Back to article
4 Linux and BSD Firewall/Router Projects
pfsense and m0n0wall
September 7, 2010
4 Open and Free Firewall/Router Projects
Here we'll look at four different firewall/router projects from the open source community:
pfSense is a customized distribution of FreeBSD. It actually started in 2004 as a fork of the m0n0wallproject. However, it concentrates more towards full PC installations, where m0n0wall is more towards embedded hardware.
pfSense can be considered as a popular package, as it has more than 1 million downloads. It can be used in homes or in large corporations and organizations. It's available as a Live CD, hard drive installation, or embedded.
pfSense has low system requirements; 100 MHz Pentium CPU and 128 MBs of RAM. The Live CD requires a CD-ROM drive and a USB flash drive or floppy drive for storing the configuration file. The hard drive installation requires a CD-ROM for the initial installation and at least 1 GB hard drive. The embedded version requires a serial port for console and at least a 128 MB Compact Flash card.
pfSense, of course, includes a powerful firewall, including the ability to filter based upon the passively detected operating system. Its state table can be finely customized. It can do Network Address Translation (NAT) and load balancing of multiple WAN connections. It has a DHCP server and relay functionality.
Other important features include redundancy and synchronization, captive portal, and the support of three VPN solutions: IPsec, OpenVPN, and PPTP.
pfSense includes great reporting and monitoring features. RRC graphs show historical values of CPU utilization, firewall states, throughput, and more. There are also SVG graphs showing the real-time throughput of interfaces.
m0n0wall is also based from FreeBSD. This firewall project is designed for use with embedded x86-based PCs. However, it is possible to run m0n0wall on most standard desktop PCs.
m0n0wall officially supports the embedded net48xx/net55xx systems from Soekris Engineering and the ALIX platform from PC Engines. It requires at least a 16 MB Compact Flash (CF) card and they recommend using at least 64 MBs of RAM.
Getting m0n0wall running on an embedded system just takes downloading an image and writing it to a CF card. For desktop PCs, you can be write a disk image to a small IDE hard drive or CF card, or use the CD-ROM and floppy disk version. A VMware image is also available.
The entire system configuration is conveniently stored in one single XML text file, eliminating multiple text files parsed in a shell script. m0n0wall can completely boot up in less than 25 seconds after hitting the power button. On embedded platforms it provides a WAN to LAN TCP throughput of more than 50 Mbps (including NAT), and with newer PCs you can see 100+ Mbps.
The firewall provides stateful packet filtering and supports Network Address Translation (NAT). It also features a DHCP server and relay support. It supports VLANs and IPsec and PPTP VPNs. It even features wireless support for certain chipsets to create an access point (AP).
Other important features include a captive portal, SVG-based traffic graphing, SNMP agent, DynDNS client, and Wake on LAN client.