Good (linux based) firewall/router solution?

[coolVariable]

We currently run Pfsense on an old desktop, which works very well with the exception of the problems inherent in BSD for VPN support.
As such, I will need to switch to another solution.

Any suggestions for good (and well/actively supported) linux solutions for a firewall/router. Stability and security trump above all.

 

[Icecold]

We currently run Pfsense on an old desktop, which works very well with the exception of the problems inherent in BSD for VPN support.
As such, I will need to switch to another solution.

Any suggestions for good (and well/actively supported) linux solutions for a firewall/router. Stability and security trump above all.

I've been very happy with IPcop and anybody I've talked to who run Smoothwall seem very happy with that. I run IPcop on an old Pentium 4 with 1GB of ram and it runs flawlessly.(will most likely switch over to an Atom box I have for lower power usage soon). I have no issues maxing out my 50mb down / 5mb up internet that I use it with, and have no security concerns with it either.

How many users, what it's used for, and how much bandwidth will be going through it will need to be known to be able to give genuine good recommendations.

 

[jumpncrash]

I started with Smoothwall, was just fine, did it's job, then I switched to IPCop, worked great for a couple years, but I finally decided I needed additional options, so I have now moved on to PfSense.

it really depends on what you need to do

As for specs on the machines, I have move around quite a bit, but istarted on p166, moved to dual P2 400, then to P3 733, and back to P2 400, i have a 16/1.5 link and have no slowdown issues.

You would be surprised how little hardware you really need.

 

[ScoobMaster]

You didn't specify, but if this is for personal (home) use and not commercial, you can use Astaro security gateway (a full enterprise-class product) for free. You sign up at their website (http://www.astaro.com) and get a FREE home use license for up to 50 connected devices (ip addresses). I manage one for a K-12 school district and also have one running at home. You get a full firewall/packetfilter, inline virus scanning, web filtering, mail security, VPN functionality, and web application security.

Their is a bit of a learning curve, but it is very powerful software that can be as simple or complex as your needs require. I have me home setup running on a small barebones Atom D520 box with 2 Gb of ram that I bought from Newegg for under $150 (but older hardware you have laying around may work just fine).

There is good community support in their forums too - check them out if you have questions or want to learn more: http://www.astaro.org

*EDIT*
Here is the direct link to the free home version page:
http://www.astaro.com/landingpages/en-worldwide-homeuse

 

[drebo]

Juniper gear is technically FreeBSD-based and its speed, featureset and reliability trump every single open-source or closed source linux-based "firewall" any day.

Would suggest Juniper.

 

[Jimmah]

Mikrotik has some excellent devices, huge flexibility and customization options, 2-5w use and cost about 604 for the higher end home models, the bigger rack mount models are amazing for businesses, and inexpensive.

 

[RadiclDreamer]

Juniper gear is technically FreeBSD-based and its speed, featureset and reliability trump every single open-source or closed source linux-based "firewall" any day.

Would suggest Juniper.

I would suggest them or an ASA as well, but by the looks of it they want something cheap. In that case I suggest smoothwall

 

[drebo]

mikrotik is shit. Wouldn't touch it with a 10-foot pole.

 

[coolVariable]

So far it looks like
2 for Smoothwall
2 for IPCop
1 for Astaro
0 for Mirotik (+1 -1 = 0)

It's for a small biz.
Pfsense is great but for the VPN issues (if there was a fix for that, they would be set).

 

[Geofram]

I'd second the recommendation for Astaro. However, it's not specifically routing software - it does routing, but it does a whole lot more too. So it's not quite in the same category as Smoothwall or IPCop. Those are more specialized to just doing routing work.

 

[drebo]

So far it looks like
2 for Smoothwall
2 for IPCop
1 for Astaro
0 for Mirotik (+1 -1 = 0)

It's for a small biz.
Pfsense is great but for the VPN issues (if there was a fix for that, they would be set).

If it's for a business, go with Juniper.

Ask yourself: if internet goes down, how much is it going to cost you? If nothing, then by all means go with something that's community-created, patched, and supported. If you're liable to lose money when your internet doesn't work, buy something that has a support center you can call.

 

[ScoobMaster]

If it's for a business, go with Juniper.

Ask yourself: if internet goes down, how much is it going to cost you? If nothing, then by all means go with something that's community-created, patched, and supported. If you're liable to lose money when your internet doesn't work, buy something that has a support center you can call.

To be fair, Astaro is an Enterprise solution with full support if you purchase the business license (backed by Sophos since they recently bought out Astaro and assimilated them into their business). You get just the community support when you use their free-for-home-use license. You can purchase just the software, a virtual machine, or a full hardware solution.

Astaro licensing version options