-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Feb 26, 2013 at 02:16:26PM -0500, Charlie Derr wrote:
> Greetings, Does anyone has information to share (either positive or
> negative) on using pfsense on a linux machine as a gateway router?
A quick note:
pfSense is a completely contained operating system based on FreeBSD;
it's a totally different operating system that is derived directly from
the BSD code of yore versus Linus's Linux kernel and the GNU utilities.
> We don't need complicated firewalling (we have a couple Cisco ASAs that
> are serving that role just fine for the moment). We'd like to have
> the option of a 2nd upstream (so that we can multihome) in the future.
> Currently we have 75mb/s connection, but we'd like to have the ability
> to stay with whatever device we choose to replace our edge router
> through at least several hundred mb/s. We are explicitly interested
> in any experience with paid support for a pfsense device and pros and
> cons of purchasing something prebuilt vs. throwing a linux box
> together (and buying spares for all the critical components).
80% of our traffic passes through FreeBSD routers performing NAT (30k
devices on the inside and two /24s on the outside) and basic packet
filtering with pf (FreeBSD + pf + some custom modifications = pfSense).
Our FreeBSD machines have multiple uplinks with local scripts that can
change the default route based on upstream availability and link state.
We have pushed 600 Mb/s through one router at peak usage with no issues
- -- copper on one side, fibre on the other -- and if we had the bandwidth
I would have zero issues with passing a couple of gigs of traffic
through those machines (R610s).
If you seriously want to consider that route, and want some help with
a test environment, contact me off-list. If you want a "nudge" towards
setting things up in a completely contained virtual machine environment,
I have some basic documentation written:
FreeBSD + pf (ignore the title, it's part of another project):
Setting up a virtual lab in general:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.