My ADSL line was opened yesterday, so I am back on the Internet! Actually during the last two months, I still had an Internet connection, but only though a 56k modem, not really useable for maintaining Debian packages or for doing an "apt-get upgrade" on my machines (and a bit costly).

I am in my apartment for a month, and it tooks two weeks to get the invoice of my telephone line, one more week to get the ADSL line and one more week to get my modem from the post.

The connection is an ADSL2+ connection, so there is enough upload rate to be able to host websites. I moved all my websites to my home server, and I am just waiting the activation of the reverse DNS to be able to host an SMTP server.

In my latest post (Switching to kernel 2.6), I spoke quickly about my firewall. In the comments, I was asked for information about it. So I decided to write a new post.

My firewall is based on a micro-ATX PIII mainboard with an Intel Celeron 600. I know that it is too much for my use (the load is almost always 0), however I already had the mainboard. This processor is one of the slowest processor that the mainboard accepts (the lowest speed is 500 MHz). Anyway that kind of processor is a good choice for such a computer, as it is one of the first processor using a 0.18µm technology, thus it doesn't need a lot of power (for an x86). Using an Aqua 690 heatsink it can run without a fan.

This mainboard has an integrated Ethernet adapter, and 3 PCI ports. I chose to use them to plug three Ethernet adapters, that is to say a total of four. Currently three of them are setup in bridge, but I can later un-bridge one or more ports if I need. It could be useful to plug a WiFi access point, or to create a DMZ for my servers (just for the fun as I am the only user of my LAN).

Instead of using an hard-drive, that makes noise and heat, I chose to use a 256MB Compact Flash instead. I made a CF/IDE adapter using the article published in Elektor (April 2002 for the French edition). It is now possible to find such an adapter in some webshops.

I packed all that stuff in a metal box, with a 120W Shuttle Power Supply. The longest part was to machine the metal, with a drilling machine and a file in my case.

On the software side, this firewall is running Debian, with two scripts of my own using iptables: one for IPv4 and one for IPv6. 256 MB is enough for that and some useful packages (ADSL modem drivers, radvd, ping, traceroute, tcpdump, ethstatus, lm-sensors, snmpd, ntp, logcheck, etc.).

Below is a photo of the inside (sorry for the poor quality, I took it with my webcam as I still don't have a digital still camera):

You can see a fan grille on the front, however there is no fan behind it. I removed it as it was making noise, and was not really necessary. Concerning the processor's fan, I control it using lm-sensors, and it is almost always off, resulting in a very silent firewall.

I used the same box for my servers, however they are using an hard-drive. It is possible to put up to two hard-drives (useful for RAID1) in a such box, if you are using low profile RAM.