PaulDotCom mailing list archives
suggestions on linux based fw/sec platform for home use with dualwan
From: tvfischer at gmail.com (Thomas Fischer)
Date: Fri, 18 Sep 2009 09:54:21 +0200
Some more updates. I've decided to go with Astaro for the moment. Mostly because it's linux based and I am more comfortable with linux than with BSD (just a preference) and the ease of setup due to its use of objects & it's default installed options. The objects actually made it much easier to set-up and the multi-wan link had some good preset definitions (like an object defined for all the uplink address). Although I initial ruled out pfSense (1.2.3) because of ?difficulties? I had setting it up (cf. my twitter feed), I must have been on a bad day or something. I revisted pfSense following a discussion with Scott Ullrich and I stand corrected. It was a good choice and building the dualwan was not so difficult. However, building the NAT/rule stack was more time consuming I think in good part because it could use objects and have a general definition for the aggregated network links. eg. to build a NAT you have to create an entry for both wan links (with Astaro I could do it in one entry). Cheers to all who helped! On Fri, Sep 4, 2009 at 14:43, Thomas Fischer <tvfischer at gmail.com> wrote:
Hey all, Thought I would update you on my search... so the top recommendation from the list was Astaro, and Vyatta or pfSense in second place. I've already ruled out Vyatta mostly cause I am a lazy bugger (and i spend too much time doing command line configs as it is) 'cause of its router like CLI interface. Although it is quite powerful, it just doesn't do the type of load-balancing that I want (at least I was unable to identify how to) which is rule based QoS (so port x cause out wan1 & port y goes on wan2 & the rest is balanced, somebeing low priority depending on the type of traffic) pfSense looks quite good for what I want to do. However, it's already giving me a headache on the configuration. Doesn't just seem intuitive. i'll be honest i am partially to Astaro, as i tested in the past for some other solutions i did at work. Seems somewhat easier to configure and has all the basics for what I need to do. however the 10ip limit on the community edition is somewhat of a bummer. Why you may ask, well when you have 4 ppl in the house each with their own device++. I took a count 2 game consoles, 3 laptops, 2 ipod touches, 2 smartphones, NAS (with download station), dual interface PC (gaming, dev, vmware - running sometimes with 3 IPs). Anyway it all adds up quite quickly and although not everything is connected at the same time, i did a quick count on my current router and i easily see 7-8 ips at a time! Afraid to hit the limit. Right now, I am still testing configuration. I'll let you know what i decide! l8r -- Thomas Fischer twitter.com/FVT fvter.wordpress.com PGP Key: https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x27FBA97646CF2077 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- Thomas Fischer twitter.com/FVT fvter.wordpress.com PGP Key: https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x27FBA97646CF2077 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090918/5be19171/attachment.htm
Current thread:
- suggestions on linux based fw/sec platform for home use with dualwan Thomas Fischer (Sep 04)
- suggestions on linux based fw/sec platform for home use with dualwan Thomas Fischer (Sep 18)