Linux-based firewall that supports multiple WANs

[ddrueding]

Unfortunately, my favorite Smoothwall doesn't support multiple internet connections. I need the following:

1. Support for multiple WANs (load balancing preferable to fail-over, Static and PPPoE)
2. Site-to-Site VPN tunnels
3. Content Filtering (Dans Guardian or similar)
4. Web interface

Help?

 

[mangyDOG]

http://pfsense.org/index.php?id=1


not much else I have found will do everything. IPcop have been talking about it for years, but no action.

cheers
mangyDOG

 

[ddrueding]

Looks interesting. I'll try to play with it while I'm on "vacation".

Thanks.

 

[Mercutio]

Since I have melted four $200+ consumer routers (most recently a Prosafe FSV336) in the last four months, I need to put some kind of desktop-based router system together. I have a dual gigabit NIC and an abundance of CPUs and motherboards that I *could* devote to this.

I'll probably start with an Atom 230 based system since it makes sense to build a low power machine and that's the lowest-power thing I have, but has anyone put a Smoothwall/pfsense/Untangle machine together recently?

 

[ddrueding]

I've done some Smoothwalls lately. They don't seem to be doing much in development, but every issue I've had with them has been hardware related. Uptimes probably average 4 years (that short because I occasionally reboot for updates, though not often). Make sure the NIC and SATA controller are supported, and that the hardware is super-stable. It is most finicky if the storage system has issues (I've given up on CF cards; get a small cheap SSD).

 

[Mercutio]

Untangle says it wants a 3GHz Pentium 4. That seems like an awful lot of CPU for tasks that can be competently handled by a 200MHz MIPS chip.

 

[ddrueding]

If you are looking for low powered and cheap yet capable, check out MikroTik RouterBoards.

 

[CougTek]

They have some interesting products. Thanks for bringing it to our attention.

 

[ddrueding]

I have their RB1100AHx2 as my home router at the moment, just for testing, and I think I may use them to replace all the smoothwalls I have out there.

Considering I am not a router guru, the learning curve is steep. But it is certainly all there and a very high-quality package.

 

[blakerwry]

Since I have melted four $200+ consumer routers (most recently a Prosafe FSV336) in the last four months, I need to put some kind of desktop-based router system together. I have a dual gigabit NIC and an abundance of CPUs and motherboards that I *could* devote to this.

I'll probably start with an Atom 230 based system since it makes sense to build a low power machine and that's the lowest-power thing I have, but has anyone put a Smoothwall/pfsense/Untangle machine together recently?

I put together a pfsense box on an otherwise end of life dell power edge 2850 a couple months back. All hw including the perc was supported. Client was replacing a Cisco 26xx series router working as the office firewall. The new firewall has 1 wan interface and 2 LAN interfaces with 4 LAN subnets and 2 dhcp scopes. Within a week of getting it setup the client had figured out how to setup the IPSec VPN and had several employees working remotely. He couldn't be happier. I work with several monowall/pfsense installs and have never had one need rebooted due to hw/sw fault.

I also recently setup a vyatta router in a simulation with ~8 Cisco 7200's running BGP and I'm very impressed with the product. However, I did not test the firewall functionality.

As with any server, use good quality hw. Intel nics, basic sata controllers should be supported. More exotic or non OSS friendly hw is not recommended.

 

[Mercutio]

I'm getting decent performance using a dual core Atom with Untangle. I was afraid that it wouldn't be enough of a CPU, but it's within 5% of the wire speed of my cable modem and was ridiculously easy to configure.