Thank you everyone for your responses (I love this list!). I am going to check
out pfsense (can't believe I forgot about it), Astaro, and Untangle then decide
which one out of the three I like best.
________________________________
From: Arch Angel <[email protected]>
To: PaulDotCom Security Weekly Mailing List <[email protected]>
Sent: Tuesday, April 23, 2013 1:14 PM
Subject: Re: [Pauldotcom] Suggestions for Open Source Internet Security Gateway
Distro/Product
For what it's worth I have been running on Astaro on an old desktop computer
for something like 5-8 years now, with gig network cards for my different
segments. I run seperate wireless networks; one for my mobile devices such as
phones and laptops as well as one for my son's Xbox consoles. It has served me
very well for years and cost me virtually nothing. I have had some recent
snags with false positives but once I tracked them down and tuned themout it
was back humming along. I have used it for VPN, web filtering, network
segmentation, all purpose firewall, etc and haven't had a bit of trouble.
Vyatta will do your firewall for you but this is not it's primary focus.
Vyatta is a router/switching platform which was upposed to provide an open
source solution to enterprises, but I found it works great for educational
purposes in learning routing and switching. It is a rock solid platform but
keep in mind it is just that, a router/switch platform so many of the things
pfSense and Astaro do for you behind the scenes you have to do manually. That
being said if you have the time to get everything configured, tested, and
running you can learn a great deal from building a Vyatta box.
pfSense, most likely the platform I would switch to if I left Astaro. Last
time I checked pfSense did not provide as many uses as the Astaro platform but
does offer a rock solid, proven firewall. Just becareful with the BSD core as
Robin mentioned. Wireless N is not there yet.
I have been told Untangle has one of the best web filters of all of them,
however I take that with a grain of salt since I haven't proven it myself. It
did look promising but since my Astaro box is still kicking CPU cycles I
haven't wanted to go redoing all my networks and firewall rules to try
something else, but so far it ha had positive "word of mouth" reviews.
If it was me and I had to do over again I would most likely still stick with
Astaro, then pfSense, then Untangle, then Vyatta with all running wireless on a
seperate segmented network. If you want more than basic
routering/switching/firewall abilities dumb Vyatta and pfSense; look at Astaro
and Untangle.
Hope it helps,
Robert Miller
(arch3angel)
On Tue, Apr 23, 2013 at 11:30 AM, James Shewmaker <[email protected]> wrote:
Just deployed a few fit-pc3 with pfsense. More pricey than Alix, but you get 5
gigabit ports (on the model I use), dual core Athlon fusion, 8 GB RAM ... can
do a lot with that.
>
>
>Regards,
>
>James Shewmaker
>
>
>
>On Mon, Apr 22, 2013 at 7:18 PM, Tim Krabec <[email protected]> wrote:
>
>Alix looks cool
>>On Apr 22, 2013 10:08 PM, "Robin Wood" <[email protected]> wrote:
>>
>>pfSense running on an Alix board. If you put a wifi card in one you can run
>>it as your AP as well but watch out that because it is based on BSD at the
>>moment it is limited to 802.11abg and not n.
>>>
>>>Robin
>>>
>>>
>>>On 22 April 2013 21:08, Jon Molesa <[email protected]> wrote:
>>>
>>>+1Jon Molesa
>>>>On Apr 22, 2013 3:00 PM, "Matt Nels" <[email protected]> wrote:
>>>>
>>>>Not Debian/Ubuntu, but you should add pfSense to your list.
>>>>>
>>>>>
>>>>>On Mon, Apr 22, 2013 at 1:02 PM, Jason Drury <[email protected]> wrote:
>>>>>
>>>>>Folks,
>>>>>>
>>>>>>
>>>>>>I would like to setup an Internet security box for my home network for
>>>>>>firewalling, dhcp, IDS, web filtering, and possibly VPN. It has been a
>>>>>>long time since I've looked at the various Linux security distros that do
>>>>>>this (I think Astaro Security was the best choice back then).
>>>>>>
>>>>>>
>>>>>>I did a few searches and it seems like there are a LOT of
>>>>>>distros/products available now.
>>>>>>
>>>>>>
>>>>>>Here are just a few I came across:
>>>>>>
>>>>>>
>>>>>>1. Untangle - http://www.untangle.com/
>>>>>>2. Vyatta - http://www.vyatta.org/
>>>>>>3. Zentyal - http://www.zentyal.org/
>>>>>>4. Sophos UTM (formley Astaro) -
>>>>>>http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
>>>>>>5. Engarde Linux - http://www.engardelinux.org/
>>>>>>6. Smoothwall - http://www.smoothwall.org/
>>>>>>7. ClearOS - http://www.clearfoundation.com/Software/overview.html
>>>>>>
>>>>>>
>>>>>>I do not care if it is gui or cli based. I would prefer something based
>>>>>>on Debian/Ubuntu, but not absolutely necessary.
>>>>>>
>>>>>>
>>>>>>Does anyone have any experience with the above distros/products or could
>>>>>>you recommend something else you like?
>>>>>>
>>>>>>
>>>>>>Thanks,
>>>>>>Jason
>>>>>>_______________________________________________
>>>>>>Pauldotcom mailing list
>>>>>>[email protected]
>>>>>>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>>>Main Web Site: http://pauldotcom.com
>>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Pauldotcom mailing list
>>>>>[email protected]
>>>>>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>>Main Web Site: http://pauldotcom.com
>>>>>
>>>>_______________________________________________
>>>>Pauldotcom mailing list
>>>>[email protected]
>>>>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>Main Web Site: http://pauldotcom.com
>>>>
>>>
>>>_______________________________________________
>>>Pauldotcom mailing list
>>>[email protected]
>>>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>Main Web Site: http://pauldotcom.com
>>>
>>_______________________________________________
>>Pauldotcom mailing list
>>[email protected]
>>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>Main Web Site: http://pauldotcom.com
>>
>
>_______________________________________________
>Pauldotcom mailing list
>[email protected]
>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
