recycled PCs as m0n0wall WAN/VPN routers - worth messing with?
October 2, 2008 4:33 PM Subscribe
ITfilter: Thinking about a new firewall/WAN VPN router - should I bother trying to roll my own with m0n0wall?
Thinking about a project to put in hardware firewalls for 3 up-til-now independent sites who don't want to consolidate but need to start having secure WAN tunnels between, with some traffic monitoring tools for "okay, which one of you is killing our bandwidth" days, port blocking, etc.
I'm sure we've got some old workstations that can be recycled into m0n0wall boxes, but no so sure it's worth the time & hassle to do myself vs. buying commercial equipment. Boss likes cheap; I like free time and minimal stress migraines.
Note: I'm sometimes clever, but I've got no freeBSD or router hacking experience to build on. Going in cold.
Anyone had experiences with m0n0wall they'd care to share?
Thinking about a project to put in hardware firewalls for 3 up-til-now independent sites who don't want to consolidate but need to start having secure WAN tunnels between, with some traffic monitoring tools for "okay, which one of you is killing our bandwidth" days, port blocking, etc.
I'm sure we've got some old workstations that can be recycled into m0n0wall boxes, but no so sure it's worth the time & hassle to do myself vs. buying commercial equipment. Boss likes cheap; I like free time and minimal stress migraines.
Note: I'm sometimes clever, but I've got no freeBSD or router hacking experience to build on. Going in cold.
Anyone had experiences with m0n0wall they'd care to share?
I've been perfectly happy with the m0n0wall installation I use at work to bubble off the publicly accessible conference rooms from the LAN. It works more or less as you'd expect. I run it in a virtual machine on a host that's trunked to the core switch, but it'd work just as well on dual homed hardware. By default it comes up as a plain old NAT router.
However, if you're thinking of dropping a physical box at a remote site, you might want to consider something with lower power requirements such as one of the embedded Linux type router boxes.
posted by majick at 5:27 PM on October 2, 2008
However, if you're thinking of dropping a physical box at a remote site, you might want to consider something with lower power requirements such as one of the embedded Linux type router boxes.
posted by majick at 5:27 PM on October 2, 2008
I've had good experiences with m0n0wall as well as pfsense, which is a more-featureful fork of it. I don't think you'd have any trouble getting it running and working the way you want. Remember, though, that old hardware is less-reliable hardware, so you'll probably be going to the remote sites 3-4 times as often as you would with a dedicated commercial router. If they're in your city, that's probably not that big a deal, but if they're more remote, I would go with the commercial stuff.
posted by pocams at 7:52 AM on October 3, 2008
posted by pocams at 7:52 AM on October 3, 2008
Best answer: Don't have any experience with m0n0wall, BUT:
I've had good experiences with Smoothwall (the community edition). You can definitely "set it and forget it" i.e. not a huge administrative overhead.
There's a lot of options out there for this kind of thing today, but if I was gonna build one today I'd probably go with Endian, though, if only because they roll in OpenVPN.
posted by word_virus at 7:29 PM on October 3, 2008
I've had good experiences with Smoothwall (the community edition). You can definitely "set it and forget it" i.e. not a huge administrative overhead.
There's a lot of options out there for this kind of thing today, but if I was gonna build one today I'd probably go with Endian, though, if only because they roll in OpenVPN.
posted by word_virus at 7:29 PM on October 3, 2008
« Older How many peanuts are in a Snickers bar? | What is the origin of the phrase "by the balls"? Newer »
This thread is closed to new comments.
posted by DJWeezy at 5:05 PM on October 2, 2008