Mosudi Isiaka Contact Me

Open Source Firewall

Opensource Technology: A cost saving option

Firewall gateway requirements

  • Firewall
  • Port forwarding
  • Network Address Translation(NAT)
  • Redundancy/Fail over
  • Virtual Private Network(VPN)
  • Intrusion Detection systems(IDS)

There were three main servers on which the TCMS (Transaction Control and Management server) was based namely:

  • Automated Fingerprint Identification system(AFIS) server
  • Data base Server
  • Web Server

They are critical to the smooth running of a digital mall. TCMS application runs on The Microsoft .NET Framework. Therefore, the most appropriate server platform was Window 2008 servers yet they were to be available for on site client software connection as well as remote site client software connections. The remote connection of the client software is primarily over the World Wide Web. Therefore, the need to be protected with firewall. The client TCMS software was designed in a manner to connect to the three services: AFIS, Database and Web services on a single host server:- i.e. same hostname/IP address yet each of the three were running on separate physical hardware. Likewise, the enterprise network requires that the different sets of server in all locations to bear same network address. The requirement for the scenario to be resolved involves: Firewall, NAT, Port forwarding, VPN, IDS and redundancy/failover.

Quick on your mind are:

  • Cisco PIX (Private Internet Exchange)Assure Managed Firewall
  • Checkpoint firewall
  • Astaro Security Gateway
  • Cyberoam

In all these solutions Cisco PIX owns the largest market share. With Linux we were able to put up a formidable firewall gateway with effective perimeter fence yet legitimate connections were made easy and straight forward, even for a regular windows server administrator. Each server were made available from behind the firewall for easy administration and network service. Above all the server administrators does not need to travel distance before having adequate desktop access to the corresponding servers for routine maintenance, emergency maintenance, administration and monitoring. The Firewall gateway itself has an intuitive web administration interface which makes it easy for non hard core network administrator to manage such firewalls. Above all, inexpensive X86 hardware would perform extremely well and at fraction of the price for alternative and traditional hardware firewall gears /applications. Each Firewall Gateway served as VPN endpoint for each network location and it was possible to have all servers on a private network. It was also possible for remote and mobile users and administrators to effectively connect to the TCMS application.

Mosudi Isiaka

NB: This white paper was made with open source software-based applications.

  • Operating System: Ubuntu Lucid 10.04 LTS on a gnome desktop environments
  • Word processor:
  • Graphics: Dia – a program for drawing structured diagrams Eye of GNOME
  • email:,
  • web:
  • Author: Mosudi Isiaka