let talk about linux router/gateway/utm

do you use any linux based router/utm distro hows you experience so far?

i start with smooth wall pretty fast firewall then a wise monk named YeOldeStonecat told me about endian

i try it and stay with it for 2 years all my windows system are pretty happy behind it for 2 years

after that i got to know utm like untangle, astaro they colorfull screen and features and then i was bitten by curiosity virus bug so i save money and built a dual core 2.66 2 gb ram........for utm just to know..........that #$#$ is astaro, untangle..... looking so colourful nice linux utm's is all about

i date with almost every utm/router girl........and end up with open relationship with astaro for last for 2 years or so.......every time i feel bore and look for other options .........she(astaro) shock me with her new updated features, Stylish polish look and stability of good behaving girl

i wish my real gf would learn something form that and keep updating

https://www.wilderssecurity.com/showthread.php?p=1766767#post1766767

 

Hi, why to use a full PC for a router when you can buy a cheap one with similar functions( atleast basic functions needed) and much smaller in size. And all routers do use some sort of linux OS as their firmware I think( embedded linux).

 

well i spend about 300$ to build my pc. OS is free also i can switch from one OS to another if i dont like the router features same as linux its about freedom which is not available in 300-600$ routers

yes you say about DD-WRT Tomato...etc still they are very basic.

last but main thing is gateway like astaro is enterprise class and they give free OS from home use with full enterprise features for 100 users which is very rare and very generous of them so i dont mind having enterprise class protection at home.

as far as price

http://www.astaroguard.com/Astaro220.asp

http://www.astaroguard.com/Astaro525.asp

http://www.astaroguard.com/Astaro-Security-Gateway.asp


and you spend 300$ to make one for home and if you dont like it you still have plenty of options like untangle which is another great one UTM

http://www.untangle.com/

its not about linux or just about router or just a utm its pretty much more.

please see the demo and check network security and web security features

http://demo01.astaro.com/

also

flash video

http://www.astaro.com/products/astaro-security-gateway-software-appliance

you see what my point is

please also check site i mention below and on my 1st post

http://forums.speedguide.net/showthread.php?t=235860

and for small size you can build a nettop with dualcore

 

I used a router for years and all your traffic gets bottle necked when you use torrents, and other programs that require a lot of connections. They generally can't handle over 200 to 300 connections without running into problems. Even if you don't use torrents you could have several computers on your network with each having 50 open connections. That would be more than enough to overwhelm your router. I have 4 desktops, and 1 laptop on my home network, and I know a router cannot handle the traffic. If you don't have broadband internet then sure that wouldn't be an issue to begin with. I'm not saying everyone should go out, and get a UTM device by no means. Some of use just want that extra security, and need the performance that a router cannot provide. If you use a UTM device you have the benefit of having a gateway AV, Antispyware, and many other features that most routers do not offer. You have the option of using Trend Micro on some routers, but they were not designed well for using the features that a UTM offers. A router can barley handle many connections without an AV, Antispyware or mail filtering. Adding those features to a router will overwhelm your router under heavy traffic. Trend Micro would not be my choice of AV's, but to each his / her own. If your like me you have a lot of fun building things, and its not a burden to build your own UTM appliance. So if you have the means then why not?

 

i agree with you Cutting_Edgetech my thread is not not here to push people to make utm ......etc i chose this thread to purly discuss on linux base routes which some how i feel neglected from a long time.

you can run them as demo on virtual mode like vmware....etc which i dont know at my time and explorer that part of world as well.

astaro free can handle 3200 concurrent connections but it depend on pc hardware as well.

Astaro also start providing 64bit from its version 8 but i chose 32 bit because it give me some problem but i guss it might me solved now as it on 8.02 version i wait little more may be 6 month to years.....so 64 bit get little more mature. and second reason

so far 32 bit runs like a butter i dont want to remove it.

 

OK, I just want to ask they offer the free version for home. That means they are offering even free UTM based AV? If so, what AV engine they are using? Detection rate etc?

Thanks

 

not all give free

but untangle give kaspersky on paid one for home use and for free its has clamav also they have anti spyware Vpn Qos......etc many extra features its build one debian linux core

astaro give enterprise avira on single scan and on dual scan clamav its free for home use its build on suse enterprise linux

endian give clamav on free and on paid it got sophos scanner

its build on hardened centos

there is also one which i like to mention which is not utm but best enterprise class firewall

thats pfsense its build on harden free BSD you can run it on p2 computer as well with little as 128 mn ram or run from live cd and saving your configuration on usb pen drive

http://www.pfsense.org/index.php?option=com_content&task=view&id=45&Itemid=48



it also got many features addons but...best part is

CARP from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active.

http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43

my hardware didnt support pfsense if you got an old pc and its hardware supports its worth trying i promise you wont be disappointed with it

http://www.youtube.com/watch?v=e_XgY6jqLeQ



http://www.pfsense.org/index.php?option=com_content&task=view&id=45&Itemid=48

http://www.youtube.com/watch?v=e_XgY6jqLeQ

astaro and untange are resurce hungery so need good hardware

i love features of astao like it got flash java blocking

MMIE blocking, extension blocking, country blocking, very good IPS which blocks attacks launch from LAN as well which i hardly seen on router

many features like antispyware snort vpn one of best spam filter email enterprise level encryption ..... 3 login attempts then it block for 600 sec you can increase that time as well auto update etc.

 

While I like home-built routers, I prefer plug-n-play stuff. Just not worth the hours of effort of tweaking, fiddling, optimizing, polishing, petting, cuddling, and worshiping. I'm a fairly decent p2p users and things work out fine with standard routers. Even with older routers and/or older operating systems on clients.

