Topic: Suggestions needed

[stancol]

I need to set up a network for a client. Network includes both regular business network machines and one public Kiosk type setup. I want to use the SME box to filter traffic for both sides of the network to keep porn sites out. Would love to have the Kiosk on another network all together but don't want to set up two different SME boxes. How do I keep the Kiosk machine from finding or getting into the business side of the network? What about adding a third network card to the SME box? I've seen some contribs that seam to suggest that it is possible. Don’t know if that’s a good way to go or not.

[Boris]

Generally its preffered to put those (untrusted computers in to DMZ), but SME doesn't have built-in DMZ option. Adding extra NIC and modifying firewall rules manualy is task for very advanced Linux admin, not for the average/typical SME user (no offence). Unless you feel up to the task, I would prefer seperate firewall-only appliance for this job. IpCop, monowall, gnatbox lite and many other free small firewalls with very low hardware requirements will work well.

[stancol]

Even though I think I could master rewritting the rules I wasn't leaning that direction. My biggest fear about the 3 nic card idea is my belief (maybe I'm wrong) that it would require a lot of CPU time and or RAM.

[Boris]

Even though I think I could master rewritting the rules I wasn't leaning that direction. My biggest fear about the 3 nic card idea is my belief (maybe I'm wrong) that it would require a lot of CPU time and or RAM.

Not a lot and not enough overhead to be concerned about it.