Thinking about converting from smoothwall

Guest

Yea I have been with smoothwall for about 4 years now.  Over the last year it seems like it has died some.  Alot of of the mod developers have disappeared and stopped supporting the mods that they made.  I am not a programmer but I (have no life and) try to help out as much as possible.  I feel that with the lack of developers I no longer have a purpose on there.  And I think that it is just time for a change.  AND I have recently gotten another internet connection and smoothwall does not support multi wan.  I was going to make a mod for it but screw it.

Anyway.  Before I tare down my firewall box (350mhz pII with 384mb ram) I figured I would ask on here just  to make sure that pf will have what I need.  My firewall is just home use, with normally just me browsing the web.

What I NEED

QOS:  Right now the mod for smoothwall works like this
Basically I need source port 80 on my web server to have fairly high priority and the rest of the ports on the web server to have the lowest priority.  The default class needs to have higher priority then the other ports on the webserver.  I also need to be able to give high priority to udp.  Can the traffic shaper in pf do this?  From what I see I am thinking yes.  Also need to be able to set min and max speeds for classes.

Multi WAN:
I have 2 internet connections.  One is 768/128, the other is 5000/384.  The 5000 one will be over wireless and is already firewalled and using nat.  Hopefully I will be able to route traffic that needs to have forwarded ports (emule, bit torrent) to the 768 connection that I have control over.

Squid:
Gotta have it, love it

What would be nice to have:
Some way to actively block ip addresses that port scan my wan ip's or do other malicious things.  Similar to the smoothwall mod: http://community.smoothwall.org/forum/viewtopic.php?t=8206

Hmm I think that is about it.  I am excited about the perhaps new changes that lie in store for me.  So will I be able to ditch smoothwall?

I know you forum regulars get tired of answering questions like this.  But what would take someone 2 minutes to answer, would take me all weekend to find out.

Anyway, this will probably be the only question I will ever ask, I swear!

hoba

QoS:
pfSense has build in QoS. You should get started with what the wizard creates. Then modify/add rules like you need. It workdifferent than the shaper in smoothwall but you should get most things handled. The only limitation currently is that the shaper doesn't work well with multiwan. This is more or less a gui/wizard issue. I have heard of people running multiwan with trafficshaping but it's not trivial to setup.

MultiWAN:
you can use policybasedrouting as well as loadbalancing including dead link detection (you can failover to the other line and the dead link will be excluded from the balancing for the time the link is down).

Squid:
There is a squid package but it can't make use of multiwan. It will always use the link at the WAN Interface.

Nice to have:
There is a snort package with the option to block offenders temporarily when an attack is detected. However Snort requires some fair amount of RAM to run. The more detection rules you have enabled the more it is hogging your ram. You shouldn't consider running snort with less than 512 MB, when using lots of rules even more.

The InstallerCD is a LiveCD as well, so you can have a look and test pfSense without installing it. The only thing that you will miss is the package support while running in livemode (Snort/Squid).

Guest

Thanks for the reply.

Yea I know snort can be a hog.  If you play with the config file you can get it down to about 30-40mb max ram usage though

hoba

If you know how to make it run on such low specs please post the info. We might consider adding an ultralow memory option to the gui if possible. Please also let us know sideeffects when running with such a config.

Guest

@hoba:

If you know how to make it run on such low specs please post the info. We might consider adding an ultralow memory option to the gui if possible. Please also let us know sideeffects when running with such a config.

Well now that I did my adding I see snort is closer to 50-80mb of ram usage.  I rarely see it go over 15% mem usage and I have 384mb total.

Besides just adding "config detection: search-method lowmem" to the snort.conf file, I also just cut the default mem caps in the conf file in half.  Like these:

preprocessor flow: stats_interval 0 hash 2 memcap 8000000
preprocessor frag2: memcap 2194304
preprocessor frag3_global: memcap 2194304
preprocessor frag3_engine: policy windows detect_anomalies
preprocessor stream4: disable_evasion_alerts, detect_scans, memcap 4394304
preprocessor sfportscan: proto  { all }
                        memcap { 5000000 }
                        sense_level { low }
logfile { /var/log/snort/portscan.log }
ignore_scanners { $HOME_NET }

Of course this is snort 2.4.3.  I am not sure what version pf has.

yoda715

We are running 2.6.1.3

Guest

@sdale:

We are running 2.6.1.3

I look forward to playing with it  ;D