What firewall OS you use ?

I know many guys, me included use a form of firewall OS on a home box to act as a firewall and router for the network. I'm curious what is the amount of users for each of the most popular OS.

I'm using endian for a nice interface, linux (to be turned as a folding borg as well ) and easy management. I also tried IPCop but got in some setup issues related to the onboard 3Com network card on my box.

EDIT : Forgot ClarkConnect but I don't think it's a biggie since it's rarely brought into discussion.

OpenBSD, PF.

Home and at work.

ipcop ftw! Running it at home w/ two Intel PRO1000s. Can't complain.

Xilikon said:

EDIT : Forgot ClarkConnect but I don't think it's a biggie since it's rarely brought into discussion.

Click to expand...

Only if the discussion is dedicated firewalls, Clarkconnect is only brought up when you need one box with more features.

(yes, I'm running Clarkconnect at home).

Dont forget freesco . I used that on a hotrodded 486DX4 packard bell... Man that thing was smokin, fanless Macintosh LCIII PSU, 120Mhz (or was it 100?) 64MB of ram, and three 10Mbps 3Com Etherlink III network cards serving up internet to a 12 port 3Com 10Mbps hub. DD-WRT is supposedly out for x86, im downloading it right now and will report back on it later.

Right now, Im using Pfsense off and on with a K6-500 microatx box (keeps crashing/stops working constantly), if I manage to score some 1U servers im going to try a few out and see how they fair. A friend and myself are both going through these various distros and testing them out, eventually we will write up a reveiw on them all.

As far as which one is better goes, Its really hard to say... Each one has its positives and negatives. Pfsense is monowall with more features and more bloat (needs at least 128MB of ram to function), but its well worth it. Smoothwall and IPCop seem to be more straight-forward and noob friendly for installation, but I have yet to test all of these out.

Though I cant really say im satisfied. I still want more features (mainly bandwidth throttling on a per-client/user basis). The worst part of making your own router out of old hardware, is I have no one to blame for any odd failures but myself.

I currently just use linux w/ iptables and NAT and all that good stuff. I have also used m0n0wall in the past, though, and it was great. I switched it to linux because I also wanted to use the server for some backup ftp storage.

4saken said:

OpenBSD, PF.

Home and at work.

Click to expand...

nice setup

2 x Openbsd boxes running PF

one does my wifi and they only have 1 chip between them such a skinflint i am

Personnally, I will make some experiments in the near future with 3 spare 20 Gb HDD with a different distro. So far, endian is the one I liked the most.

bob, that's true but I can't edit it. It is a nice distro itself but I believe it is now a bit too old and too limited for the current hardware.

OpenBSD with PF
need to upgrade to 4, but the ability to blackhole an IP for trying to brute force passwords makes me happy

Xilikon said:

So far, endian is the one I liked the most.

Click to expand...

You know, I've set up Endian twice now and while I really like the interface I haven't made the switch because it seems to be focused on the small office more than the home. Since I'm not running a mail server at home (you can all shun me later) a good portion of it's best features I wouldn't use.

... maybe it's just me.

IPCop with advanced proxy, QOS, OpenVPN, and Banish.

FTW

clarkconnect because of its features

Voted Endian, even though I took it down..I'm currently behind my RV082 again right now.

Tried IPCop, pfsense, and then back to IPCop but with the Copfilter add-on...which led me to Endian..which I stayed with for quite a while.

Pfsense, because it's based on FreeBSD / m0n0wall, and it has alot of great features. Also, since the configuration is entirely XML / php driven, it is highly modifiable and easy to add to!

I have also used, and liked, clarkconnect and smoothwall...but pfsense beats both of them, IMO

I use IPCop + Adv Proxy + Update Accelerator for the LAN I run. At home I use a RV016.

Cisco ASA 7.2

ipCop + Adv Proxy + Update Accelerator + URL Filter at home.

I used to just run on a Linksys something or other. The local high school decided to give every kid a laptop this last year so the wifi that I leave wide open (promise I had reasons for this). Got tired of the kiddies eating up my bandwidth so it lead me to IpCop. I have looked at Endian but can't really find a good explanation of what makes it better than IP Cop with the add-ons.

Running Clarkconnect 4.0 here. Went from Smoothwall, IPcop, and finally to Clarkconnect. Clark has all the features I need such as email server, database, web, ftp without having to use multiple boxes to get it done.

Clarkconnect has been solid running on a PIII, 1 GB SDRAM, 80 GB Western Digital, 3 X 3COM 10/100 NICs, Supermicro mobo.

I've been running IPCOP+Copfilter for about 6 months now. Keeps the torrents flowing like no other Are there any plugins that add a captive portal system so I can add in my wireless router to a seperate nic on the box.

or are there other distros that do this?

ipcop + copfilter, and a few addons..update accelerator, lmsensors, and popfile for spam filtering...the p3scan in copfilter was toooo slow on the box i had... 2 x 533mhz celeron w/ 768mb ram running the smp kernel

dx2 said:

I've been running IPCOP+Copfilter for about 6 months now. Keeps the torrents flowing like no other Are there any plugins that add a captive portal system so I can add in my wireless router to a seperate nic on the box.

or are there other distros that do this?

Click to expand...

Someone released a captive portal addon for Smoothwall last month.

dx2 said:

I've been running IPCOP+Copfilter for about 6 months now. Keeps the torrents flowing like no other Are there any plugins that add a captive portal system so I can add in my wireless router to a seperate nic on the box.

or are there other distros that do this?

Click to expand...

I know that monowall has a captive portal build in.
http://m0n0.ch/wall/features.php

pfsense is based off of monowall and also as a captive portal
http://www.pfsense.com/index.php?id=26

Clarkconnect 4.0 has something they labeled a HotLAN for wireless.

ive been using pfsense for about a year now. i was previously on smoothwall, and it was just too feature-poor for me. things that pfsernse does for free, that you have to pay for on smoothwall (when i quit, that is):

1) multiple ips on each interface. pfsense lets you have as many ips as you want.
2) as many ethernet cards as you have pci slots to support
3) client-to-firewall vpn connections. road-warriors, rejoice!
4) how many load balancing configurations than you think of? firewall clusters, or wan link clusters, or firewall clusters with wan link clusters. as many wan links as you can afford, or convince your ISP to let you have.
** edit as i read above 5) captive portal
** another edit!! 6) oh, did i mention one hell of a powerful alternate queueing/QoS system?


other, less pivotal things, that could be rolled into any other firewall with varying degrees of trouble, but all managealbe from web interface

- as many vpn options as you can shake a stick at. you can go straight ipsec connections, or PPTP, or OpenVPN.
- wake on lan support, wake up your computers as needed
- snmp
- layer 3 routing to other inside-local networks

tons of other feaures im not thinking of. by far the most comprehensive firewall package ive ever seen!

my pfsense box has a single 2 port intel nic. my outside interface has 1 ip address, and then 4 other proxy-arp ips are added as well. then, i have also enabled 1:1 outbound NAT, so that the hosts that live behind these other 4 ip addresses appear to be comming from those, and not the interfaces physical address (other non-server computers on my network appear to be NATing out thru the main ip tho).

my lan also has a 10. network located behind a linux router, and my pfsense has a static route set, so that all traffic that is destined for 10.0.0.0/8 is directed thru this router, instead of out the pfsense box.

as i mentioned above, all confiugred thru the web interface!