Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I am currently doing personal research for network designs / solutions and evaluating the pros and cons of using open source options for firewalls and routers compared to products ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2009
    Posts
    3

    linux firewalls and routers vs professional/enterprise products


    Hi,

    I am currently doing personal research for network designs / solutions and evaluating the pros and cons of using open source options for firewalls and routers compared to products by Cisco / Juniper / etc. Some questions I have for people are:

    Are you using linux/bsd as a firewall or router in your production network?

    What are some of the reasons you decided to use linux/bsd vs Cisco or some other solution?

    Is your solution setup to be redundant? If so what are you using?

    How stable and reliable have you found your setup to be?

    Are there ways to build a linux/bsd firewall / router to be as reliable as an embedded system like a PIX or Cisco Router?

    Does a linux/bsd firewall or router solution scale well as the network grows? Mainly is there an easy way to manage multiple systems or do you have to manually adjust each system?

    The reason for all the questions is that I am currently building out a network for a small telecom business and when I look at having to rely on Cisco (or other) products for routing and firewall, the prices stack up quickly and I honestly dont need the majority of the features they provide. My goal would be to build a redundant OpenBSD firewall using CARP (yes I know BSD isnt linux) and use CentOS (or other distro) for routing with multi-gigabit NICs to provide redundant gateways for various telephony applications/servers.

    My only concerns are how reliable these servers would be in a production environment. Naturally I can use redundant PSU's, RAID-1 mirror (or CF cards) for hdd reliability, ECC memory, and HA cluster applications to ensure high availability. I am just curious how stable people have found these systems to be.

    I am under the assumption that if I compiled a very minimal kernel or only installed the bare minimum apps I should come up with a pretty stable system provided my apps are built stable/clean and dont core all the time / memory leaks, etc. I am wondering if its unrealistic to see such a server see uptimes of 2+ years minus any hardware failures. Has anyone out there seen these types of setups run for over a year with no issues?

    Any feedback or questions welcome. Thanks

  2. #2
    Just Joined! vishesh's Avatar
    Join Date
    Jul 2009
    Location
    Delhi
    Posts
    36

    linux

    linux firewall can satisfy your basic need of ip filtering and connection tracking. But it can't replace a statefull dedicated firewall. I am using linux firewall for a department where medium level security is required.

    thnks

  3. #3
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,756
    Vyatta is an up and coming competitor to Cisco that uses commodity hardware and opensource OS'es.

    Vyatta is using open hardware and software technologies to revolutionize the network infrastructure market place, delivering incredible performance at unbelievable price points. Using Vyatta software and appliances, you can create routing and security solutions for your business that can scale from the branch office to the service provider edge for a fraction of the cost of proprietary alternatives. Join the 25,000+ network and security professionals that download Vyatta every month to connect, protect, and optimize their networks, their way.

    But it can't replace a statefull dedicated firewall.
    Not true.

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by vishesh View Post
    linux firewall can satisfy your basic need of ip filtering and connection tracking.
    It can do more then that.

    But it can't replace a statefull dedicated firewall.
    You are aware that iptables firewalls can be setup to do statefull inspection right? It also can be a dedicated device too.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined!
    Join Date
    Aug 2009
    Posts
    3
    I guess what I am trying to find out is if I were to build say a redundant linux with iptables or OpenBSD with pf firewall with commodity hardware/redundant/limited moving parts how reliable it would be. Both iptables and pf would serve fine for my needs, I just wonder what kind of uptime people have seen with these types of setups (barring colo/environmental problems). I guess the best way is to build and test under load.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •