Another PFSense+FreeNAS argument
-
So obviously nobody cares about the benefits that I've identified and pointed out.. Improved security, reliability, and reduced attack footprint. I'm forced to question the strength of those attributes when the community diverts attention away from the subject at hand when those issues are challenged.
-
It's not that people don't care about those things obviously security and reliability are high priorities for pfSense users.
I could imagine a product that was configurable as either a firewall or a NAS at install using a shared base. It should not be possible to install both on one system IMHO. I don't know how FreeNAS people would feel about that but presumably there is a reason they haven't included any firewall/router features.
I cannot imagine combining the two projects at this stage though. It may have been possible when both projects were in their infancy but the work required to do it now would be huge. Would it be worth it?
The other thing is that if you ran a diff against both projects to find the commonality between them what is left is pretty much just FreeBSD. Just how much code could be combined between the two usefully? Webgui? Package system? Both projects contribute code back to FreeBSD so code is shared that way.Steve
-
I can understand where you're coming from. I've beeen a pfsense user since early 2.0.x and also run a local NAS. I would never think of combining my firewall/router w/ my NAS as many others have said. That being said, I understand that you think combining pfsense and a Nas appliance into one would allow multiple deployable scenarios. While true there would have to be a common base, as someone pointed out, and lord knows what that would mean, not only security wise or otherwise. Yes having both on 1 iso to choose from would be convenient, but the old saying goes - security or convenience, pick one.
I will say though, your proposal was nice. Try to take some of what everyone has said to heart - they're all very knowledgable people with good points. Look around, there aren't any other top notch fw/router appliances with a file server onboard - that has to tell you something. -
So obviously nobody cares about the benefits that I've identified and pointed out.. Improved security, reliability, and reduced attack footprint. I'm forced to question the strength of those attributes when the community diverts attention away from the subject at hand when those issues are challenged.
The problem is the gains are all one sided. For a NAS, they are all gains – improved security from having a firewall, reliability is questionable but possible.
For pfSense, they are all losses. Security is reduced by having more services. Reliability is reduced. Attack footprint is increased.
-
I would rather see a pfCenter application that will allow multiple pfSense boxes to be managed and configured from one application/appliance
My two cents.
-
I mean, Windows Server 2008 R2 can host both a Domain Controller role and an Exchange Server role, but it'd be silly to combine the two.
Regarding firewalling FreeNAS, I plan on using a dedicated "Server" interface to connect all internal servers to pfSense, separate from my "LAN" interface which I'm only using for clients. That way FreeNAS still has a network-based firewall (pfSense) it just doesn't have an onboard host-based firewall. There might be a way to use the FreeBSD pf firewall (sans pfSense), but not sure how that would work.
-
That is not even close to the same thing - and yes many companies use DC as their exchange box - SBS is designed to do that.
Lets talk apples to apples here for gosh sake.
-
I loved the idea of pfsense + freenas since it kills 2 birds with one stone, but even I have to admit pfsense requires to be simple and kept as a firewall.
Adding features like Nas or further addons can complicate it and no doubt leave it more open to attacks and instability.
Pfsense is best kept as Pfsense
If people require a Nas, freenas is free or take a look at XPEnology which is a free version of synology nas os, and combine it with the HP G7-N54L which you can still get good cash back deals on I think roughly around £130. The unit can take a modded bios to uncap the satas to full speed and accept 3tb or 4tb hdds I hear also.
Beats paying £500 for synology nas and job done in £130, so fraction of the cost.
-
I'm late to the party, and I'm a nobody but I think the idea of combining projects is a terrible one.
1. In a firewall / router type situation, wasting all that ram/CPU on ZFS seems like a dumb idea. I want nothing to do with ZFS on my firewall. I want all resources dedicated to providing network services, and as fast as possible.
2. doesn't FreeNAS allow jails now? Seems like you could attack this problem a lot easier from the other direction.
3. combining projects does not guarantee everyone will stay. Some of the people working on FreeNAS probably want nothing to do with network services, and may see the combination OS as a dilution, and therefore leave.It seems the idea of combining projects is appealing to people having to run two VM's at home. Those of us not using these projects in a home setting do not want them combined.
-
I run vms at home - and I am against such a joining as well. Don't see any reason that makes sense. It makes more sense to just fire up a VM and use an OS/Distro geared towards being a NAS vs using my firewall to provide my storage.
I just can not see a reason why anyone would do or want such a thing to be honest.
If they want such a box maybe they should look to something like http://www.clearfoundation.com/Software/overview.html which is one of those Do everything Distros - acts as your gateway while also being your storage, LDAP, email server, etc.. etc..
Just because pfsense and freenas share a common core OS freebsd does not mean they need to join forces ;)
