suggestions on linux based fw/sec platform for home use with dualwan

[tvfischer at gmail.com (Thomas Fischer)]

Some more updates.
I've decided to go with Astaro for the moment. Mostly because it's linux
based and I am more comfortable with linux than with BSD (just a preference)
and the ease of setup due to its use of objects & it's default installed
options. The objects actually made it much easier to set-up and the
multi-wan link had some good preset definitions (like an object defined for
all the uplink address).

Although I initial ruled out pfSense (1.2.3) because of ?difficulties? I had
setting it up (cf. my twitter feed), I must have been on a bad day or
something. I revisted pfSense following a discussion with Scott Ullrich and
I stand corrected. It was a good choice and building the dualwan was not so
difficult. However, building the NAT/rule stack was more time consuming I
think in good part because it could use objects and have a general
definition for the aggregated network links. eg. to build a NAT you have to
create an entry for both wan links (with Astaro I could do it in one entry).

Cheers to all who helped!

On Fri, Sep 4, 2009 at 14:43, Thomas Fischer <tvfischer at gmail.com> wrote:

> Hey all,
> Thought I would update you on my search... so the top recommendation from
> the list was Astaro, and Vyatta or pfSense in second place.
>
> I've already ruled out Vyatta mostly cause I am a lazy bugger (and i spend
> too much time doing command line configs as it is) 'cause of its router like
> CLI interface. Although it is quite powerful, it just doesn't do the type of
> load-balancing that I want (at least I was unable to identify how to) which
> is rule based QoS (so port x cause out wan1 & port y goes on wan2 & the rest
> is balanced, somebeing low priority depending on the type of traffic)
>
> pfSense looks quite good for what I want to do. However, it's already
> giving me a headache on the configuration. Doesn't just seem intuitive.
>
> i'll be honest i am partially to Astaro, as i tested in the past for some
> other solutions i did at work. Seems somewhat easier to configure and has
> all the basics for what I need to do. however the 10ip limit on the
> community edition is somewhat of a bummer. Why you may ask, well when you
> have 4 ppl in the house each with their own device++. I took a count 2 game
> consoles, 3 laptops, 2 ipod touches, 2 smartphones, NAS (with download
> station), dual interface PC (gaming, dev, vmware - running sometimes with 3
> IPs). Anyway it all adds up quite quickly and although not everything is
> connected at the same time, i did a quick count on my current router and i
> easily see 7-8 ips at a time! Afraid to hit the limit.
>
> Right now, I am still testing configuration. I'll let you know what i
> decide!
>
> l8r
>
> --
> Thomas Fischer
>      twitter.com/FVT  fvter.wordpress.com
>     PGP Key:
> https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x27FBA97646CF2077
>                            -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


-- 
Thomas Fischer
     twitter.com/FVT  fvter.wordpress.com
    PGP Key:
https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x27FBA97646CF2077
                           -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090918/5be19171/attachment.htm