which firewall distro for my network?

Discussion in 'other firewalls' started by zakazak, Jan 1, 2012.

Thread Status:
Not open for further replies.
  1. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Hi, I believe my ISP Router (some fritzbox) is too weak to handle my network. First it's only ment for 8mbit/s connection (and I have 20mbit/s) and second the CPU is always between 80%-100% (probably due to the ~8 devices which face the internet 24/7.. 4 of them with torrents running). So I thought I would use my old home-server to handle my whole network and then go with it into the fritzbox. The fritzbox would only handle one internet device then. As the fritzbox is a modem & router in once, I can't really skip it?

    Anyway, the system would be a:
    Dual Core 2 Duo 2,6Ghz
    2GB RAM

    Now, which distro would you guys recommend?
    So far I thought about:
    IpFire
    Untangle
    pfSense
    Zentyal

    Security is a big factor and I like the "traffic scanning" features. But I wonder if those will slow down my internet? The devices in this network do everything. Gaming,torrent,browsing,ftp-server,mails,etc...

    Thanks
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    if you can, find a router that can cope with more than 8mbit. Secure or not that will continue to be a bottleneck
     
  3. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    The question is, can the router also handle that many connections? Looking at my HTPC with uTorrent running I have 417 outbound connections and 297 inbound connections.. that's 1 device out of ~7.

    Also I would need a good router (I guess best would be if it support dd-wrt?) which has a built in modem :/
     
  4. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    I guess I will go for untangle. Think it provide a lot of features and security addons. I just hope that it won't slow my network speed :eek:
     
  5. deim0n

    deim0n Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    2
    Location:
    USA
    I've used both Untangle and pFsense. I'd probably go with pFsense for the speed. You can still use Snort, Squid and other IDS type packages.
     
  6. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Tried pfSense today.. using the live-cd worked.. could see the webinterface and configure around. Then I wanted to install it. Tried it 3 times.. after installing it tried to boot up and when you come to the screen with the options 1-8 it always freezed there :/
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    To try and skip your ISP's provided router/modem combo, look on the fritz's configuration page. Often these modem/router combos have an option called "bridging mode" which disables its router function so it becomes solely a modem. You can then connect your own router to it. That may alleviate your problems.

    With all the uploading you are doing, you should really look into performing some QoS at the router level so you prioritize ACKs coming from your PC's. It'll make web-surfing and such much more pleasent when you also are torrenting.

    Cheers,

    Alphalutra1
     
  8. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    if you looking for making a distro base firewall for home use not commercial then astaro security gateway

    i tried all but like astaro more and stick with astaro security gateway if you dont want antivirus proxy filters .......like features you can use it without them as well there is another 2 great distro i highly recommend if you not looking for built in antivirus in firewall thats

    endian and pfsense you get every thing speed to security and ease of use :thumb:

    you can try astaro online live demo it give you idea

    http://www.astaro.com/resources/astaro-live-demos

    i am using astaro gateway since my speed was 256kbps

    now its 2mb till 20gb after that 256K so you can imagine :D

    i dont use gaming or p2p but they are filter for them i blocked them.....etc all my need filtration with antivirus IPS ............etc it take about 4-5 kb speed loss only when you get speed in mbs you hardly notice

    also there option of caching data if you disable it your data flow through ram only and its pretty more fast as hardisk in not caching data.

    the connections that astaro supported is about 32000 connections at a time i guess its more than enough for a home users
     
    Last edited: Jan 10, 2012
  9. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  10. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677

    one more thing i like forget to add when you remove and re-install some partitions left not 100% clean best way when you install again some other UTM/router base distro use gparted tool and manually delete partitions and apply ok then start with blank nonpartition disk it work like candy

    http://www.dedoimedo.com/computers/gparted.html

    http://distrowatch.com/table.php?distribution=partedmagic

    just delete all partitions and apply ok simple like that then install :thumb:
     
  11. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    I only upload when no one is at home.. but yes QoS will still be needed.

    Astaro looks pretty complicated to me :/

    Another problem: I would also share HDDs in my router with the whole network :/ So I can also use it as some kind of NAS.
     
  12. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    well then you can try Zentyal or ClearOS
     
Loading...
Thread Status:
Not open for further replies.