[AusNOG] Gateway Router firewall
Cory Hawkless
Cory at Hawkless.id.au
Wed Jan 11 12:45:45 EST 2017
I've used the BGP functionality on pfSense via the OpenBGPD package and it works well. I found it a little quirky when you override the default configuration then go back and make changes in the 'Wizard' section, but getting CLI access to the box and opening the config files soon shows you exactly what's going on.
-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Glenn Hocking
Sent: Wednesday, 11 January 2017 9:59 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Gateway Router firewall
Thanks for all the responses regarding gateway router/firewall software. I investigated them all :-)
For my situation I am going to try out pfSense, it seems to have come a long way since I last tried it. It seems to do everything I need, plus the CARP redundancy looks great! My hand rolled perl scripts to achieve gateway device failover do cause me some anguish.
I currently use or have played with many of the packages listed but the following pfSense features URL does state that 'Packages: Some are in beta stage'. The primary package that I will need under pfSense is the OpenBGPD. I currently use Quagga bgpd.
Does anyone have any comments of current pfSense additional package use? such as what to use, what to steer clear from? Should I install only what is needed or its resilient and packages can be easily installed, played with and removed without issues even in a production environment. I do test obviously first, but test environments are never conclusive.
https://doc.pfsense.org/index.php/Features_List
The end result of this is to have reliable gateways that other engineers can also manage ad hoc and for me to be able to sleep peacefully at night. I'll post me results of this exercise if other wish.
Cheers
Glenn Hocking | Managing Director
Woosaw Pty Ltd | www.woosaw.com.au
Sydney Office: +612 8090 3441 | Mobile: 0420 942 641 PO Box 391 │ Pyrmont NSW 2009 | Australia
On 10/01/2017 11:55 AM, Glenn Hocking wrote:
> Hi All
>
> For many years been using hand rolled router/firewall boxes for my
> hosting network gateways. Time for an upgrade but still want the
> flexibility of Linux based systems. Just wondering what others like in
> this area and recommend as assume there should be some good hardened preconfigured systems available now. Prefer open source Linux and free.
>
> What I currently use is,
>
> OS: Debian Linux
> BGP: quagga
> Firewall: iptables
> Load balancing and HA: ipvsadm + perl
> Monitoring: ipt_netflow + nfsen
>
> Cheers
>
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list