----- Forwarded message from Charles N Wyble <char...@knownelement.com> -----

From: Charles N Wyble <char...@knownelement.com>
Date: Fri, 12 Nov 2010 08:07:14 -0800
To: na...@nanog.org
Subject: Re: Low end, cool CPE.
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
        rv: Gecko/20101006 Thunderbird/3.1.5

On 11/12/2010 01:24 AM, Eugen Leitl wrote:
> On Thu, Nov 11, 2010 at 05:41:00PM -0800, Leo Bicknell wrote:
>> I've run into a number of low end CPE situations lately where I
>> haven't found anything that does what I want, but I have to believe
>> it is out there.  I'm hoping NANOG can help.
> An ALIX with pfSense 2.0 (BETA4 at the moment) would fit most
> of the above. IPv6 support is coming (is mostly there in the
> kernel, but interface only alpha).

PPPOE is currently broken in 2.0 BETA4. :(
> If you want to run the snort package I'd however pick a
> Supermicro Atom system with 2 onboard NICs and add a dual-port
> Intel NIC, and run pfSense from a small SSD or an USB stick.
> Albeit a rackmount, the system would be quiet enough for SOHO.

Yes. I agree. Have SNORT run as a transparent bridge and have a separate  
management interface. Use vlans on that interface
to handle whatever you need to do (dedicated vlan for snort, one for your 
management network, one for secure wifi, one for guest
wifi etc).

>> Basically think about a sophisticated home user, or a 1-5 person
>> small office.  Think DSL, Cable Modem, maybe Cell Card or ISDN as
>> backups.  Looking for an "appliance", very much fire and forget. I
>> probably won't get all the features that I want, but in no particular
>> order:
>> - Able to deal with "backup" connectivity, eg. Cell Cards which you
>>    only want to use if the primary is down.
>> - User friendly features, e.g. UPNP, NAT-PMP, etc.
>> - Good manageability.  ssh to a cli would be a huge bonus, at least
>>    the ability to backup a config.
> Very well supported. http(s) and ssh both.

Well the SSH interface is very limited. You can login and do some basic  
checks. However everything is driven from a single
XML config file that gets parsed by PHP scripts during the init process  
and then writes out all the UNIX configuration files.
However all the things I've ever done from the CLI on a Linux box are  
readily available from the pfSense web interface (arp table
checks, traceroute,ping,iperf,tcpdump).

I only use the CLI when I have broken something.
> _ Nice firewall features.
>> - IDS features are cool.

It has a SNORT package that's pretty nice. Also has some other AV type  
stuff and a proxy. I haven't gotten the proxy/av to work yet, but
haven't put much time into them.
>> WiFi is not strictly required, but would be cool. Things like "guest"
>> WiFi would be an added bonus.

It supports a lot of wifi cards. I put a USB wifi stick in my pfsense box 
and configured it as an AP from the web UI.

I'm running the current stable pfSense (1.2.3 I think). Very happy with  
it. It's a fully featured distribution that is incredibly
well put together.

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Reply via email to