The Best OpenSource Firewall and Gateway: Untangle

Untangle is the free & open source alternative to Sonicwall. In addition to the basics (Firewall, VPN, IPS & routing), Untangle makes it easier to block spam, spyware, viruses, phishing, porn, gambling, MySpace, Facebook, IM, peer-2-peer & much, much more.

Features:

• Runs at the gateway... No clients to install!
• Easy to use: Intuitive GUI, logging, reporting & automatic signature updates
• Installs on standard Intel/AMD hardware

Highlights:

• Comprehensive Security Protect the network from spyware, spam, viruses, hackers and identity thieves. Untangle is network security, web security, mail security & secure remote access integrated into one platform. And as an open source platform, new applications can be added at anytime, so Untangle has you covered when the next new networking technology is developed.
• Increased Productivity Block time-wasting websites & applications like MySpace, instant messenger, online games & gambling. Untangle even blocks the most difficult port-hopping applications dead in their tracks.
• Increased Visibility Great reporting provides the visibility and data necessary to monitor behavior and track incidents at the network, user, and client levels.
• Easier to Use Each application comes pre-configured for business use and Untangle’s intuitive “virtual rack” GUI makes additional fine-tuning a snap.

Hardware Requirements:

• The Untangle Server requires a dedicated PC installed at the gateway to your network.
• Your hardware does not need an operating system - the Untangle Server installs its own operating system.
• The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Download now this nice tool at Here.

m0n0wall 1.234 has been released

The release of m0n0wall 1.234, a minimalist firewall distribution based on FreeBSD has announced. m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).

m0n0wall is based on a bare-bones version of FreeBSD, along with a web server (thttpd), PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

"I've decided to create one more release in the 1.2x stable branch to add source port randomization (for both NAT and the DNS forwarder). This is a recommended upgrade for all 1.2x users, no matter whether you're running a DNS server behind m0n0wall with NAT or not. Changelog: added source port randomization for ipnat; updated Dnsmasq to 2.45 (source port randomization); updated PHP to 4.4.9; bumped MFS size for firmware upgrades to 10 MB; changed ZoneEdit update server name to dynamic.zoneedit.com." said Manuel Kasper, the developer.

Some of changes in this release are:

• added source port randomization for ipnat
• updated Dnsmasq to 2.45 (source port randomization)
• updated PHP to 4.4.9

You can get this new version of m0n0wall by downloading at Here.

ClarkConnect 4.3 is now available

ClarkConnect, a specialist server and gateway distribution based on Red Hat Enterprise Linux, has released version 4.3 Community Edition.

With ClarkConnect, you can transform standard PC hardware into a dedicated broadband gateway and easy-to-use server. The software is a great solution for small businesses, home offices, and networked homes! Starting with Red Hat as a base, we have removed unnecessary software, secured it, added useful Internet gateway software, and made it easier to install.

On this new version, The Office edition and Enterprise edition products have now merged. Unlimited mailboxes are now included in the Enterprise edition and this includes full groupware support. The full list of changes is available in the developer.

Another highlights including Groupware support in webmail, OpenVPN for road warriors, system processes viewer, mail queue manager, RAID manager, default security keys for users, remote backup (beta).

You can download this new version of ClarkConnect at Here.

Choose The Right Linux Web Host Easily

Nowadays, many web hosting server company acclaim and support for Linux OS which has paved the way for many third party software developers to build their architect around it more so than other popular OS’s such as FreeBSD and Windows Server. Right now there is more support than ever and Linux hosting has now dominated the market.

Web hosting as we know it really helped Linux take off into mainstream and control panels which are basically expected of a hosting company have built around Linux and support it.

Almost of them said that they provide One-Click Application Installation to easy install your favorite Applications like phpBB, Joomla, Mambo, Typo3, Wordpress, b2Evolution, PHProject, PHPCalendar, Gallery and many more.

So, it is very difficult for us to choose a linux web host that you are comfortable with, has the right price and is stable. New web hosts are entering the industry all the time, however, just as many are making their exit from mergers, buyouts and even gone like the wind cause bankruptcy. This is where Web Hosting Pal comes in. Their team do a lot of the research for you and actually do the homework to make it easier for you to narrow down the field and make a choice based on the data that they provide that matched with your needs and budget.

Web Hosting Pal provides us the nice guide to finding the right web host to choice with post the Top 10 Web Hosting chart that be updated regularly, so we can choose the right web host more easier and faster.

Endian Firewall Community 2.2 Beta 3

Third Beta of Endian Firewall Community 2.2 has been released, it comes with many bug fixes and enhancements. For who don't know, Endian Firewall Community is an all-in-one Linux security distribution that turns every system into a full featured security appliance.

Designed with “usability in mind”, Endian developed a solution that is extremely flexible, easy to install and manage. The Community version has been warmly embraced by the open source community and has so far enjoyed over 200000 downloads with thousands of installations worldwide.

What's Changes from previous release are:

• New uplink control made with Javascript/JSON, enhances responsiveness on uplink status change. The user can now decide if uplink should be "managed" automatically (for automatic fail over) or manually.
• Updated kernel to version 2.6.22.16, rebuilt with gcc 4.1.2 to solve some compiler related issues and added drivers that where missing in Beta 2.
• Rebuilt packages for i586 instead of i686 to support embedded/older systems (VIA C3, AMD LX, etc.).
• 60+ bug fixes and other enhancements

Download this new development release at Here.

Endian 2.2 Beta 2

The Endian Team has released the second beta of the Endian Firewall Community. As I ever posted here, Endian Firewall Community is an all-in-one Linux security distribution that turns every system into a full featured security appliance. Designed with “usability in mind”, Endian developed a software that is extremely flexible and very easy to install, use and manage. The Community version has been warmly embraced by the
open source community and has so far enjoyed over 200000 downloads with thousands of deployments worldwide.

Changes from 2.2 Beta 1:
- Updated kernel to version 2.6.22.15 (features a lot more drivers, better SATA/SCSI/NIC support, and much more)
- Updated clamav to version 0.92
- Updated openswan to version 2.4.11
- Updated snort to 2.8.0.1
- 55+ bugfixes and minor feature enhancements

You can get the ISO of this new release of Endian at here.

Devil Linux: Live CD Firewall

Devil-Linux is a CD-based Linux distribution for firewalls and routers. The goal of Devil-Linux is to have a small, customizable and secure Linux. The future of Devil-Linux will go far beyond an ordinary router, it will provide a lot of other services, but the distribution will still be easy and fast to maintain.

Features:

* Boots from CD
Traditionally Devil Linux boots from a CD-ROM which is read-only by nature. This means an intruder will not be able to install i.e. an "ordinary" root kit.

* Boots from USB pendrive
As all movable parts in your computer, the CD-ROM is prone to failure. This is the reason why we provide a script to install the entire system on an USB pendrive. Note: You need a computer which is able to boot from USB harddisks, in order to use this feature.

* Configuration is saved on a floppy disc or on a USB Flash Media
Due to the read-only nature of CD-ROMs, you need a place to save your configuration files. This can either traditionally be on a floppy disc or on a USB flash media (like a pendrive), to increase the reliability.

* Configuration can be burned on CD
There are cases when you have to ensure that the configuration can't be modified. This is the reason why we provide the feature for loading the configuration archive from the (read-only) CD-ROM.

* No need for a harddisk although it can optionally be used for data storage
Most distributions need a harddisk for data storage, with DL this is completely optional. Reasons for adding harddisk data storage would be, i.e. when you use DL as your mail server or for file sharing. DL uses dynamic disc configuration via the Logical Volume Manager, which makes adding and maintaining the harddisk storage easy (regardless if you have only 1 GB or 1 TB of data).

* Support for Intel 486 and higher
Got some old boxes in your bone yard? For most internet connection an old computer is enough to play the role of your Firewall, this is the reason why we still support 486 CPUs. But we're not stuck with old technologies, we also provide you a version vor 686 CPUs with SMP support.

* IPTables/Netfilter Support
State of-the-art firewall functionality is provided by IPTables/Netfilter, which includes features like connection tracking. Devil-Linux adds many more Netfilter modules then you find in your standard Linux Kernel.

* Create your own, customized version with our Build System
Since everybody has different requirements, Devil-Linux provides you with an easy-to-use build system, which enables you to create your own customized version. You can i.e. only add the packages you need on your machine or even add features which are currently missing in the mainstream version.

