Which Linux firewall Distro is best for gaming?

[Angry]

Ive got a Dell Poweredge 1750 that Ive been playing with for the past several weeks, loading it with Untangle, and pfSense. I did try Smoothwall and Astaro but Smoothwall cant detect the SCSI drives, and Astaro goes into a kernal panic. And I could not get pfsense to corporate with MW2. (always strict NAT no matter what I did)

So Ive been using Untangle for the last couple of weeks very nicely. The 1750 has dual gigabit Broadcom nics and a single Xeon 3ghz w/ HT CPU. Only except here lately I noticed even with everything turned off in the GUI rack, my internet speeds would start dwindling, and especially in MW2 I had alot more lag issues when playing online. And today while playing around with QoS, I managed to get it back up to 14mbs down and 3mbs up. (I can hit 19-22mbs up and 4mbs using my DD-wrt router). But then for whatever reason the configuration wizard came up while playing around, so I exited that because I didnt want to change anything, only to have my internet die and no longer able to access Untangle.

So the 1750 came unplugged,hooked the modem back into the WAN of my DD-wrt router,(WRT54g2) logged into DD-wrt , turned DHCP back on,and was back in business within seconds after the router rebooted. Still even had all my ports forwarded correctly.

But now, the 1750 is sitting in the basement, useless again.
I really enjoyed Untangle for its services while surfing the web (no popups, no ad galor).
However, it always gave me a bit of lag in MW2, or it gave it to my friends when I hosted.
The whole MW2 experience is MUCH better with just my DD-wrt router handling everything.

So, after all that BS. Im looking for a Linux/FreeBSD firewall or something of the sort firewall to put the ye ol Poweredge 1750 to use. Hopefully something that works as well as DD-wrt does for me. If I cant find anything, Im picking up the most powerful router w/ gigabit ports that I can load with DD-wrt.

 

[450]

Im picking up the most powerful router w/ gigabit ports that I can load with DD-wrt.

Just get a Netgeat WNDR3700 and call it a day. The savings in power, heat, and noise make up for the cost.

 

[YeOldeStonecat]

PFSense has the best QoS of all the distro's I've played with (and that's quite a few).
Do you have the Intel NIC option on the 1750?
Yeah with Untangle there are some tweaks..you make "bypass rules" for the MW2 traffic so it doens't pass through all the virtual components of the rack. The attack blocker also steps on game traffic....you can turn that off while gaming. Don't forget, Untangle is a UTM appliance designed for businesses, not a high performance low latency router.

is this 1750 dual CPU? SATA or SCSI option? It's up to you if you want to foot the bill for it and deal with the noise...it's a few hundred times overkill for PFSense IMO, but you'll have one heck of an unstoppable router that you can throw anything at.

I used to do that before...use servers and other honking gear for my firewall distros....but I'm done with that, the noise, the heat output, and the jack in my monthly elec bill. Got a small quiet Atom D510 purring away in the corner now, low power hard drive, fanless chassis.

 

[Angry]

The specs for the 1750 that I have is, 1x 3ghz Xeon w/HT(with a spot for another), 2gb PC2100 DDR memory. (room for more) With 2 SCSI 74gb 15k rpm Maxtor hot swap drives. (one with pfSense and the other with a fudged untangle). With dual broadcom gigabit NICs, it does have PCI-X slots, and I have been considering picking up a couple of PCI-X gigabit Intel NICs off ebay.
Would gigabit Intel NICs be better than the built-in broadcoms?

The 1750, and my media server draw less than half of juice that my gaming rig does. 220watts peak for both. Thats even when the fans are spun up on the 1U 1750. Im not worried about the noise either, the 1750 and my media server are in the basement.

My issue with pfsense is it wouldnt forward the ports properly, and refused to give me open NAT in MW2. I do like how it is setup though, very similar to FreeNAS..

 

[Angry]

Also, I was looking around on the DD-wrt forums and I noticed someone posted a VMware x86 image up of DD-wrt... I thought about putting Windows Server 2003, (imaged from the 1750 originally) and Vmware on the 1750 and seeing if it worked....

 

[YeOldeStonecat]

I had Speedguides Battlefield gaming server running on one of those for a while, was a nice rig.

Untangle would run better on the Intels....as Untangle pushes the NICs very hard with how it handles traffic across layer 7 and the modules you have loaded in the rack. Most broadcom NICs in servers are 1/2 decent though, it's not like you have some crappy RealSuk NIC.

Should be fine for PFSense.

When you tried PFSense, did you flip on UPnP and enable it on the correct interface? My boy didn't have a problem with MW2 or COD4 (same ports).

