Help in picking out a firewall box distro ?
Our home network has 5 PCs and a wireless router on a cable-modem connection at present.
Nothing very complicated.
I used to have it all protected by running it through an ancient win98 PC running Sygate Home Network® and BlackIce, but it got beyond it's years...so I looked around and saw many glowing recommendations in favour of the Astaro Security Gateway praising how wonderful it is - and free for home users - so I downloaded & installed it and then the fun began...
I'll happily explain later why I am very disappointed with it - but for now I wish to ask for help, please.
I'd like to replace it with something which works well - but which does not require one to be a career sys-admin to configure it.
If possible these are the features desired:
* Free for all the features I'm listing here.
* Very easy/basic configuration for all features.
* Firewall protection for the home network.
* Some kind of virus protection included.
* Wireless abilities for either an access point or control of a router.
And if possible, these 2 other things would be wonderful:
1. Secured access to some files at home for when I am at work.
2. Storage in the same system for those files.
Nobody needs any special things for gaming or such fancy stuff, this is all basically just for email & normal browsing.
Some time back I tried installing & setting up Clark Connect (now ClearOS), and a few others found at this list (with very little success)=>
(And since that list was put up & updated alot of them have started charging to get all their features - and some have such poor documentation that it is like staring at alien symbols just to try and figure out their web-sites !!!)
I don't want to try navigating this subject anymore by sheer trial & error, so I am hoping some folks will guide me to a solution which is easy enough for a dummy like me to install, set-up, and use.
(Thanks for any help !!!)
Regarding Astaro - they DO allow home users to license their ASG software for 5 years for free, which is very nice, but there is a bit of trickery too, meaning - it is intended for sys-admins and network engineers so they can use it at home, see how great it is, then recommend it for their work - so it's REALLY just a promo for paying customers and they say so openly.
And, when an ordinary Joe like me asks for help he gets snotty answers, made fun of, and told to read the (very intimidating) 600 page manual, which is as unhelpful a thing as I've EVER seen.
ASG has everything including the kitchen sink - BUT=> I simply cannot understand the manual well enough to get the wireless & remote access working and I quit trying to get help from their forum after I got slapped around verbally too much anytime I asked for help.
Replies there just basically say 'Look fool, this is a GREAT tool for the big boys, and you're just a nobody, so bugger off !'.
So here I am, humbly asking as just a regular guy for help in hopes I can get some good help MINUS the broken nose !!?
Again, thanks for any help.
take a look at using centOS6.2 in a text only install
Begging your pardon Sir, but:
(I am no Linux guru by any measure !!!)
cent is the free rebuild of red hat
for a router you do NOT want a gui installed
It is a security risk
CentOS/rhel has a long life support ( right now 5+ years for cent)
I very much doubt that I can handle a CLI-only Linux, and (for example) the Astaro has an extensive GUI, but seems as tight as Fort Knox...we don't need the security that a bank needs...and as I said in my OP, the ancient win98 box worked just fine for us for many years.
I have looked at their site and it's wiki - but I see no advantage - and certainly no inferences to ease of configuration & use compared to either an Ubuntu-based distro or a dedicated gateway distro.
Once again I say:
I am no Linux guru by any measure !!!
One option among many which I have looked at and rejected is the GUI-less Devil Linux.
If I was looking for a new profession - learning how to configure & operate one like that would make a great choice (but I'll leave that work for someone else...phew.)
when I take your info correct you have a wireless router so you would not have the firewall do the wireless stuff, right? If you do need the firewall to handle the wireless stuff I guess that realy shrinks done the options you have cause there are just a few free fw distros that handle wireless do any good extend. At least what I know from looking at various fw distros 3 years ago.
A somewhat easy but daring solution would be to put a new firmware on your router and go from there. There are 3? open firmwares that are based on linux and do the firewall stuff.
As complete firewall distros I would recommend due to your likings:
or if youre more daring
In your case I would stick to endian and see how you fare.
Hmmm, I am far from sure that this is helpful, but you can always say that it was unhelpful...
There is a website that describes how to do almost everything that you say want to do and (IMHO) it is well explained and should be clear to even a newbie (...well, a newbie with at least a little enthusiasm to learn about networking and the enthusiasm to read the materials, which aren't short...). Would that be helpful? Anyway
Unfortunately, it is Red Hat based, so I'd have to suggest Centos (or Scientific Linux) as the least complex free distros to use it as a 'cookbook' on, and that currently might not be to your taste. (And, by the way, essentially the same material is available in 'The Linux Quick Fix Notebook' by Harrison, and, while that hasn't been updated recently, you might find that as a free download somewhere or another.)
There is also some networking material on 'yolinux' and while there is less to read on Yolinux, the trade-off is that Linuxhomenetworking is probably more thorough and better explained (although you'd expect that, if you take into account that there are more words).
Wow - such helpful folks - thanks for all the replies folks !!!
To the content...here's how it looks to me:
I will have to get it, and try to install/try it, and then I'll have a better idea.
For me this sort of effort happens only on weekends and then only when there's no other pressing matters, so it may be in a week or two that I can get & try it.
Thanks Folks, you're a very helpful bunch !!!
You can boot and run pfSense directly from a CD in a live session if you just want to get the feel of it before you go ahead and install it.
Just for the record here...a bit of progress:
I looked around for what others have recommended and found some pfSense info that worked very well for me (so far).
Grabbed the correct image file here:
Image Writer for Windows, here:
Instructions which brought me to the above download:
Unpacked the IMG file using Winrar, had an old 1GB stick right on hand - used the image writer to put it onto the stick - and booted my notebook with it right away as a test.
Since the NB has wired + wireless NICs it detected both and fully booted=> all looks fine.
Now I am ready for the weekend's test of it (assuming nothing else preempts my time & plans as -ahem- seems to so often happen...).
Thanks for the pointers folks !!!
Looks to me that (as long as I don't screw it up...) pfSense will do what I'm after quite easily (all but the external file sharing, which is a lower priority).
I can slip it right into use if it works out right and then the whole famn damily will have their wired & wireless gadgets working WITH a good firewall in place - a happy solution once it proves out.
I'll post again after I've had the chance to try it 'live'.
I used to promote Untangle. I haven't used it in a while so it may not fully suite all your needs in the free version. Check it out or try it to see.
Which makes it look very complete, and their wiki pages indicate it's easily able to turn a wireless router into an AP the same as others do.
The only thing which baffles me is that when all these types of distros are installed to a hard disk and take the whole thing up - why don't they also include some means to use a chunk of that or even another mounted drive as protected file-sharing ?
In a household situation like we have I will feel very foolish if it takes some fancy footwork to get a VPN connection which then needs some other h/w to be running 24/7 to be useful at all.
Is there any way to do what I'm asking - or is it foolish of me to even ask this question ???!
I haven't been testing it lately. The features kind of changed more to for pay but it looks like they went back to more free.
Don't know what you mean vpn full time. Some common isp's make that difficult to follow ip changes and switch changes.
|All times are GMT -5. The time now is 09:52 PM.|