Using Cobia as a transparent firewall

I talked by phone with one of our new Cobia users today who wants to use Cobia as a transparent firewall. A transparent firewall is one which doesn't use NAT (network address translation) between internal IP addresses and outside networks, such as the Internet.

While this might sounds like a very easy proposition (and it is easy to do with Cobia), many consumer grade and SOHO firewalls ship with NAT enabled and no option to turn it off. That's a problem when you don't want to use NAT. (Maybe you could configure NAT on the device to NAT the address to the very same address, but that would be silly wouldn't it.)

To create a transparent firewall with Cobia, simply do not enable NAT in the Cobia Firewall module. Or create exceptions so that some device IPs are NAT'd while others pass through without translation. It's that simple.

Happy firewalling!

Similar Networks

Last night I had an IM conversation with Michael Ramm of the 1-man IT Department on installing Cobia on his network.  The installation wasn't painless due to some issues in the recognizing the second NIC correctly, but Michael was able to work through it thanks to a post by KC in the forums.  He also got the external interface set up as a DHCP client, but we had to stop for the night there.  His ISP requires PPPoE authentication, which is more than we were willing to take on at the time.

I was struck by the similarities between the network Michael is setting up, the one I have planned and what my boss, Mitchell, has set up at his home.  In all three cases, what we're setting up is fairly simple by enterprise standards, but beyond what the average home or SOHO network is going to look like.  Were all using slightly older hardware for our Cobia server and I think all of us are even using WRT54G wireless routers.  We all want to have the Cobia server acting as the firewall just inside our ISP's DSL modem, the WRT54G to serve wireless and wired access to the rest of the  internal  systems, and DHCP from either the  Cobia server or the WRT54G.

We each have our own difficulties  to face in our implementations.  Mine is probably the easiest, since I'm splitting my wireless network off of the rest of my network.  I have a block of static IP's from my ISP (4 is a still a block, if a small one), of with the Cobia server will be using one and the wireless network will hang off the Cobia server.  I haven't decided yet if I'm going to have my WRT54G serve up the DHCP or the Cobia box, but I think you can make the Linksys box proxy DHCP.

Michael already has his WRT54G working with his ISP over the PPPoE, but would like to have his Cobia box take over that duty.  We haven't tried it yet, but I'm thinking the Roaring Penguin PPPoE client is the best solution for his situation.  After that, he'll move the WRT54G inside the Cobia server and his network should be almost identical to mine internally.  I'm going to let Mitchell highlight his own home network.

In general, I think this is how most people are going to set up Cobia in their own home network, with the Cobia server at the edge and the switch/wireless access point innermost.  The WRT54G has a pretty good firewall built for such an inexpensive device, but it's no where near as full featured as Cobia's firewall module.  As more modules become available for Cobia, you're going to want to have Cobia at the edge to take advantage of the extra capabilities.

I'm interested to hear how other people are setting up their home networks.   Which modules are you using and why?  How did Cobia's capabilities effect your network design?  What other network equipment are you using?  Leave me a comment or start a thread in the forum. 

Best hardware for Small Biz

I came across a slashdot post this weekend by Cliff asking which hardware is best for small businesses, Dell or HP. It's a good question, and my experience has been very positive with both vendors' gear. Cliff plans to refresh about 100 computers but now is actually a good time to think about refreshing his network too. Cliff, I hope you don't mind but since you asked the question, I'd like to talk about how Cobia can help a non-profit business such as yours.

With Cobia, there are three easy paths that are great options for Cliff; re-purpose some old computers as Cobia devices, budget a few extra machines for Cobia devices, or configure one of your server machines to also run Cobia in VMware. Depending on how many locations Cliff's medium-sized non-profit business has, he could use Cobia at his main office location and at each remote office. Then rather than deal with the antiquated, minimalist text "gui" interfaces of most appliances, use Cobia's full, easy-to-use web interface to manage Cobia devices throughout the network.

Non-profits usually work under some very tough financial constraints. It's important that every dollar go towards the cause being supported so expenses are usually kept to a minimum and dollars watched very closely. My sister, Michelle Ashley, runs a non-profit for service and therapy dogs is a great example that I've learned from personally.

The best news for Cliff's business? Cobia is free. Cobia support is free. No charge. Just download Cobia and start using it as much as he needs. How great is that for a non-profit.

Plus, as Cliff's business changes and grows, Cobia can grow right along with the business. But, rather than being forced to dump his network gear appliances when faced with an upgrade, he can upgrade his hardware in place or put in new equipment and re-purpose that gear for a smaller office or another purpose. And additional modules, from both StillSecure and our growing list of partners, can be added to Cobia devices. Need some really powerful content filtering, anti-spyware, or IM monitoring? Check out one of the StillSecure Cobia partners to bring in even more capabilities. (More about our partners later.)

Cobia - when you're in a pinch

The best part of my day is talking to Cobia users over email and IM. Today I talked with a new Cobia user, Michael, who works as a network admin in Alabama. First, let me thank Michael for taking the time to download Cobia and send email out to me. Its people like Michael who read the blogs, listen to podcasts, visit the Cobia site, and see the power and potential of Cobia in their networks.

Michael's situation is all too familiar; do more with less because we don't have a lot of budget. Sometimes there's just not a lot of extra budget to do the things that need to get done. Time can also be another enemy working against us. But in most cases, somehow it still has to get done. Enter the picture- Cobia!

How so? Well, for one... Cobia is software which you can run on off-the-shelf hardware. Need a quick firewall or a router in a pinch? Download Cobia and turn that Intel 2.0ghz machine into a speedy router or firewall. Better yet, add on more Cobia modules and turn it into a multi-function platform for any number of your network and security needs.

Rather than paying premium bucks for some under powered appliance you're going to ditch in the 6-12 months, turn the situation around in your favor. Put Cobia on your favorite brand of computer; Dell, HP, IBM... any number of quality Intel/AMD hardware boxes. Now the power's in your hands. When you're ready to upgrade, upgrade the same box in place with a faster processor, more memory or disk. Or re-purpose that box for something else and upgrade to the latest hardware at a price performance level that works in your favor, instead of the vendors.

So whether you're in a pinch or your planning your next upgrade, "be like Mike (Michael)" and download Cobia. Cobia makes an excellent alternative to buying yet another appliance you're likely to throw away.