS server, NTP server, SAMBA file server.
The WLAN only allows access to the VPN, which I use for added wireless security on top of the WEP and MAC filtering.
My astaro box is a Athlon 550 with 384MB RAM and 6GB HD. Connected to a 16Port 10/100 managed swith that is setup with 3 VLANs (external, internal, dmz) and its for net connection is direct to a Linksys WAP11 Access Point.
ASL 4.002 running as a home gateway with a power license.
previous config (under 3.2) was 3 nics, outside, lan and dmz, but there were problems with trying to get multicast between the lan and dmz, also the hardware only had 3 slots, so a video card was not possible with 3 nics. So I backed off to 2 nics and moved the dmz servers onto the lan. Now I'm up to 4.002, I'm moving *all* the kit that needs to talk multicast to the dmz, and will connect it all up using 2 nics, and some 802.1q vlan tagging, as I've borrowed a cisco 2924XL cat to play with.
Config will therefore move to:
2 nics
eth0 - outside
eth1.154 - lan (internal network -- client workstations etc)
eth1.148 - dmz (web server, ftp server, mail server, other support services)
asl runs on a PII 400 with 128meg, a 6gig eide disk and 2 3c905 nics connected to a cisco 2924xl with 2 vlans, in turn connected to a dsl router.
External Interface DMZ Internal LAN 1 Internal LAN 2
Protecting Web-, Mail- and Outlook Web Access-Server in DMZ, a production LAN with about 20 clients, a test LAN with about 5 clients. Administrative VPN connection to all servers.
ASL is running on a Compaq DL380 and is up without any problems for more than 200 days now [:)]
We have two offices which both run an ASP service for various clients connected via VPN and Frame connections. These are probably examples of some more complex configurations.
Office 1 (local)
Astaro 4.x running on a Dell PowerEdge 350 PIII 833mhz w/ 256MB RAM 2 10/100 Nics and 1 GigE Nic 1 Admin network on 10/100 - non-tagged VLAN(1) 1 Internet (T1) connection on 10/100 - non-tagged VLAN 1 Wide Area Network connection, 1 DMZ, and 6 or more VLAN separated LAN's connected to a GigE Interface using Tagged VLAN's - ASP products are hosted on one or more of those separated VLAN's.
Hosts 2 or more VPN tunnels, with many more to come shortly Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. QOS rules for Internet and WAN connections
Office 2 (remote) Same hardware, but 4 10/100 ports, and running ASL 3.2.x (waiting on up2date) Network 1, Internet Network 2, Wide Area Network Network 3 and 4, Internal networks
Once up2dated, will run VLAN's on one of the internal networks to make separate subnets for our ASP products.
Hosts 4 or more VPN tunnels. Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. The HTTP proxy has been customized in the squid-default config to add acl's for specific host access to certain sites (poor-man's content filtering - either you have full access or you have limited access to work-required sites). QOS rules on Internet and WAN connections
We have in a customer LAN 3 Astaro Fwall
1 In Genova (Main offices)
1 In Tunis (Branch)
1 in Paris(Branch)
Each Office is connected to the other via a VPN all three offices use the same mail server (so that mail between clerks arrive quickly at destination) and the same Exchange Server (shame) for goupware purposes in a DMZ we run the mail server above the DNS and WebServer
We have these connections and installation up and running
with version 3 from ver 3 release without a single hitch
up to now ....
all in all up to now the clients served are about 80 with
4 IBM X330 servers .... the fwall iron is a PIII500Mhz
with 256 Mb Ram
Off my public IP I've got a D-Link router/firewall, with a DMZ behind it. In the DMZ is Astaro v4 protecting the internal network. Currently the D-Link does IPSec pass-through to Astaro, and works great. I'm not running any proxies on Astaro. In the near future, Astaro will be protecting web and mail servers internally.
Home/Non-Commercial Use I use it to protect a network of 6 or so PC’s with a mixture of both public & private IP addresses on the internal network. I host a few services for private use (Mail, FTP, Terminal Server etc) all of which should be password secured.
Currently on Astaro 3 – haven’t moved to 4 yet as I don’t have a free weekend to commit to the move (OK – so it won’t take a weekend – but I like to be cautious)
Astaro box is a no-name clone with Intel & Netgear cards. AMD K62/500 with 256MB of ram and a 6 GB disk.
Astaro runs very stable – everytime I have a problem and blame the firewall – its always been innocent.
I use mine in my home to protect a small internal network. PII-400, 128MB RAM, 6.4GB HDD I've hacked in Snort 1.9.1 3 NICs, Ext, LAN, DMZ. I host my own mail and use the SMTP proxy, as well as host private FTP, NTP. Currently I have 6 IPs in my LAN and 2 in the DMZ. Getting close to that 10 IP limit.
