[AusNOG] Gateway Router firewall

Mike Everest mike at duxtel.com
Wed Jan 11 13:51:05 EST 2017

You can also get full routing and firewall functionality from routerOS with a free license.  Paid license gets advanced features like more than 1 of each VPN session/s.





From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Alex Samad
Sent: Wednesday, 11 January 2017 12:54 PM
To: Cory Hawkless <Cory at hawkless.id.au>
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Gateway Router firewall


Can I suggest routerOS 





Roughly $50 for a virtual vm license..




On 11 January 2017 at 12:45, Cory Hawkless <Cory at hawkless.id.au <mailto:Cory at hawkless.id.au> > wrote:

I've used the BGP functionality on pfSense via the OpenBGPD package and it works well. I found it a little quirky when you override the default configuration then go back and make changes in the 'Wizard' section, but getting CLI access to the box and opening the config files soon shows you exactly what's going on.

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net <mailto:ausnog-bounces at lists.ausnog.net> ] On Behalf Of Glenn Hocking
Sent: Wednesday, 11 January 2017 9:59 AM
To: ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net> 
Subject: Re: [AusNOG] Gateway Router firewall

Thanks for all the responses regarding gateway router/firewall software. I investigated them all :-)

For my situation I am going to try out pfSense, it seems to have come a long way since I last tried it. It seems to do everything I need, plus the CARP redundancy looks great! My hand rolled perl scripts to achieve gateway device failover do cause me some anguish.

I currently use or have played with many of the packages listed but the following pfSense features URL does state that 'Packages: Some are in beta stage'. The primary package that I will need under pfSense is the OpenBGPD. I currently use Quagga bgpd.

Does anyone have any comments of current pfSense additional package use? such as what to use, what to steer clear from? Should I install only what is needed or its resilient and packages can be easily installed, played with and removed without issues even in a production environment. I do test obviously first, but test environments are never conclusive.


The end result of this is to have reliable gateways that other engineers can also manage ad hoc and for me to be able to sleep peacefully at night. I'll post me results of this exercise if other wish.


Glenn Hocking | Managing Director
Woosaw Pty Ltd | www.woosaw.com.au <http://www.woosaw.com.au> 
Sydney Office: +612 8090 3441 <tel:%2B612%208090%203441>  | Mobile: 0420 942 641 <tel:0420%20942%20641>  PO Box 391 │ Pyrmont NSW 2009  | Australia

On 10/01/2017 11:55 AM, Glenn Hocking wrote:
> Hi All
> For many years been using hand rolled router/firewall boxes for my
> hosting network gateways. Time for an upgrade but still want the
> flexibility of Linux based systems. Just wondering what others like in
> this area and recommend as assume there should be some good hardened preconfigured systems available now. Prefer open source Linux and free.
> What I currently use is,
> OS: Debian Linux
> BGP: quagga
> Firewall: iptables
> Load balancing and HA: ipvsadm + perl
> Monitoring: ipt_netflow + nfsen
> Cheers
AusNOG mailing list
AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net> 
AusNOG mailing list
AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170111/da72c93b/attachment.html>

More information about the AusNOG mailing list