Router Firewall Distro

[lixxus]

I have been using pfsense firewal ever since i found out about m0n0wall.

its running on a intel atom n270 with 2gb ram and two nic's

I have been finding the latest development releases to be really unstable and generally the underlining base OS freebsd to be very flaky when supporting hardware.

Other problems such as packages not being maintained due to the current system of bounty's and having to pay for packages to be updated such as snort/squid etc.

I have looked at other firewall/router OS and i cant seem to find anything with popularity and that is maintained well.

Ive checked out the following distros

• Untangle
• ClearOS
• Astaro
• Smoothwall
• Ipcop

The problem I have with these just mentioned is that clearos is not really a firewall and has a bunch of servers crap which can pose a risk to a firewall/network. Its' like a jack of all trades and master of none.

Astaro i dont know too much about.

smoothwall hasnt been updated for like a year or more, same with ipcop

Untangle seems the only decent well maintained firewall OS, however I don't agree with the model system and paid/free apps, also it lacks squid package.


I would like to ask anyone advice on other firewall/router distros that i may have overlooked that you guys use and your experiences with the solutions mentioned above

 

[JonJ678]

I'm going down the diy route here, i.e. debian stable minimal install, recompile the kernel to strip out everything you don't need or want and to include any security related patches you like the look of, and then spend some quality time with man iptables.

There's loads of options for the dhcp side of things, I'm using dnsmasq at present because it was very quick to set up. I'm still testing the firewall configuration at this point so this is sufficient, but I believe there are better choices available.

N270 with 2gb of ram could do some serious caching / quality of service / filtering duties if you wanted it to. I'm still testing the above install using an X58 system that happened to have two network cards, prior to buying more appropriate hardware.

 

[csmager]

I've stuck with the 1.2-RELEASE version of pfSense. Just checked mine, and noticed uptime is 222 days. That's pretty impressive!

Is there anything in the current development releases you actually need? Looks like they're being a bit slow in finishing 2.0.

 

[wij]

We use ClarOS for a particular series of shows we provide the network connectivity for, works pretty well and is normally fairly well maintained by the devs.

We pay for the enterprise version as we're running a few ADSL lines into it and round-robbin load balance them.

Easy to set up and configure too and the interface is fairly logical and quite nice to use too (unlike pfSense imo where its a bit muddled and they've tried to fit far too much into it).

 

[vsmora]

Mikrotik? I never tried it as after using m0n0wall and IPCop I settled on PF. Rock solid and hasn't given me any significant problems other than the softWAP which I only tried for fun anyway.