Features of Gibraltar
Gibraltar is
designed to work completely off the CD-ROM, with configuration data
stored on a floppy disk. This is quite different from the common
approach, where everything (program and configuration files) is stored
on a hard disk. It might be uncommon and new, but there are quite a
few advantages:
- secure
- easy setup
- updates easy
- easy handling
of configuration (write-protected, backup, different versions)
However, there
are also disadvantages of not storing the program files on a harddisk
and I do not want to hide them:
- a CD-ROM
drive must be available
- a software
update needs a new CD-ROM and a reboot
There is also
the option of installing Gibraltar completely on harddisk, thus
eliminating the disadvantages. But if Gibraltar is installed
completely or partially (only the program files, configuration data
still stored on floppy disk) on harddisk, some of the advantages are
lost. It will not be as secure as if it would be running from CD-ROM
and if configuration files are stored on the harddisk, they can not be
handled transparently.
Another design
goal is to make it operational without a system console. There is no
need for a keyboard or a monitor to be attached to the machine
Gibraltar is running on. Everything can be configured over the
network. Any operations that need to be done directly on the machine
(e.g. inserting configuration disk during bootup) are possible without
a monitor. When a disk needs to be inserted, the machine simply beeps.
It is also possible to configure it fully over a serial line.
Since Gibraltar
is based on Debian GNU/Linux, it will have all features that you would
expect from a full-blown installation. These include, but are not
limited to:
- full IPv4,
IPv6, IPX and Appletalk protocol support
- static
routing for all supported protocols
These options
are supported for IPv4 and partially for IPv6:
- dynamic
routing: BGP4, BGP-4+, RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3
- routing based
on source address, incoming interface, type of service, source /
destination port, protocol type, ...
- multicast
routing
- full NAT and
masquerading support (even in combination with source-based routing)
- transparent
proxy support for
- CBQ, CSZ, RED
and others traffic control
- RSVP
- support for
ethernet (10, 100, 1000 MBit/s), wireless, token ring, ARCnet, PPP,
SLIP, PLIP, ISDN and HAM radio network interfaces
- multiple
interfaces supported (already tested with 12 interfaces )
- advanced
firewalling: stateful / non stateful
- address
configuration options: static, BOOTP, DHCP, dynamically via PPP,
PPP-over-Ethernet
- can act as a
DHCP server to configure IPv4 clients
- can configure
IPv6 clients which use
stateless autoconfiguration
- PPTP-Server
for client-to-network VPN
- IPSec with
RSA support for network-to-network VPN or client-to-network VPN
(interoperable with Windows 2000 and PGPNet clients)
|
