DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 2nd July 2008
bichumo bichumo is offline
Port Guard
 
Join Date: May 2008
Posts: 21
Thanked 0 Times in 0 Posts
Default Decision for FreeBSD router

Hi,

Which would be the best solution for FreeBSD router with ~800 clients? The requirements are to have the ability to monitor all the traffic graphically, to be able to do traffic shapeing, to be able to disconnect users for the illegal content, to be able to block p2p... Also vpn server needed(at this time in the old environment openvpn is used). There are a lot of software, what would most of you recommend in such situation?

Thanks for any suggestions.
Reply With Quote
  #2   (View Single Post)  
Old 2nd July 2008
jb_daefo jb_daefo is offline
Package Pilot
 
Join Date: May 2008
Posts: 196
Thanked 5 Times in 5 Posts
Default

pfsense or m0n0wall? While researching
network routing, I ran across a *HUGE* howto
page for one-or-the-other (or a 3rd) of them. find
and check that (unknown) page at least...
hint: one-page-20-pages-long-with-illustrations
..........................
I just tried to find it and couldn't (online). Maybe
saved it as HTM but too many files to check...
__________________
using /LOOKAT/ with /var/db/pkg files and portmaster/aliases/pipes/find/grep to meteorically speedup port upgrades/installs...
Reply With Quote
  #3   (View Single Post)  
Old 2nd July 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

You are on a loser if you want to block all p2p. p2p systems (with the exception of bittorent, which is designed as a legitimate way to transfer legal files) try to act as standard traffic, often using the http ports in normal ways: Allow http and you allow p2p too.

Of course, what you require is a check-box solution to convince a PHB that you are doing that, so all you need is some harmless block out rules on a few common ports. Totally ineffective, or course, but that is a feature, not a bug.

(I am sorry if this came across as an insult to anyone: It was merely a statement of fact (or maybe opinion): blocking all p2p without blocking normal traffic is not possible: encryption and abusing common port numbers (25, 80, 443, 110...) will get you through.)
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 4th July 2008 at 02:12 AM. Reason: Fixing spelling mistake, and adding disclaimer.
Reply With Quote
  #4   (View Single Post)  
Old 3rd July 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

Quote:
Originally Posted by robbak View Post
You are on a looser if you want to block all p2p.
Um, if you are going to insult someone, at least do it with words you know how to spell... wow.

And BTW, with some well-written snort rules, you can block p2p traffic. So maybe it's you who's the 'looser'.

Personally, though, I wouldn't use monowall or pfsense until I had a firm grasp of the underlying technologies they use. Grabbing one of those security platforms is great, but if you don't know what makes them tick you will be the constant support slut on the mailing lists and forums, and your level of expectation will be constantly shot down.

So learn how PF works. Learn how snort works (and in which cases it's good and not-so-good.) Learn about BASE, and MRTG, and Cacti... actually educate yourself on the tools of the trade... before you pick one of those open-source platforms.

At a job we picked Astaro as a commercial firewall/IPS solution. It's not free, but it's menu/admin system is decent. Problem is, if we didn't know how to operate the underlying open-source apps it strings together behind it's glossy front-end, we'd be up the creek without a paddle a long time ago.

Go figure... actually knowing what you're doing can pay off. Huh.
__________________
Network Firefighter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cable modem + router + FreeBSD Beastie FreeBSD General 2 24th June 2009 07:58 AM
FreeBSD as firewall/router on VMware ESXi Bruco FreeBSD General 12 6th December 2008 08:37 PM
Where to go for specific freebsd router problems? borngeniusat1974 FreeBSD General 3 19th June 2008 11:21 PM
Router - recommendations for FreeBSD? ClaptonOrient FreeBSD General 17 12th June 2008 06:12 PM
freeBSD router running openospfd with failover using ifstated dk_netsvil Guides 0 21st May 2008 05:26 PM


All times are GMT. The time now is 12:47 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick