[TriLUG] Best appliance for Linux firewall?
Steven Pinkham
steve.pinkham at gmail.com
Mon Sep 2 20:17:38 EDT 2013
I picked up the EdgeRouter Lite a few days ago and quite like it.
It's a fork of Vyatta (a Debian derived router OS) with a proprietary
web GUI (also rollover console and ssh access for more complex stuff)
and network and crypto offload hardware.
Forwards full wire speed across all parts with the firewall turned on.
Right now VLANS aren't accelerated, but they are in the "alpha" release
(which you can download by joining the beta forum) that should make it's
way into an official release soon.
A good mix of fast, open (except the offload related stuff), small and
low-power. A bit overkill (and overcomplicated) for most residential
uses perhaps: Mine's going to be used for a course I'm teaching at
Interop and similar events with wicked fast networking. ;-)
Kevin Otte wrote:
> Just a heads up on the WNDR3800: I've iperf'd the thing and can only
> crank it up to 160Mbps. If all you're worried about is monitoring
> traffic on the paltry excuse for an Internet connection here in the
> states you're probably OK. If you intend to do any kind of inter-VLAN
> routing within your site with it, you'll hit a bottleneck pretty quickly.
>
> I have not had the pleasure of trying one of these, but I keep hearing
> good things: http://www.ubnt.com/edgemax#edge-router-lite At that price
> point (US$99) it starts to look quite attractive.
>
> -- Kevin
>
> On 08/08/2013 04:06 PM, Brian Henning wrote:
>> Hi Steve,
>>
>> I spy a USB port on the WNDR3800 as well. That could prove very
>> interesting. I think I may go that route. Thanks a lot!
>>
>> ~Brian
>>
>> -----Original Message-----
>> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
>> Behalf
>> Of Steve Pinkham
>> Sent: Thursday, August 08, 2013 10:50 AM
>> To: Triangle Linux Users Group General Discussion
>> Subject: Re: [TriLUG] Best appliance for Linux firewall?
>>
>> I would not go with the WRT54GL anymore as it's pretty slow these days
>> and doesn't even route fast enough for many home connections. The
>> WNDR3800 is well supported by openwrt and one often recommended at the
>> moment.
>>
>> The ALIX line is another one to consider for your use case, or you could
>> get one of many small atom computers.
>>
>>
>> On 08/08/2013 09:57 AM, Brian Henning wrote:
>>> Hi Gang!
>>>
>>> At home, pretty much all my services and stuff run on a single box, and
>> that
>>> box is starting to collapse under the weight. I'm ready to start
>>> divvying
>>> up functions across discrete devices. First to go is the firewall;
>>> not a
>>> heavy-hitter, but easy to carve off. So, what do people suggest as the
>> best
>>> appliance-form-factor Linux computer? Obviously 2+ NICs is the biggest
>>> priority. Here's what I've considered so far:
>>>
>>> 1) WRT54GL + OpenWRT
>>> Pros: Inexpensive, solid
>>> Cons: Don't need another WAP
>>>
>>> 2) Globalscale Mirabox
>>> Pros: Fast ARM CPU, could host additional services w/ outboard USB
>>> HDD
>>> Cons: Globalscale's iffy reputation, relatively unproven product,
>>> more
>>> expensive, possible to perma-brick
>>>
>>> 3) ???
>>>
>>> Enough storage to do traffic monitoring would be a plus as well.
>>>
>>> Cheers!
>>> ~Brian
>>>
>>> ------------------------------------------------------
>>> Brian Henning, Software Engineer
>>>
>>> /\ Pine Research Instrumentation
>>> //\\ 2741 Campus Walk Ave, Bldg 100
>>> ///\\\ Durham, NC 27705
>>> ////\\\\ USA
>>> ||
>>> || phone: 919.782.8320
>>> fax: 919.782.8323
>>> email: bhenning at pineinst.com
>>> ------------------------------------------------------
>>>
>>>
>>>
>>>
>>
>>
--
| Steven Pinkham, Security Consultant |
| http://www.mavensecurity.com |
| GPG public key ID E9E996C1 |
More information about the TriLUG
mailing list