* Directly supported by Firewall Builder
Don't like writing your Firewall rules by hand? Get Firewall Builder and use a great GUI tool to create your ruleset. Firewall Builder supports writing the rules directly onto your configuration floppy.

* No graphical desktop
Devil-Linux has not support for i.e. X-Server. This greatly reduces the requirements to run DL and also greatly increases security by reducing the number of running programs. (Try this on Windows...)

* Almost all binaries are compiled with the GCC Stack Smashing Protector
Except of a very few exceptions, all binaries are compiled with the GCC Stack Smashing Protector. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers.

* Improved Kernel Security through GRSecurity
GRSecurity adds several new features and protection mechanisms to the Linux Kernel itself. This includes Chroot restrictions (did you know that it is easy to break out of a non-protected chroot jail?), Address space modification protection (like PAX), Auditing features, Randomization features and much more.

* Easy to use chroot
Devil-Linux has support for chroot jails which is easy to use. Just define what you need in a configuration file and our jail script will take care of the rest. Some pre-defined configurations are already available.

Applications for Devil-Linux

The traditional application for Devil-Linux is to use it as Router/Firewall. Below you see a list of other possible applications:

Proxy Server, DNS Server, Mail Server with TLS support and Spam and Virus filtering, HTTP Server, FTP Server, File Server, VPNs with X.509 support, DHCP Server, NTP Server, IDS Node.

You can download Devil Linux from here.

Vyatta 3.0, Debian-based disto for routers and firewalls, Has Released

Vyatta (pronounced vee-AH-tah.) today announced the latest release of its open-source networking software.

The Vyatta software combines router, firewall, and VPN capabilities into an integrated solution that delivers twice the performance of proprietary network solutions at half the price.

The latest release, Vyatta Community Edition 3 (VC3) provides substantial enhancements and feature additions from the previous VC2 release, including IPSec VPN, multi-link PPP, and BGP scaling and security.

"I’m a firm believer in the value of open source over proprietary technologies. If you’re looking for price-performance—which I have to do for the taxpayers—you can’t beat Vyatta," said Paul Wheeler, IT manager for the City of Madera. "I have been continually impressed with Vyatta’s attention to detail, excellent support, and ability to reliably add more power and flexibility to the solution. Vyatta is no longer just a lower-cost alternative to high-priced Cisco proprietary routers. It’s a flat out better solution."

Since its debut, Vyatta’s networking software has been downloaded nearly 100,000 times. As the third major release, Vyatta Community Edition 3 adds a number of changes and enhancements, including:

• IPSec VPN – Vyatta now supports dedicated site-to-site (branch-to-branch or branch-to-HQ) virtual private networking and supports the most widely used cryptographic algorithms, including 3DES, AES (128 and 256-bit), MD5, and SHA1. In addition, IPsec VPN can now be configured in a cluster of multiple Vyatta units with failover mechanisms providing high availability for mission-critical services.
• Multi-link PPP (MLPPP) – MLPPP allows customers to increase WAN bandwidth by using multiple low-speed circuits, typically T1 links, in parallel, enabling a pay-as-you-grow strategy instead of paying the high cost of a T3 upgrade.
• BGP scaling and security enhancements – Improved BGP scaling provides faster routing convergence with many peers. MD5-based neighbor authentication delivers improved routing security. Per-BGP peer policy support makes it easier than ever to control route propagation. New monitoring and troubleshooting commands make Vyatta easier to use.

"We have proven the performance and reliability of our open-source networking solution in large, demanding networks, making Vyatta a no-brainer alternative to over-priced, inflexible, proprietary products," said Kelly Herrell, CEO of Vyatta. "Vyatta is the most flexible network infrastructure solution in the world and can be deployed on server blades, dedicated appliances, or virtual machines using VMWare and Xen. As a result, Vyatta is a universal solution to networking problems in the branch office, at headquarters, and in the data center, for both enterprises and service providers."

Vyatta builds commercially supported, open-source networking solutions that provide an alternative to over-priced, inflexible products from proprietary vendors. Our customers are smarter, better looking, and drive much nicer cars than purchasers of big-name products.

