This question comes up from time to time and is perpetually (and with
great gusto) shot down. Running services such as Samba, ftpds, et al,
on your firewall are not considered part of best security practices and
are sternly advised against. A firewall should always serve as a
stand-alone device. If you require samba for your network, best
practices dictate installing it on its own box.
Richard Davis wrote:
I saw your pfSense post about wanting to run Samba on the firewall. Did you
ever get a resolution? I'm thinking of doing it that myself and I was
curious if it worked out for you.
Any help would be appreciated.
Richard
[EMAIL PROTECTED]
-----Original Message-----
From: Josh Stompro [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 28, 2006 5:26 PM
To: discussion@pfsense.com
Subject: [pfSense-discussion] Setup advice wanted, devices for public
library
I am trying to get things organized to deploy firewalls in 19 public
libraries and 1 headquarters. I initially was using IPcop but really
needed some of the features that pfSense was offering.
Currently I am looking to buy 21 FX5620 (the one Scott mentioned on the
pfSense blog) from Abiatech.com (site down, email abiatech (at)
sbcglobal.net for info) for around $390 each. I was going to go with Lex
booksized pc (CV860A-3R5F) from synertrontech.com (about $260 each with
no memory), but I really need 4 interfaces for what I want to do.
Each branch would use the interfaces like this (with some differences
due to size of the library)
1 - Wan
1 - Staff PC (Lan,dhcp, may use the other 2 ports in bridged mode for
staff machines, so I don't need an extra or managed switch, High Priority)
1 - Public PC (Opt1, dhcp, throttled low priority)
1 - Public Wireless (Opt2, Captive portal, dhcp, Throttled low priority)
Currently it isn't' possible to traffic shape more than 2 interfaces
with pfSense so I think that part of the plan will have to wait, I would
only throttle the public wireless interface to start with, and the
others would just have a free run.
A main goal is to protect the staff machines from the public machines
and the wireless and make sure they always have the bandwidth they need
for our core circulation application to remain responsive. I also want
to setup vpn links between our staff machines in the branches and
headquarters so I can get everyone on one active directory.
I was planning on doing a mix of Hard drive and CF setups, hard drives
in a few larger branches where we may want to run squid filtering or
have a local samba share. In most of the other locations I would rather
go with CF so there are no moving parts. I am looking at Kingston Elite
Pro CF cards, 512mb for $30 dollars, I saw them mentioned on the list.
Does anyone have any recommendations of other brands. Is there really
any point to getting a larger CF card? IS 64 or 128 sufficient when
going with CF since I wouldn't want to be doing anything read or write
intensive with them anyway? Anyone have recommendations for 2.5 inch
hard drives for this sort of application?
Has anyone thought of how a pfSense manager would work, something that
would control a large deployment of pfSense Firewalls.
Thank you
Josh
