PaulDotCom mailing list archives
Re: Suggestions for Open Source Internet Security Gateway Distro/Product
From: Jason Drury <druryjason () yahoo com>
Date: Wed, 24 Apr 2013 08:09:57 -0700 (PDT)
Thank you everyone for your responses (I love this list!). I am going to check out pfsense (can't believe I forgot about it), Astaro, and Untangle then decide which one out of the three I like best. ________________________________ From: Arch Angel <arch3angel () gmail com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Sent: Tuesday, April 23, 2013 1:14 PM Subject: Re: [Pauldotcom] Suggestions for Open Source Internet Security Gateway Distro/Product For what it's worth I have been running on Astaro on an old desktop computer for something like 5-8 years now, with gig network cards for my different segments. I run seperate wireless networks; one for my mobile devices such as phones and laptops as well as one for my son's Xbox consoles. It has served me very well for years and cost me virtually nothing. I have had some recent snags with false positives but once I tracked them down and tuned themout it was back humming along. I have used it for VPN, web filtering, network segmentation, all purpose firewall, etc and haven't had a bit of trouble. Vyatta will do your firewall for you but this is not it's primary focus. Vyatta is a router/switching platform which was upposed to provide an open source solution to enterprises, but I found it works great for educational purposes in learning routing and switching. It is a rock solid platform but keep in mind it is just that, a router/switch platform so many of the things pfSense and Astaro do for you behind the scenes you have to do manually. That being said if you have the time to get everything configured, tested, and running you can learn a great deal from building a Vyatta box. pfSense, most likely the platform I would switch to if I left Astaro. Last time I checked pfSense did not provide as many uses as the Astaro platform but does offer a rock solid, proven firewall. Just becareful with the BSD core as Robin mentioned. Wireless N is not there yet. I have been told Untangle has one of the best web filters of all of them, however I take that with a grain of salt since I haven't proven it myself. It did look promising but since my Astaro box is still kicking CPU cycles I haven't wanted to go redoing all my networks and firewall rules to try something else, but so far it ha had positive "word of mouth" reviews. If it was me and I had to do over again I would most likely still stick with Astaro, then pfSense, then Untangle, then Vyatta with all running wireless on a seperate segmented network. If you want more than basic routering/switching/firewall abilities dumb Vyatta and pfSense; look at Astaro and Untangle. Hope it helps, Robert Miller (arch3angel) On Tue, Apr 23, 2013 at 11:30 AM, James Shewmaker <james () bluenotch com> wrote: Just deployed a few fit-pc3 with pfsense. More pricey than Alix, but you get 5 gigabit ports (on the model I use), dual core Athlon fusion, 8 GB RAM ... can do a lot with that.
Regards, James Shewmaker On Mon, Apr 22, 2013 at 7:18 PM, Tim Krabec <tkrabec () gmail com> wrote: Alix looks coolOn Apr 22, 2013 10:08 PM, "Robin Wood" <robin () digininja org> wrote: pfSense running on an Alix board. If you put a wifi card in one you can run it as your AP as well but watch out that because it is based on BSD at the moment it is limited to 802.11abg and not n.Robin On 22 April 2013 21:08, Jon Molesa <rjmolesa () consoltec net> wrote: +1Jon MolesaOn Apr 22, 2013 3:00 PM, "Matt Nels" <mattnels () gmail com> wrote: Not Debian/Ubuntu, but you should add pfSense to your list.On Mon, Apr 22, 2013 at 1:02 PM, Jason Drury <druryjason () yahoo com> wrote: Folks,I would like to setup an Internet security box for my home network for firewalling, dhcp, IDS, web filtering, and possibly VPN. It has been a long time since I've looked at the various Linux security distros that do this (I think Astaro Security was the best choice back then). I did a few searches and it seems like there are a LOT of distros/products available now. Here are just a few I came across: 1. Untangle - http://www.untangle.com/ 2. Vyatta - http://www.vyatta.org/ 3. Zentyal - http://www.zentyal.org/ 4. Sophos UTM (formley Astaro) - http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx 5. Engarde Linux - http://www.engardelinux.org/ 6. Smoothwall - http://www.smoothwall.org/ 7. ClearOS - http://www.clearfoundation.com/Software/overview.html I do not care if it is gui or cli based. I would prefer something based on Debian/Ubuntu, but not absolutely necessary. Does anyone have any experience with the above distros/products or could you recommend something else you like? Thanks, Jason _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product, (continued)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Antonios Atlasis (Apr 22)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Kory Kyzar (Apr 22)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Ken Pryor (Apr 22)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Tyler Robinson (Apr 22)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Jon Molesa (Apr 22)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Robin Wood (Apr 22)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Tim Krabec (Apr 23)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product James Shewmaker (Apr 23)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Arch Angel (Apr 23)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Robin Wood (Apr 24)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Jason Drury (Apr 24)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Arch Angel (Apr 24)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Hans Kokx (Apr 23)
- Re: Suggestions for Open Source Internet Security Gateway Distro/Product Tim Krabec (Apr 22)