Vyatta customers know that Vyatta's Linux-based router, firewall and VPN software gives them a level of control unavailable from proprietary solutions. Vyatta customers are thought leaders who recognize the benefits of flexible deployment options--x86 hardware, blade servers, virtualization--of freedom to integrate applications of their choice, and of the economic and performance advantages of commodity hardware and components.

Download Vyatta ISO at here or for vary downloads at here.

SMS Linux 1.2, a Slack Mini Server

S-M-S stands for Slack Mini Server, now has version 1.2. A Linux operating system console based and manageable through Webmin web-based interface... Although described as a mini server, have all the features of a powerful server such as apache2, sendmail, spamassassin, clamav, squid, iptables firewall, mysql, cups and lot of other stuff.

SMS also features TorrentFlux, a powerful php based bit torrent client that can be managed from anywhere, making this server not only server administrators interest, but simple users too that want to download torrents safe and secure.

This server runs from a live CD or installed on a hard disk through a text installer. The liveCD created with linux-live scripts, and the text-installer taken from Slax's development.

Download SMS at here.

Endian 2.2 Beta 1 has Released

The Endian Team has released a new version of the Endian Firewall Community . It has version 2.2 Beta 1.

Endian Firewall Community is an all-in-one Linux security distribution that turns every system into a full featured security appliance. Designed with “usability in mind”, Endian developed a software that is extremely flexible and very easy to install, use and manage. The Community version has been warmly embraced by the open source community and has so far enjoyed over 185000 downloads with thousands of deployments worldwide.

Support for multiple WAN Connections, Zone Firewall for stealthy filtering of local traffic, time based HTTP access policies and OpenVPN X.509 support are just some of the brand new features. The result of over a year of development is an enhanced and polished Endian Firewall release, network security has never been
so powerful and easy.

Highlights of this Release:

- Enhanced management of WAN/RED connections

• Support for multiple uplinks
• Multiple IPs/networks on each WAN/RED interface in STATIC mode
• Uplink monitoring with automatic failover (ISP failover)
• Uplink editor

- Port Forwarding

• Multiple uplink support, allowing different rules per uplink
• Port Forwarding of traffic coming from VPN endpoints
• Option for rule based Logging
• GUI enhancements

- System Access

• External Access has now been enhanced and renamed to System Access
• Fine grained management of permissions regarding access to the system from LAN, WAN, DMZ and VPN endpoints
• Default policy for firewall/system access is now set to DENY
• Firewall services automatically define ports required for their proper function, but access can be restricted
• Support for ICMP protocol
• GUI enhancements

- Outgoing Firewall

• Support for ICMP protocol
• Handling of multiple sources/ports/protocols per Rule
• GUI enhancements

- Zone Firewall

• DMZ Pinholes has been enhanced and renamed to Zone Firewall
• Fine grained filtering of local network traffic
• Rules based on zones, physical interfaces, MAC addresses
• Support for ICMP protocol
• Handling of multiple sources/ports/protocols per rule
• GUI enhancements

- HTTP Proxy

• Time based access control with multiple time intervals
• Group based web access policies
• Major GUI enhancements

- OpenVPN

• X.509 and 2 factor based authentication
• Pushing of DNS settings to clients
• Pushing of global or per client routes
• Support for NATed VPN endpoints
• Support for VPN over HTTP Proxy
• Automatic connection failover
• Every VPN endpoint is resolvable through DNS (vpn..domain)

- Logs

• Every service supports remote logging
• Daily log rotation
• GUI enhancements

- System

• Accelerated and polished boot process
• Firewall logs rule number and target
• Refactoring of service scripts
• Squid 2.6 with major performace improvements
• Updated packages for ClamAV, Amavis, Postrey and much more

You can download this Endian release at here.

The Best OpenSource FTP Client: FileZilla

FileZilla is a fast and reliable FTP client and server with lots of useful features and an intuitive interface.

Originally designed as a Windows application, FileZilla has enjoyed much success among its users and as the third edition it also has a Linux version. For short, FileZilla is a free and open source FTP client, now in version 3.0.0 RC1, supporting protocols such as FTP, SFTP and FTPS (FTP over SSL/TLS). It is also the default FTP client in the Debian Sid Linux distro.