Cheers,
Mrk

 

I have an old Buffalo router running the Tomato firmware, which I think is a great blend of ease of use and features for home/small office use. I chose it over DD-Wrt due to being a bit faster and havin better QOS options (DD-Wrt has a bigger overal feature set - a lot of which I do not need).

200-300 connections can quite often be a limitation of your internation connection, especially in highly limited upstream bandwith. In my case I've never reached 400 connections 10Mbit/s down, 0.5Mbit/s up because the amount of ACK traffic generated by more than 350 connections running full-ish speed saturates my upstream. And CPU load seldon goes past 0.4 even running QOS and firewall and wireless.

 

yes i agree mrk 1st time it does take me hour or so for setting but now it take 15-20 mins approx after installation or just 2-3 mins if i restore

endian i find the most easy one it set up all most all basic thing just take few mins for setup and gui very easy

i hope to see your reviews on router base firewalls one day you reviews are very genuine knowledgeable with funny spices in them

 

I've tried to install Endian twice without luck. Both times it looked like the installation went OK, but then it wouldn't boot.

I stick to IPCop, very simple and I've had the best internet speed with it. Smoothwall and Clark Connect slowed down my connection (or I didn't configure the traffic shaping right). I've also tried Collax, but it's overkill for a home network.

Have you tried Vyatta? It's supposed to be very good if you have the patience to deal with the configuration.

 

Just a thought:
UTM basically is an all in one security solution. "All in one" and "security" doesn't rhyme for me, think attack surface and single point of failure (the latter not in the sense of uptime, hardware failure way which can be easily tackled with physical redundancy). But it all comes down to security vs convenience.

Talking about money:
A good router compatible with the popular *wrt based firmware costs 50 bucks and up, an Mini-ITX Atom PC can be had for ~150 then slap on one of free Linux/*BSD based firewall solutions. Proprietary gear with similar features and scalability costs several thousand dollars...

 

Hi, I installed it on VBox. What networking settings I use to access it from the HOST( Ubuntu)?

Thanks

 

bridged mode is the easiest way

 

Ok. Thanks

 

you mean it not even boot some time boot partitions give problem did you try gprated tool to delete all partition and apply ok after that install endian on all already clean hardisk

before using linux disto router/utm or reinstall again most of time linux partitions left and cause problem i have that few times my self so what i do is i delete all partition from gparted tool (ubuntu live cd as well many other have that tool)and then do the fresh install never have any problem after doing that.

thanks for putting that point it helpful for other as well please try that one i hope it help you

yes i tried Vyatta long time back once its feel like cisco console where you have to set every thing in command mode to be honest i feel too much to do

i prefer lazy gui simple way ...........where you need few mouse clicks restore and all work done and for changes again few more mouse clicks

thats why i prefer endian/clearos/astaro

also endian is initially based on ipcop+copfilter but now they change and make own from scratch

endian just install one interface which you set as green and you have to connect your lan cable to that interface to connect and to login ip and port 10443 for example https://192.168.1.1:10443

have you read that

http://www.endian.com/fileadmin/doc...guide/en/efw-admin-guide.html#efw.system.home

 

OK, thanks for the tip, I'll do that the next time I install. For some reason Endian was the only one I've tried that didn't install right. The installers always say it blows away any partitions and makes new ones, but I guess nothing is 100%

I'm on your side IPCop is also very easy, also my hardware is better suited to it. Right now I'm using an old Dell GX260 small form factor with a 2.0 Ghz P4, 512 MB memory and 20 GB drive (49 euros on eBay with 1 year guarantee). I don't think it's enough for Astaro or Untangle, what do you think? I also have a box with an AMD Athlon 64 3200, 2GB memory and 2 x 80 GB drives, but I'd rather not use it for this purpose.

 

hmm

as for minimum hardware requirements for installing and using ASG are as follows:

Processor: Pentium 4 with 1.5 GHz (or compatible)
Memory: 1 GB RAM
HDD: 20 GB IDE or SCSI hard disk drive
CD-ROM Drive: Bootable IDE or SCSI CD-ROM drive
NIC: Two or more PCI Ethernet network interface cards


source: https://support.astaro.com/support/index.php/ASG_Manual_8-002

you are happy with your following ip-cop i say you should stick with it.endian and ip cop dont have any difference they are pretty much same.

As for untangle and astaro

you need more ram also heavy on resources where ip-cop run

smooth like butter.

also i dont play online games/p2p if you do so dont go for astaro give you headache of setting

 

Astaro Tutorials Videos

http://www.astaro.com/support/how-to-videos

 

the problem I have found with home routers is that you can overload them.
to get a router with decent hardware costs alot of money.
the best home router ive found so far is from tplink.
it was cheap and its very reliable.

im tempted to have another look at utm thou.
last time i looked i couldnt find one that supported wireless.

 

wireless still not supported

but next astaro 8.1 going to support Access Points, WiFi controller...etc

http://distrowatch.com/?newsid=06324

http://www.astaro.com/news-events/press-releases/wireless-security-without-compromise

 

Untangle Gateway 8.0 release

http://distrowatch.com/untangle

http://www.youtube.com/user/untangleinc#g/u

 

I've used astaro, untangle, pfsense, ipcop, smoothwall, m0n0wall and a whole host of others on old machines, VMS and I also use a commercial appliance in the finjan NG1100 - looks awesome in metallic scarlet red, that can do not just antimalware - antivirus, antispyware traffic analysis but has behaviour blocking and 'antidote' for between patches, I'm also an old Snort user from way back when.

For free I really like astaro (their commercial appliances are pretty good also.) I just like playing around and getting things working, that's half the enjoyment for me and using that old hardware.