Install other Linux software besides pfSense?



  • Hello,
    is it possible to install other linux software besides pfSense? It may sound unusual, but I put a 1.5TB HDD in my SuperMicro Atom server, and I want to run both pfSense and a file server from it (for the LAN) for some infrequent backups. Can this be done?

    Thanks! subar



  • There is no package for it and the general opinion is to let a firewall be a firewall. That is based on the reasonable statement that the more you add to it, the bigger chance for security holes. pfSense is based on FreeBSD without any unnecessary files.
    IMO if you are a home windows user I would not be that concern about it as the bad guys will go for the low hanging fruits.
    As there isn't any smart/good ssh virtual in jail application out there to my knowledge I did use pure-ftpd at one point.
    As for samba goes do a search though I don't remember anyone dared presenting a working solution :)

    As a side note:
    So is this Linux? …or, what is FreeBSD?
    http://bit.ly/fHSsY7 but do vote http://bit.ly/eCr9kE



  • Hi Perry, thank you for your reply!

    I understand the security concerns, but couldn't I lock down the FTP portion to the LAN port only using pfSense and therefore not worry about security issues?

    I'm not a FreeBSD expert, but I'd really like to install both a simple FTP server and if possible Cacti on the Atom/SuperMicro SuperServer and make it my firewall-miniftp-logging box. The machine isn't really capable of virtualizing (way underpowered anyways) so I'd need a way of natively doing that on the pfSense/FreeBSD platform.

    By the way, this is for a low-security business network, not at home. I understand your opinion on keeping the minimum install but I think if I lock it down using pfSense then I can still secure it and installing these apps would help me save a server (significant space, energy, money savings). Thanks!



  • Regardless of your security stance, running non-critical, non-security related software on a firewall is an extremely bad idea. You're going to be hard pressed to find someone willing to help you shoot yourself in the foot.


  • Netgate Administrator

    Wouldn't an accepted solution in this instance be to run pfsense virtualised along with, say, FreeNAS also virtualised?
    I've never tried this but it seems to be want all the cool admins are doing these days!  :D

    Steve



  • Complexity is also the enemy of security (and reliability). If the guy needs a file server, why should he be forced to use three OSes (bare metal and two VMs), a hypervisor, some virtualised networking between the VMs, and beefier (and therefore hotter) hardware to do it, when he could just use a puny box, one OS, and the firewall and file server directly within it? I guess someone thought that about FreeSWITCH (great feature!) at some point, too.

    Just pointing out that there are two sides to the coin, and sometimes different answers for different needs.


Locked