Function differences are cropping up. There's already a functional difference in terms of updates. The last I looked, Smoothwall hadn't seen an update forever and it shows. Kernel 2.2.19 running IPChains rather than IPTables. This limits functionality as compared to IPcop.
I've paid for the developement (released under GPL) of certificate based VPN connectivity. This simplifies 2 areas. Firstly, Road Warriors can be handled as several different users, and tracked individually. Secondly, there is no longer any need to specify an IP address, so remote sites can use DHCP services rather than needing static IPs all the time. I've since also approached the developer (he's on holidays now, slacker :) ) and requested a quote for adding dual red functionality. I've thought it through, and I think if the IPcop box was given (at least) 3 NICs, Green, RedIsp1 and RedISP2, then the IP cop box could provide DNS resolution for inbound connections via either RedIsp1 or RedIsp2. Both would require a static IP, obviously, however they could be the 2 DNS servers (even though they're really only 1 machine). Then, if Isp1 has an outage, the default gateway on the firewall would change to use Isp2, and Named would need to reread it's config file (a second one) so that resolution pointed to RedIsp2 rather than RedIsp1. MX records could stay the same and simply have 2 entries, a primary and a secondary. This may kill some connections for a few seconds, but if the ISP drops, they'd be dead anyway, so who cares. The only thing that I can think of that would totally screw me up is DNS caching at the remote end. If you hit my site, and cache the IP, then I switch to the second ISP, your connection would fail because the DNS info would be out of date. But it would be better than just staying down. I think I'd add a checkbox that would allow me to choose if it should automatically failback or if that would require manual intervention. Personally, I'd prefer manual, but others may disagree. I also see this being a benefit in situations where each of 2 ISPs has a different billing policy. For example, I get billed for traffic on my e10, but a T1 is unlimited use, it's just slow. I would save money if I switched to using my e10 at 6:30am and then switched back to the T1 at 5:30pm for the night, when bandwidth wasn't really heavily used. Obviously, VPNs would be another issue here, but really, if Isp1 is down, then they'd be dropped anyway, they'd just need to reconnect at a different IP (Isp2). We'll see, but I can see this being a REALLY big benefit especially for smallish businesses. Depending on the cost, that would include me. I should be able to pitch it as a cost savings anyway. We currently pay for a dedicated line to NGX in case the Internet drops. If we paid $50000 for this added functionality in IPcop, and then saved $5000 a month by dropping the dedicated connection, I think I'm better off paying for the change since it's paid for in less than a year, and it gives full Internet redundancy rather than just NGX redundancy, Plus, it happens semi-seamlessly. Obviously those dollar figures are just made up, but the idea is sound. Or, I think it is... :) Kev. ----- Original Message ----- From: "Graham Monk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 17, 2003 12:31 PM Subject: Re: (clug-talk) IPCOP v1.3.0 No Web Login > > > > > Re: Jon > > Yes, IPCop was based on Smoothwall. There has been some discussion > > with IPCop vs Smoothwall and both should have roughly the same services, > > however, I've heard / read that Smoothwall is "lacking" in the support > > area and are concentrating their efforts on their commercial product and > > less on the GPL product. I don't recall the name of the Smoothwall guy > > but do a google search on him, (could someone in CLUG be nice enough the > > supply the name?) > > > > It was founded by Richard Morrell and Lawrence Manning, they did give mailing > list support but I think it was Richard in paticular got very upset with and > extremely abrasive with very basic newbie questions clearly covered in the > FAQs and people who wanted him to add all sorts of "features' to the program. > Some of the questions had me shaking my head and I was a very fresh newbie at > the time so I quite understand his point. > IPCop was founde by some people I think from the original group and a few > others who got a little upset with the original team. There was some > accusations flying around for a while on the mailing list but I dont remember > clearly, its been a while. I have used both and for a user there is not much > functional difference. > I think there is still a mailing list for Smoothwall. > -- > Graham > > "A person is smart. People are dumb, dangerous, > panicky animals and you know it." > Agent K, Men in Black. > > >
