Andrew Schwabe's Blog - Firewall

pfSense 1.2.2 Success

Mon, 02 Feb 2009 13:12:00 -0400

I have been looking at open source firewall/router solutions for a while, and my list of requirements has been pretty steep. In particular, any solution I give a recommendation to would need to support WAN load balancing and SIP (for VOIP phones). I also recently added dynamic DNS to that list. Today I am pleased to say that I have a working solution using pfSense 1.2.2 (http://www.pfsense.com/). I had done a comparison between pfsense and vyatta a while back, and found issues with both that prevented it from being a solution I can recommend. [More]

Setting up a SFTP Server on Windows

Thu, 11 Dec 2008 13:55:00 -0400

I have been working with SFTP (FTP over Secure Shell, so is thus encrypted), and needed a free or low cost solution to setup an SFTP server on windows (not to be confused with FTPS, which is a bit different). I came across this great blog entry from www.digitalmediaminute.com, so this information comes from them with a few minor updates from me. This tutorial will help you turn your Windows based system into a SecureFTP (SFTP) server. Background Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure. [More]

Open source routers for WAN load balancing

Sat, 19 Jul 2008 02:00:00 -0400

Get ready for acronym overload.

A while back, I write a blog entry about pfSense, and mentioned that it was a worthwhile project. Now I want to mention Vyatta, which is another open source router project. While pfSense is based on BSD and has a fancy web interface, Vyatta is based on Linux, and only has CLI (command line interface).

As a general rule the CLI is not really a huge problem for me, especially since Vyatta has a PDF reference manual outlining the different commands.
[More]

pfSense - Router OS

Tue, 02 Oct 2007 20:50:55 -0400

I recently started evaluating load-balancing solutions for our small office. Verizon seems to never have a clue, and loves to spontaneously shut accounts down for no good reason, and without warning. For any of your Verizon DSL or FiOS users -- beware!

I have begun evaluating a hardware device called the HotBrick LB-2 which supposedly is designed specifically for taking two WANs and load balancing traffic (with failover). Exactly what I want. While looking at prices, I came across discussion of an open source project called pfSense.

Now normally I will consider open source for applications I can customize, but I never really considered running something like this in place of our router or firewall.

Documentation is scarce, but I have been discovering some impressive things about pfSense:

It is based on m0n0wall -- an excellent BSD router OS with a web management interface
It can be run off a Live CD !!!
You can set it up to run in production off the live CD and save your changes to a USB key (no hard drive!!!)
It has built in support for load balancing WANs
It has built in QoS (Quality of Service) weighting, and it works for VOIP (Voice over IP)

All of these things add up to something that is a lot less scary... sort of...

I am impressed enough that I will being a new project on the side (yeah, that means it will take a while) to setup a pfSense box for our office. I expect my specific challenges will be around configuring the DMZ for our servers, which use static IPs on ONE of our WANs. Once its load balanced, hopefully incoming traffic will go to the right place for the DMS, and outgoing (and VOIP phones) will be load balanced both ways.