 

[dandragonrage]

Also, I was looking around on the DD-wrt forums and I noticed someone posted a VMware x86 image up of DD-wrt... I thought about putting Windows Server 2003, (imaged from the 1750 originally) and Vmware on the 1750 and seeing if it worked....

If you want to use DD-WRT (I ask why?) then I would consider using VMWare ESXi.

 

[Angry]

If you want to use DD-WRT (I ask why?) then I would consider using VMWare ESXi.

Something to play with? heh

Not sure Im going to be able to anyway, least till I can dedicate 2 NICs to it. Going to need more network cables, and more ports than the 4 that my linksys router offers.
And still need to see if I can get VMware from a friend at the college. Hes the one that let me play with it before.

 

[dandragonrage]

VMWare Player will work if it's already provided as a VMWare appliance. VMWare ESXi and Server are free if you want to use those. ESXi is a hypervisor, though be aware that you will lose direct access to the PC other than to configure some basic VMWare parameters. You'd need to do the rest from another PC using VMWare's management utility.

 

[Angry]

Looked at VMware ESXi and it seems 3.5 is no longer availible for download, as it was the last 32bit version. Theres not 32bit version on the Vmware website. Which sucks after registering.

The 1750 will not support 64bit...

 

[Hallis]

I may have an .iso of ESXi 3.5 at home. If you've got a license for it i'll hapilly upload it somewhere for you.

 

[Angry]

I have a license from registering with Vmware. Not sure if it work with 3.5 though.

My friend from college also brought me his copy of VMware Workstation 7.
Would that work?

 

[CiscoInside]

How is that beast? I had one, but the power consumption was too much, and so was the sound. Go with ESX though, good choice.

 

[Captain Colonoscopy]

You can still download the free version of ESXi 3.5 from VMware just fine. You have to look for the link that goes to previous/older versions from the ESXi download page.

I've found most issues with using pfsense, astaro home, untangle are related to misconfiguration. Like the venerable StoneCat mentioned, Untangle/Astaro are UTM appliances in addition to being firewalls. You'll have to configure bypass rules or exemptions for the services required by your games or other apps. I'm running Astaro Home and I don't run into issues with the games my son and I play, of course I had to tweek a bunch of crap first....

 

[C7J0yc3]

Why bother with 3.5 when you can get ESXi 4.1 for free now?

https://www.vmware.com/tryvmware/index.php?p=free-esxi&lp=1

All you have to do is register.

Also since your creating a VM, why not play with pfSense v2 Beta 4 in a VM. I am running v2 Beta 4 on my firebox x700 and have no problems with any of the online games I play, PC, 360, or PS3.

 

[dandragonrage]

Because he needs 32-bit and 4.x is 64-bit only.

 

[Nacho]

Sounds like upnp enabled on lan or something in the port forward was not enabled correctly. I've used many a pfsense (and still do) and have not had any issues with this game.

I can also concur that a 1750 can and will run pfsense quite well. Dual port pci-x intel nics should run you 30 bucks or so on ebay and will work great in one as well.

 

[chickenla]

Try out untangle you got the hardware for it. I only experimented with smoothwall, which has the easiest straightfoward port forwarding method and pfsense which has a really good qos. I didn't spend much time with untangle though because i didn't really want to have my 89W Pentium 4 machine on 24/7 with untangle when i can use a 30w Pentium 3 machine 24/7 no problem with lighter distros.

 

[dashpuppy]

Try out untangle you got the hardware for it. I only experimented with smoothwall, which has the easiest straightfoward port forwarding method and pfsense which has a really good qos. I didn't spend much time with untangle though because i didn't really want to have my 89W Pentium 4 machine on 24/7 with untangle when i can use a 30w Pentium 3 machine 24/7 no problem with lighter distros.

I vote Untangle

 

[jadams]

I did not see this thread when it first came around.

As for gaming I've downloaded 6 torrents at the same time while gaming on some BC2 and there wasnt even the slightest of a hiccup

pfsense on a pentium 2 500mhz with 512mb ram and a CF card. i always increase its state table to the max allowed by the RAM.

 

[dashpuppy]

I personally like Untangle, it protects and stop TONS of crap. I've never tried pfsense, but after using Untangle, i'm not sure i want to use anything else.

 

[LZ1]

I would stay away from anything BSD based(pfsense, openwall) the way they do NAT is different and generally causes issues.

 

[Valnar]

I would stay away from anything BSD based(pfsense, openwall) the way they do NAT is different and generally causes issues.

What kind of problems?

 

[Captain Colonoscopy]

I would stay away from anything BSD based(pfsense, openwall) the way they do NAT is different and generally causes issues.

LOL WUT??

Just because you don't understand how to properly configure a device or read a manual doesn't mean the product is bad somehow .. . .

 

[munkle]

I would stay away from anything BSD based(pfsense, openwall) the way they do NAT is different and generally causes issues.

I don't know if they do Nat differently but I do know I had problems with nat on xbox live and games with both monowall and pfsense. Even after forwarding the ports and using upnp on pfsense I still had problems and lag.


I switched to clearos. It's been great, it is a ton easier to setup and no lag nor nat issues in gaming anymore. I highly recommend it. You can also setup a nas with it and various other features if you want. The only downside I can see to it is the initial setup is kind of long (1 hour from inserting disk to being done with setup) and it takes a while to boot if you have to reboot, but I never had to reboot after the setting it all up.

LOL WUT??

Just because you don't understand how to properly configure a device or read a manual doesn't mean the product is bad somehow .. . .

So what do you suggest when you forward the ports and turn upnp on and xbox live still lags and says you have nat problems. It took me like 5 min to find a game with all ports forwarded and upnp on in pfsense. I switched to clearos forwarded the ports and bam 30 secs to find a game and no lag. It's not a common problem but if you search for it on the internet it is there.

 

[Captain Colonoscopy]

So what do you suggest when you forward the ports and turn upnp on and xbox live still lags and says you have nat problems. It took me like 5 min to find a game with all ports forwarded and upnp on in pfsense. I switched to clearos forwarded the ports and bam 30 secs to find a game and no lag. It's not a common problem but if you search for it on the internet it is there.

Using crappy NICs perhaps? I've used pfSense several times and never had issues with xboxlive or other on-line games. UPnP and portforwarding always worked fine for me. Of course I also used good intel NICs, too.

 

[munkle]

Using crappy NICs perhaps? I've used pfSense several times and never had issues with xboxlive or other on-line games. UPnP and portforwarding always worked fine for me. Of course I also used good intel NICs, too.

I was using 2 intel Pro/100 M nics. I tried some 3com nics also still had problems. I tried 4 different pc's still had problems. Pretty much the only conclusion I could draw was it was pfsense and switching to clear os fixed that.

 

[YeOldeStonecat]

I personally like Untangle, it protects and stop TONS of crap. I've never tried pfsense, but after using Untangle, i'm not sure i want to use anything else.

UTM's kind of go against high performance online gaming. Passing traffic through a layer 7 box like Untangle...doing all the UTM stuff...the packets are taking the long route through a lot of UVMs. I love Untangle too..and use it at a lot of clients..but those are business networks. Plus Untangles Attack Blocker module steps on the toes of a lot of games. You have to do a lot of bypass rules to get it running marginally acceptable for low latency and all of a games functions.

PFSense...that's designed from the ground up to be a fast fast distro, it's a freaking Ferrari. And it's QoS is nearly unmatched...I can play my online games with narely a rise in ping while my son torrents like a mofo, the daughter is playing her online kiddy games, and my wife is aggressively shopping online pulling up her shopping sites with lots of huge pictures. I've never had any other off the shelf router or distro built box perform nearly as well.

I've hosted games behind it, I've setup the boys game servers behind it, he ran his XBox behind it, UPnP works (you just have to know which ethernet port to bind it to..many people confuse that part)..works great.

 

[TechyTech]

What games are you gaming on your linux rig?

 

[keenan]

I was using 2 intel Pro/100 M nics. I tried some 3com nics also still had problems. I tried 4 different pc's still had problems. Pretty much the only conclusion I could draw was it was pfsense and switching to clear os fixed that.

Given that plenty of people have used XBL successfully behind pfSense, I think the correct conclusion would be "I'm doing something wrong" not "The software is broken". Not that that's your fault, pfSense is hardly a simple tool to master and XBL has weird NAT requirements.

 

[munkle]

Given that plenty of people have used XBL successfully behind pfSense, I think the correct conclusion would be "I'm doing something wrong" not "The software is broken". Not that that's your fault, pfSense is hardly a simple tool to master and XBL has weird NAT requirements.

While that might seem like a valid conclusion I am hardly the only one to have this problem, and I have sought out help and have verified many times it was setup correctly. Sometimes stuff just doesn't work the way we want it too. I'm not saying the software is broken, but I am saying it isn't perfect.

I'll even give you an example after setting up pfsense with portforwarding and upnp the xbox connection test said everything was fine. 1 week later and same problems of lag and nat issues came up. Nothing changed. I hadn't even logged into the web interface. Now if I am doing something wrong that would only apply the settings for 1 week please tell me?

 

[Valnar]

I think I was being more serious in my first post than some of our other fellow members.

