2

I'm working on a project to replace my organisation's aging Slackware gateway/router/firewall machine, which will have several hundred users behind it. Previously we used rc.firewall but we are now looking for something more modern and easily configurable. The current requirements are (hopefully this is all of them, but I may have missed something):

  • Act as a gateway router & firewall
  • Port forwarding to a Terminal Server
  • IP/traffic accounting, i.e. ability to view breakdown of external traffic by originating address (preferably accessible via SNMP or rrdtool to integrate with cacti)
  • Possibility of acting as a PPTP server & routing these connections
  • Is not an out-of-the-box Cisco product (don't have the finances or support to maintain it)
  • edit: transparent proxy cache

I'd prefer to use Ubuntu or some other Debian-based distro but something that integrates everything we're looking for is certainly an option if it offers all the desired features and is easy to configure.

Is there a simple set of packages that will provide me with the Firewall & Accounting features, or am I best served with a custom-built distro / other solution?

Andrew
  • 7,772
  • 3
  • 34
  • 43

4 Answers4

5

Take a look at pfsense. Based on FreeBSD.

Daniele Santi
  • 2,479
  • 1
  • 25
  • 22
  • 1
    +1 wonderful and free product. – pauska May 11 '10 at 08:46
  • The standard feature set and management interface look good - what are the traffic accounting features like? – Andrew May 12 '10 at 00:14
  • supports built-in RRD graphs, robust logging, etc. and coupled with Squid (if you have decent desktop grade hardware with good NICs), you can get a really detailed picture of usage, traffic, etc. at layer 3+. – gravyface May 12 '10 at 01:53
  • Ah, the docs wiki shows a whole heap of installable packages - Squid, BandwidthD etc. - they really need to update their features page! I'll give this a try and ask a new question if it doesn't work out. – Andrew May 12 '10 at 02:03
1

Try to use Endian Firewall Communitiy Edition it have all the features that you require. its free to use . and it doesn't require any maintenance

1

Another option is Ipfire which is based on good/old ipcop. if you like/know better iptables more than PF (like me). here is features http://www.ipfire.org/en/features

btw, i prefer PFsense & try to learn PF instead of using ipfire which is very easy for me. learning PF is also easy.

risyasin
  • 1,564
  • 9
  • 16
0

We're using debian + shorewall as firewall. It does everything you need and even more. We have different vpns on it, both ipsec and openvpn and never got problems (maybe with ipsec you have to go much deep to troubleshooting).

PiL
  • 1,591
  • 8
  • 6