I'm going to be reconfiguring a server to run esx with a linux based firewall guest, and a windows guest.
The plan is to have the linux guest as an internet facing firewall, and the windows guest accessing all through the firewall.
Any suggestions for distro or any particular methods to go about this?
Last edited by Blastuk; 15-05-2014 at 09:34 PM.
Have you looked at PFSense or Monowall? They can act as IPS as well. You can also run them on dedicated boards LinITX amongst others sell.
I'm mainly looking at linux distros as I require iptables, more specifically, I need a way to filter depending on packet sizes.
I believe Monowall and PFSense are both based on BSD, which does not have iptables.
You could just build a linux VM, install iptables and configure it up? If you're looking for specialised distros based around linux/iptables then you're looking at Smoothwall, ClearOS and Endian (all have a community supported free version afaik)
Currently looking in to ClearOS.Originally Posted by Splash
My main concerns were with security and the size of the installation, as it will be exposed on the internet and not do much but be a firewall.
I've not tinkered with ClearOS since it was ClarkConnect, and that was a while ago - I went with Smoothwall at that point. If size is a concern then you may be better off rolling your own, but Smoothwall will run on pretty low requirements.
I'd agree, Smoothwall is probably the best of the Linux based ones. Haven't used it for a while though. There must be way to filter based on packet size in pfsense though. Can I ask why your trying to filter based on packet size? Just trying to work out if there's another way to do it.
By the way PFSense uses Pf instead of iptables to achieve the same thing. I'd argue it's more powerful, but I've used it in a number of applications in relation to my work.
Last edited by walibe; 13-05-2014 at 09:55 PM.
Funny reason really, I'm running some garrysmod servers, and there's a few DOS attacks that target the application directly; it can be easily filtered with iptables, but there's no windows solution available that I can find..
I've got several VMs installed and testing these out atm, installing smoothwall now
Managed to get ClearOS working fine.
Smoothwall just kernel panics :/
Tried both 64bit and 32bit, and tried alternative scsi device.. oh well.
I've had kernel panics with that trying to run 32-bit on certain hardware that didn't want to be 32-bit I guess
Settled on ClearOS, seems to work just fine
Couldn't get Smoothwall to work in any 32/64bit combo, so didn't get to test that at all .
Good stuff - might have to reinvestigate it in that case.
Only issue I ran in to and only after I went live with the firewall was, I tried to install it on as small a drive as I could, it used 4GB for the swap volume and less than 2Gb for the root volume.
It ran out of disk space and started wiping the configs when I tried to change anything, and then the mysql server that manages all the settings decided to constantly log errors that it was out of disk space.. taking up more space
Figured out a way to resize the swap and add it to the root volume without a reinstall or downtime. /phew
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote