LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-06-2014, 01:35 AM   #1
D0zer
Member
 
Registered: Jul 2014
Location: Johannesburg, South Africa
Distribution: Gentoo
Posts: 30

Rep: Reputation: Disabled
Linux Firewall Router Recomendations


Hi All

I have a client who wants to start utilizing 2 ADSL lines in the office. They are a print company and the graphic design department download big files, which slows the network down for everybody.

One idea is give the graphics department their own adsl, very seldom do the graphics design people share information with the general office. This would means 2 different networks.

I started researching the option of a pre built Linux Distro. Zeroshell I have been told is pretty good. I know there are others like ipcop, smoothwall, possible Packet Fense.

I think the better route would be a Linux based router, firewall, for load balancing and fail over capabilities to run both ADSL lines.

Has anybody got any recommendations of which distro to use ?
 
Old 09-11-2014, 06:37 PM   #2
ironwalker
Member
 
Registered: Feb 2003
Location: 1st hop-NYC/NewJersey shore,north....2nd hop-upstate....3rd hop-texas...4th hop-southdakota(sturgis)...5th hop-san diego.....6th hop-atlantic ocean! Final hop-resting in dreamland dreamwalking and meeting new people from past lives...gd' night.
Distribution: Siduction, the only way to do Debian Unstable
Posts: 506

Rep: Reputation: Disabled
I like ipcop for home but astaro security for small business....ipcop works for small business too.
It depends what you need and while most have the same options there are quite a few that have specific options. I like ipcop because of the modularity of it and its plugins.
Astaro is sophos now, i dont do sophos anything, but thats me. Its also not free.
pfsense is strong if you dont mind bsd type system.
 
1 members found this post helpful.
Old 09-12-2014, 03:06 AM   #3
D0zer
Member
 
Registered: Jul 2014
Location: Johannesburg, South Africa
Distribution: Gentoo
Posts: 30

Original Poster
Rep: Reputation: Disabled
Thanks for the reply ironwalker. I will have a look at ipcop I think, I played with that a few years ago, it seemed pretty simple to get up and running.
 
Old 10-07-2014, 06:04 PM   #4
pddm
Member
 
Registered: Sep 2005
Distribution: Mint 19.2
Posts: 112

Rep: Reputation: 15
If you want to manage your traffic through both ADSL lines and have Netbalancing and Failover Rules then you should definitely look at ZeroShell.
I have been using it for about 2 years now and it has been a great solution for us.
At the time it was the only opensource solution for more than one internet connection, and I beleive there are not many more now.
 
Old 10-12-2014, 06:15 AM   #5
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
i have used pfsense, it is really nice.
 
Old 10-13-2014, 06:25 PM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Quote:
Originally Posted by D0zer View Post
Thanks for the reply ironwalker. I will have a look at ipcop I think, I played with that a few years ago, it seemed pretty simple to get up and running.
id second that, but IPCop has not been updated in several years. they replacement is now IPFire. they took over were IPCop left off, this includes, but not limited to IPv6 support. IPCop can not support IPv6.

i personally still use IPCop at the house and will upgrade to IPFire either when my ISP changes over to IPv6 or when my hardware dies. as it stands my IPCop is more then 15yr old and still running strong. only reason it was rebooted in the past 459 days was a longer then normal power outage at home that the UPSs could not keep it up for the full time.
 
Old 10-14-2014, 03:15 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,496

Rep: Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559
Quote:
Originally Posted by D0zer View Post
I think the better route would be a Linux based router, firewall, for load balancing and fail over capabilities to run both ADSL lines.
Consider who will have to support this in the long-term. Your client may find that some form of dedicated hardware device with a known/documented web front-end would be a better option if they are going to have to "self support".


For example in the past we've used a Fortigate C80 which has a good browser interface and we've used that with two internet connections to do segmenting of traffic based on workstation IP address, certain workstations having URL filtering, others with bandwidth limitations, other things like destination hosts that are allocated a guaranteed minimum bandwidth etc.
 
Old 10-17-2014, 12:22 AM   #8
D0zer
Member
 
Registered: Jul 2014
Location: Johannesburg, South Africa
Distribution: Gentoo
Posts: 30

Original Poster
Rep: Reputation: Disabled
Thanks for the replies everybody.

TenTenths you raise a very valid point.
Quote:
Consider who will have to support this in the long-term. Your client may find that some form of dedicated hardware device with a known/documented web front-end would be a better option if they are going to have to "self support".
Recently this particular client got told their Netgear Router was faulty by a Telkom Technician. Nobody in the office was able to verify this, they went out and bought a new router which they where unable to configure so phoned me to come set it up for them. I tested the original router and it had been reset to factory defaults which is why it did not work. They a print and design company, they get by doing basic IT related things. With reference to what TenTenths said about self support as an option, one has to ask the question who is going to be responsible for maintaining and managing the solution.