Simple, easy to use and configure, fast and reliable, providing useful features such as message log, folder view or transfer queue, FileZilla is the perfect program for browsing of a server and transferring files. If you choose FileZilla, then you shouldn’t worry too much about how to configure it as it works perfectly without any configuration.

After installing the software, one can easily connect to the FTP server it needs by typing the address and login details inside the Quickconnect bar. After connecting to the wanted server, you'll easily find your way around there as FilleZilla has a smart tree-like view for your files and folders as well as for the FTP server's ones.

The Drag and Drop technique is also very well implemented to ease your work. By default the tree view is hidden for the remote server, but you can enable it by simply pressing the tree icons on the toolbar. Besides the drag and drop method you can alternatively double click on a specific file in order to upload/download it.

There is also the classic way of doing so, by pressing a right-click then selecting the corresponding option in the context-menu that will pop-up. I must mention here the queuing feature that I've found very useful at this client. If you want to create a queue of files, which should be transferred later just select them and choose the Add to Queue option from a right-click context-menu. Then whenever you decide to start their transfer just click on the Start Transfer button on the toolbar.

Filezilla can also be used to administrate remote servers, along with administrating the server on the your local machine. However, this feature is not actually very frequently used and if you only want
to administrate your local server just type 127.0.0.1 as server address.

IPFire: Free firewall for your home or SOHO

IPFire is a linux based firewall distribution with a lot of extras. The base for the stable version 1.4.9 was the IPCop that has been hardly modified. There were added: Asterisk PBX, Samba, MorningReconnect, LPR-NG and many other things.

When the team was refounded to get rid of the old IPCop-code they made a totally new concept of the system including the linux kernel 2.6 to support the latest generation of hardware. We are going to make a really nice server for every home.

Download here for free.

WiFi in Xfce: How to Setup?

Wifi-radar is a tool intended to configure easily your interface wifi, and will allow you to connect to your wifi network. Wifi-radar is available in the menu Xfce, in the Network submenu.

After having clicked on it, you will be prompted for the root password, when you've filled that out, you will get the following screen:


In the main window appears wifi network available:

• SSID: wifi network name
• Signal: signal strengh
• Mode: show the type of network
• 802.11: wifi mode, b or g

On the right, 5 buttons to realize the possible actions with wifi-radar :

• New: create a new profile
• Edit: modify a profile
• Delete: delete a profile
• Connect: connect to a wifi network
• Disconnect: disconnect to a wifi network

First of all, select the network in which you wish to connect. Then click "New". Wifi-radar shows then the following window:

Inform then the name of the wifi network in "network Name". Then you go to seize the various parameters of your network by unwinding the options by clicking each of 4 lines:
Wifi Options, No. WPA, Automatic network configuration, Connections command.








































Wifi options:

• mode: Managed : with hot spot ; Ad Hoc : from PC to PC ; auto : wifi-radar will choose the right option
• Channel : channel (=frequency) to be use. If you don't know, auto...
• Key : wifi network crypt key. You can find it on the modem router packaging or sometimes its note is generally on the access-point.
• Security :Indicate if it is about a network opened (Open) or of a network with limited access (Restricted)
• Use WPA :Allows the use of the mode Wifi Protected Access.

Manual network connection: has to be used to configure manually the parameters of the network, in particular during the use of an fixed IP address.

Most of the time, you can leave this option on Automatic Network Connection (DHCP), DHCP will give the correct parameters in your connection.

Connections commands: this allows you to indicate the commands to execute before and\or after the connection will be established.

hping: Your Linux Network Traffic Generator

hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handles fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols. Using hping3 you are able to perform at least the following stuff:

• Test firewall rules
• Advanced port scanning
• Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
• Path MTU discovery
• Transferring files between even really fascist firewall rules.
• Traceroute-like under different protocols.
• Firewalk-like usage.
• Remote OS fingerprinting.
• TCP/IP stack auditing.
• A lot of others.

I've tried several traffic generators for Ubuntu, Fedora (and other) like scapy, NTG, Bit-Twist, but only hping meets my requirements. Recommended.

Example: to generate 100 packets per second TCP traffic to 192.168.0.1 with packets containing arbitrary destinations, just execute:

sudo aptitude install hping3
sudo hping3 --rand-dest --rand-dest --faster 192.168.0.1