• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense or m0n0wall

Off-Topic & Non-Support Discussion
4
12
8.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    far_ken_beauty
    last edited by May 7, 2007, 5:25 AM

    Hi,
    I have been looking at both pfsense and m0n0wall and am little confused on which to go for?
    Is there any advantage using freeBSD 6 compared to 4? Apart from hardware support? Is one more secure or faster at processing packets than the other? I see that m0n0wall is heading to freeBSD 6.2. http://m0n0.ch/wall/beta-1.3.php
    I would like to setup the firewall to utilise my home ADSL connection that hosts a web and mail server. Not huge traffic although.

    I have a mini-ITX motherboard with a 1.2 Ghz via eden CPU and 1Gb of DDR ram. It also has a quad port dlink network card.
    I can install a notebook hard drive or I can run m0n0wall from a usb memory stick.

    I also play a few games at home like Call of duty 2 and would like the traffic from this game to have higher priority than other traffic such as web and P2P. Will both m0n0wall and pfsense do this suitably. Is one better than the other in this sense.  ;D

    I would also be using the dyndns function.

    Many thanks.

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by May 7, 2007, 6:16 AM

      The primary difference is the feature set. What you're looking at doing is suitable for either/or, and your hardware is fine for either/or. So, it becomes a matter of personal preference, and what you may want or need to accomplish in the future.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by May 7, 2007, 6:24 AM

        Like Chris already said, for your scenario both will get the job done nicely. m0n0wall aims more at low end platforms where pfSense doesn't restrict it's featureset to run on this kind of hardware (your hardware is not low end). pfSense offers a lot of features that you probably don't need currently but they might be handy in the future. Also some things at the backend are completely different (like the trafficshaping which therefore works completely different in the webgui as well). If you have some time have a look at both and pick the one that you get along with better. As you don't need features that only one of the system provides it's really your own decision what you feel more comfortable with.

        1 Reply Last reply Reply Quote 0
        • F
          far_ken_beauty
          last edited by May 7, 2007, 8:01 AM May 7, 2007, 7:46 AM

          Many thanks for your quick and kind replies.
          Yes, the ability to add companents down the track is a draw card.

          You say that things like traffic shapping runs completely different in the backend. Does it run more efficeint and effectively in comparison to m0n0wall?

          Because of the higher hardware requirements of pfsense in comparison to m0n0wall, does m0n0wall analyse and deal with the packets quicker than pfsense? Or does pfsense do it better and because I have desent hardware it will actually work faster?

          Sorry for the maybe obvious questions but I would just like to know as much as I can before I dive in.  ;D

          Also I am using NAT on my adsl modem/router and I assume I should just open everything up on the adsl router and let pfsense or m0n0wall deal with the NAT rather than having the packets re-direct twice. Once from the adsl modem to the pfsense/m0n0wall machine then to the internal server. Just have it straight through to the pfsense/m0n0wall machine and have it re-direct once only.

          Amazing software by the way!  ;)

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by May 7, 2007, 8:02 AM

            At least when using FreeBSD 6.x (m0n0 1.3 betas) it's not any faster than pfSense anymore (from my tests). So unless you use a m0n0 version prior 1.3beta it's not faster than pfSense.

            Trafficshaping is depending on what you want to do. There are things that m0n0's shaper can do (for example per user bandwidth limits) that pfSense's shaper can't and vice versa. For most things I prefer the pfSense shaper but there are some applications where I use a m0n0 too.

            It's really not a question wether m0n0 or pfSense is better, it depends on the job you need to get done.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by May 8, 2007, 5:43 AM

              To be fair - it seems there's a decent number of people who have used both traffic shapers who think m0n0wall's is vastly superior. The consensus amongst the pfsense developers is that isn't the case if you have it setup properly. My opinion? I don't know - I've never had good results with the m0n0wall shaper, and haven't really messed with it a whole lot, and have actually never even enabled the pfsense traffic shaper. I don't use shaping on my networks.

              As for taking the NAT off your DSL modem, you'll definitely want to do that. Otherwise you'll be double NAT'ing and that can cause issues with NAT-unfriendly protocols, like FTP, amongst others.

              1 Reply Last reply Reply Quote 0
              • S
                sai
                last edited by May 9, 2007, 4:46 AM

                the m0n0 traffic shaper is probably easier for most people to set up and understand. pfSense shaper allows you much more control (the theoretical underpinings are much more complex) but I have not been able to use it because I do not understand how to.

                FreeBSD 4 will give you much better throughput.

                mono is low end hardware, embedded. "pure" firewall.
                pfSense is modern hardware, lot more features.

                1 Reply Last reply Reply Quote 0
                • F
                  far_ken_beauty
                  last edited by May 9, 2007, 5:16 AM

                  By throughput do you mean less latency or just higher amount of sustained data flow on lower end hardware or both?

                  Is m0n0wall (free BSD 4) likely to have a lower latency on processing packets than pfsense? or if you have descent hardware pfsense is the same or better?

                  1 Reply Last reply Reply Quote 0
                  • S
                    sai
                    last edited by May 9, 2007, 8:13 AM

                    I dont know about latency - never tested. I meant sustained FreeBSD4 has better data flow with low end and medium type hardware.

                    1 Reply Last reply Reply Quote 0
                    • F
                      far_ken_beauty
                      last edited by May 9, 2007, 10:22 AM

                      Anybody know any details on latency between m0n0wall and pfsense?

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by May 10, 2007, 12:09 AM

                        It's not a matter of latency, or speed of processing packets, etc. That won't differ. Your CPU will be your first bottleneck on either, and if/when it's maxed out, your latency will increase with either.  It's just that it takes less bandwidth to max out pfsense than m0n0wall 1.2. In a couple months when m0n0wall is at 1.3 release, they'll be equal.

                        Though with most typical broadband connections of less than 10 Mb, any CPU will be fine.

                        1 Reply Last reply Reply Quote 0
                        • F
                          far_ken_beauty
                          last edited by May 10, 2007, 12:30 AM

                          cheers  :D

                          1 Reply Last reply Reply Quote 0
                          10 out of 12
                          • First post
                            10/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.