Home-Made Router/Firewall
In loc sa dai bani seriosi pe un rooter profesional ai face bine sa te gandesti inainte de doua ori, pentru ca exista alternative la un pret mai mic, mai ieftine. Ca sa pui “pe picioare” un rooter profesional nu ai nevoie decat de un sistem slabut, preferabil de la Pentium I in sus (ma gandesc unde dreaq o sa puteti gasi o asemenea relicva) insa, pentru performante mai bune, alegeti ceva mai nou: un P2 sau Pentium III, nu chiar un P1. Acum, daca ati facut rost de PC-u , nu va ramane decat sa downloadati pfSense de aici si sa va apucati de treaba. Instalati (exista documentatie suficienta), putina configurare si este ca si gata: Plung-n-Play. Ce espe pfSense ? este un proiect mai nou, special facut pentru treaba asta (rootere, firewall) dar, sa fie cam mura-n-gura , usor de configurat, usor de instalat , simplu de intretinut si care sa foloseasca resurse minime. Este derivat din m0n0wall un alt proiect asemanator dar, mai vechi.
pfSense Features :
- FreeBSD 6.1 – CURRENT with ALTQ
- Wireless a/b/g wpa_supplicant, turbo, WEP, WPA-E/PSK and WPA2 (TKIP)
- Incoming load balancing pools
- PPPoE Server
- Themes
- New system->afterfilterchangeshellcmd xml tag which is executed on the system after each filter change (or other networking related changes)
- All of the GREAT m0n0wall features, some improved
- setup wizard using xml -> web gui toolkit
- package xml -> web gui toolkit. RAPIDLY create packages and GUI’s
- rebootless changes of settings
- multiple WAN Support
- outgoing load balancing pool
- pf (openbsd’s packet filter)
- CARP – for failover and clustersyncing (rules, trafficshaper, nat, IPSEC SAs…)
- failovercapable DHCP-Server with advanced settings (specify gateway, DNS, WINS)
- advanced support for wireless devices (including WEP, WPA, HostAP-mode, hardware-encryption if supported by driver, mac-filtering, hide SSID, …) with by freeBSD6 supported wireless devices (atheros recommended for full functionality)
- Systemstatus with realtimegraphs including SWAP usage monitor
- ALTQ traffic shaping with integrated magic shaper wizard
- Queuegraphs for Trafficshaper
- Edit file option
- Execute command now in menu
- SSH Support
- Console support on COM1
- FTP-Proxy
- enhanced ALIAS-system
- enhanced configuration-system featuring a configuration history and partial config down-/uploads
- a lot of small “helpers” that make admins life easier
- Packages!
- pfflowd – converting PF-status-massages to Cisco NetFlow-Datagrams
- PFStat – Graphing
- NTOP – Enhanced network history data
- STunnel – wrap standard ports with SSL
- Squid Transparent Proxy
- arpwatch – watch ethernet/ip-adress-pairings
- assp – Anti-Spam-Proxy
- freeradius – Radiusserver
- mtr – enhanced traceroute
- nmap – networkscanner for security auditing
- siproxd – proxy/masquerading for SIP-protocol
- spamd – fake SMTP-Server as Spam-Tarpit
- iperf – bandwidth-measuring
- netio – bandwidth-measuring
m0n0wall base features
- web interface (supports SSL)
- serial console interface for recovery
- set LAN IP address
- reset password
- restore factory defaults
- reboot system
- wireless support (access point with PRISM-II/2.5/3 cards, BSS/IBSS with other cards including Cisco)
- captive portal
- 802.1Q VLAN support
- stateful packet filtering
- block/pass rules
- logging
- NAT/PAT (including 1:1)
- DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface
- IPsec VPN tunnels (IKE; with support for hardware crypto cards and mobile clients)
- PPTP VPN (with RADIUS server support)
- static routes
- DHCP server
- caching DNS forwarder
- DynDNS client
- SNMP agent
- traffic shaper
- SVG-based traffic grapher
- firmware upgrade through the web browser
- Wake on LAN client
- configuration backup/restore
- host/network aliases
Categories: Bookmarks, Hosting, Linux, Networking, Tech, Tech-IT Tags: ALTQ traffic shaping, clustersyncing, firewall ieftin, pfSense roouter, Plung-n-Play, rooter profesional