I would appreciate it if you could point me to any other discussions of these NAT or gaming problems through pfSense, especially if such a thread is on the pfSense forum.

We all know BSD and Linux do things differently, and BSD's NAT implementation has been behind Linux in the past (NAT-T), but I think it's caught up in pfSense v2.0b.

 

[Biznatch]

While that might seem like a valid conclusion I am hardly the only one to have this problem, and I have sought out help and have verified many times it was setup correctly. Sometimes stuff just doesn't work the way we want it too. I'm not saying the software is broken, but I am saying it isn't perfect.

I'll even give you an example after setting up pfsense with portforwarding and upnp the xbox connection test said everything was fine. 1 week later and same problems of lag and nat issues came up. Nothing changed. I hadn't even logged into the web interface. Now if I am doing something wrong that would only apply the settings for 1 week please tell me?

Well you can check to see if the lag is coming from your isp. If you check the RRD graphs on the quality tab, it will show you the avg latency of your wan. If your isp is going slow it will spike up at those times.

 

[dandragonrage]

I've used Untangle, Astaro and PFSense. None of them added noticeable latency to my connections, including for gaming. PFSense did have good QoS but it lacks in many other areas since it's not meant for UTM. I think I prefer Astaro's interface over Untangle. I'm currently running Untangle but will probably switch back to Astaro when I feel bored enough.

 

[munkle]

Well you can check to see if the lag is coming from your isp. If you check the RRD graphs on the quality tab, it will show you the avg latency of your wan. If your isp is going slow it will spike up at those times.

It's not, hooking it up to the cable modem I don't get any lag, going through clearos, no lag. Going through pfsense = lag and nat problems.

I think I was being more serious in my first post than some of our other fellow members.

I would appreciate it if you could point me to any other discussions of these NAT or gaming problems through pfSense, especially if such a thread is on the pfSense forum.

We all know BSD and Linux do things differently, and BSD's NAT implementation has been behind Linux in the past (NAT-T), but I think it's caught up in pfSense v2.0b.

Will find them for you when I get home from work.

 

[YeOldeStonecat]

I'm currently running ... but will probably switch back to... when I feel bored enough.

LOL..that's sorta what I do...every now and then I get bored with my current "router" and load up something else just for the sake of dorking around.

 

[munkle]

I think I was being more serious in my first post than some of our other fellow members.

I would appreciate it if you could point me to any other discussions of these NAT or gaming problems through pfSense, especially if such a thread is on the pfSense forum.

We all know BSD and Linux do things differently, and BSD's NAT implementation has been behind Linux in the past (NAT-T), but I think it's caught up in pfSense v2.0b.

Here's one Forwarding the ports didn't work for them, but upnp did. Upnp didn't work for me though, something was messed up when ever I tried upnp it would say enabled (and the check box was checked) but on another page it would say it isn't running and nothing would get the service to start. There are ton more with monowall because it doesn't have upnp. For some reason the upnp never worked for me.

 

[YeOldeStonecat]

Upnp didn't work for me though, something was messed up when ever I tried upnp it would say enabled (and the check box was checked) but on another page it would say it isn't running and nothing would get the service to start. .

Did you enable it on the LAN interface?

 

[Valnar]

Here's one Forwarding the ports didn't work for them, but upnp did. Upnp didn't work for me though, something was messed up when ever I tried upnp it would say enabled (and the check box was checked) but on another page it would say it isn't running and nothing would get the service to start. There are ton more with monowall because it doesn't have upnp. For some reason the upnp never worked for me.

Thank you for that.

Did you enable the static port option as mentioned in the last post? It appears to be a mandatory step, not an optional one.

It's also possible that the new beta fixes that. I can understand you not wanting to try it again, but I'm always interested in things that work on another firewall, but not pfSense (or vice-versa). - Of course, I'm talking about basic FW rules, not UTM features.

My whole reason for moving to pfSense from m0n0wall was for UPnP. Since then I've grown accustomed to the other features, but that was the primary motivator.

 

[munkle]

Did you enable it on the LAN interface?

Yes.

Thank you for that.

Did you enable the static port option as mentioned in the last post? It appears to be a mandatory step, not an optional one.

It's also possible that the new beta fixes that. I can understand you not wanting to try it again, but I'm always interested in things that work on another firewall, but not pfSense (or vice-versa). - Of course, I'm talking about basic FW rules, not UTM features.

My whole reason for moving to pfSense from m0n0wall was for UPnP. Since then I've grown accustomed to the other features, but that was the primary motivator.

I don't remember if I did that or not, I'll have to go back and try it when I have some time.