Turning a PC into a firewall?

Is this really such a good idea? Have a PC connected to the ethernet to act as your firewall for your main PC?

I read up about this a long time ago. I wasn't really sure if it was a good idea to spend that much money.

So what do you guys think about all this?

I have done something similar before.

 

It was an school project, where we had to set an server (fedora) up with several clients (ubuntu (Didn't have a choose really, but whatever)).

 

The fedora server was the only one with an interface out (NAT), so all traffic needed to be routed through that.

 

We installed the DHCP service, configured and connected the clients to it. (The fedora had another interface, which was the for the inner site).

 

We then needed to configure the firewall through iptables, which is very logical once you get to know it.

 

Normally you would need an dedicated hardware firewall, when you are running with some bigger setups, like a atleast a few servers. For a single computer, it isn't really worth it.

If it's not very power efficient, you may want to look into some alternatives, but yes, generally it is a good idea.

PFsense is an amazing firewall distribution. I'd look into that. And it can be run on things like atom, ARM, and ppc chips without a hiccup.

You don't need to spend your money on gigabit cards if you're just going from your modem (wan) to your lan, unless you have an internet speed rating above 100mbps. You can get dual, even quad 100mbps pci cards on ebay for less than $20.

If you only have your one computer on your network, and you're concerned about security, you may want to look into some host-based solutions. SNORT is a popular choice, and so is peerblock. And as always, VPN's are amazing.

Is it possible to use a AM1 socket processor on a ITX board?

And run a firewall that way?

Yes, you can. I know the athlon 5350 is pretty power efficient, around 20w idle/35 peak. However the a8/a10 variants are 30-40w idle, and 100-150 peak. The arm soc variants will pull anywhere from 20 all the way down to 2w. If electricity is expensive in your area or you are planning on hooking this up to a UPS (recommended for networking equipment) keep those wattages in mind.

And don't worry if it will be enough power. An athlon am1 will be able to run a pretty darn thorough pfsense firewall just fine. I mean just think, enterprise grade stuff is generally 1-2ghz arm/atom/asic chips. You don't need much cpu horsepower to run a firewall/routing networking appliance.

There are several mitx am1 boards, from msi, gigabyte, asrock, etc. Just make sure to have 2 nics installed somehow, either on-board or through an expansion card.