>Linuxguru, Plunk down your money and pick up one of these fast, we could use someone with a
>nickname like yours on board.
I'm tempted, but at the moment my hands are a little full. Too little time
>Like robby, I do not understand your last sentence, please explain, if it will make us $50,000 I
>am all for it ;)
Netscreen, Cisco and various other vendors make multifunction VPN boxes. Typically, these have multiple ethernet interfaces like eth0, eth1,...(not just multiple ports on a hub). One of these is connected to the outside (untrusted) world, another to the DMZ (a buffer zone where things like webservers, routers, NIS servers etc. reside), yet another to a trusted internal network, etc.
Linux has progressively got support for most of these features. The Linux Router Project (LRP) aims to use a Linux kernel, configured for routing and with minimal other services, on a standard obsolete 386/486 box with NICs as a router. It works well enough to obliterate Cisco et al at the low end. But there's nothing preventing the use of LRP on a dual 2.2 GHz Athlon with a dozen gigabit NICs to compete with Cisco at the high end, and indeed, there are a number of companies that are taking this route.
Linux also has built-in support for firewalls (this is actually not a kernel functionality, but mostly a userland function). There are distributions like Smoothwall Linux or Bastille Linux that are optimized for use as firewalls, but it is possible to configure any generic linux distribution to get similar functionality.
Finally, for VPNs, Linux has support in the 2.4.x kernels for a module called FreeS/Wan, which stands for Free Secure WAN. This allows the use of encrypted IP tunneling to set up secure VPN connections between two similar units, or between a FreeS/Wan unit and a router running commercial S/Wan.
With Linux, it is possible (although it involves a lot of work) to combine all three features in one box, thus making a single combo box that does firewalling/VPN/routing. In fact, it is possible to use the same box as a webserver/popserver/ftp-server also.
Netscreen's high-end boxes cost 50k and up, but what is likely to happen as Linux LRP boxes threaten that space is that prices will drop to a few thousand bucks. We probably won't make 50k by taking a Magnia and hacking it .
>I do not fully understand some of the hardware substitution ideas that have been put forward so
>far. The SG10 has a 7 port hub built into it already, which obviously works in Linux, as the
>toshiba software is based on Redhat 6.2. Why substitute if we do not have to?
It's only a hub/switch, not a multiple-interface Ethernet card, which is required for router/firewall/load balancer configurations. Of course, for use as a plain server, a single interface is sufficient.
>In order to use a normal PCI cards in this thing you would have to leave the top of the case
OK, so it looks like the way to go is to leave the hardware unmodified, except maybe CPU, memory and hard disk; and skip the LRP/FreeSwan ideas. Restrict the project to hacking the distribution. First step is to get root access. This should not be difficult - just get the drive off, connect it in another Linux box, mount the root filesystem, and substitute the /etc/passwd file with one without any passwords set.
If you're able to successfully boot with that drive and get root access on the Magnia, you can install any generic i386 RPM and customize it your heart's content.