If one implements a custom solutions then configuration, passwords ect should be well documented for the clients records.
 
Old 10-17-2014, 11:01 AM   #9
Parbold
LQ Newbie
 
Registered: Oct 2014
Location: West Midlands
Distribution: Centos, AmazonLinux, RedHat, Oracle Linux
Posts: 4

Rep: Reputation: Disabled
For a cheap feature rich external firewall with good support and multi-egress abilities(*), have a look at Cyberoam

http://www.cyberoam.com/

Demo of a 'live' box - http://demo.cyberoam.com/
Documentation etc: http://docs.cyberoam.com/

You can ruleset traffic from specific IP Addresses / MAC addresses (or even logged in users by username or group) to go via one gateway, and all other traffic to go through another ... and still have both traffic streams failover to the other gateway if one becomes unavailable.

i.e.:
Graphics users via ADSL#2, unless it fails then fall back to ADSL#1
All other users via ADSL#1, unless it fails, then fall back to ADSL#2

With the basic model (25 range, not the limited 15 range) you can have 1 local network and 3 WAN ports in the basic setup
If you add VLANS and a managed switch into the mix, you could put *lots* of ADSL routers on each of the secondary ports (traffic throughput being the limiting factor)

One HA cluster I set up for a business used 2 x CR50 in HA, whereby the browse traffic was pushed over ADSL#1, ftp, ssh via ADSL#2 and commercially important stuff (inbound/outbound eMail & VPN etc) came in via 10Mb leased line.
On the odd occasion I did have to call support, response was within 30 minutes and resolution was quick.

I have been using it for many years now, and it offers features not usually found in firewall devices 5x its price.
HA, IDS, IPS, SpamFiltering etc - the interface takes a bit of getting used to, but once you do; its capabilities are staggering.

I have one at home (although this was bought pre-sophos times, so I cannot comment on the sales avenues any more)

If you want to build your own - I personally prefer pfSense. If you dig into it a little, you can customise it pretty much any way you care to.
HA, Squid, Snort etc etc etc.
Supporting pfSense would fall on your shoulders however

---------- Post added 10-17-14 at 05:01 PM ----------

For a cheap feature rich external firewall with good support and multi-egress abilities(*), have a look at Cyberoam

http://www.cyberoam.com/

Demo of a 'live' box - http://demo.cyberoam.com/
Documentation etc: http://docs.cyberoam.com/

You can ruleset traffic from specific IP Addresses / MAC addresses (or even logged in users by username or group) to go via one gateway, and all other traffic to go through another ... and still have both traffic streams failover to the other gateway if one becomes unavailable.

i.e.:
Graphics users via ADSL#2, unless it fails then fall back to ADSL#1
All other users via ADSL#1, unless it fails, then fall back to ADSL#2

With the basic model (25 range, not the limited 15 range) you can have 1 local network and 3 WAN ports in the basic setup
If you add VLANS and a managed switch into the mix, you could put *lots* of ADSL routers on each of the secondary ports (traffic throughput being the limiting factor)

One HA cluster I set up for a business used 2 x CR50 in HA, whereby the browse traffic was pushed over ADSL#1, ftp, ssh via ADSL#2 and commercially important stuff (inbound/outbound eMail & VPN etc) came in via 10Mb leased line.
On the odd occasion I did have to call support, response was within 30 minutes and resolution was quick.

I have been using it for many years now, and it offers features not usually found in firewall devices 5x its price.
HA, IDS, IPS, SpamFiltering etc - the interface takes a bit of getting used to, but once you do; its capabilities are staggering.

I have one at home (although this was bought pre-sophos times, so I cannot comment on the sales avenues any more)

If you want to build your own - I personally prefer pfSense. If you dig into it a little, you can customise it pretty much any way you care to.
HA, Squid, Snort etc etc etc.
Supporting pfSense would fall on your shoulders however
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding new Linux firewall/router on network with pre-existing gateway/router grittyminder Linux - Networking 4 08-13-2008 02:17 AM
Linux router/firewall jag2000 Linux - Security 5 01-02-2008 09:05 PM
Small Linux Router/firewall behind D-Link Hardware router dleidlein Linux - Networking 6 04-30-2007 05:12 AM
linux as router/gateway/firewall to dsl-router sjoerdvvu Linux - Networking 2 02-24-2006 10:56 PM
Recomendations on new firewall solution vrillusions Linux - Security 8 06-12-2004 02:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration