Three Excellent Linux Router Distros + 1 BSD
Special purpose appliance distributions are one of the things that Linux does extremely well. You can find any number of task-specific appliances from either Turnkey Linux or on the VMware Virtual Appliance marketplace. Another option is to roll your own with a service like Novell's SUSE Studio. In this article we'll take a look at four different specialized distributions targeted at the job of an Internet firewall or traffic router. Our list of candidates for this job includes Clear OS, m0n0wall, Untangle and Vyatta. We'll give you a quick introduction to each along with some context to help steer you in the direction that makes the most sense for your application. Each one has its own set of features and distinctive, and we'll try to highlight those for you.
The first thing we need to do before we get started is to define what a router is or does. In the most basic sense of the term, a router forwards packets from one network to another. To really understand what's going on you need to picture how Internet traffic moves from one computer to another. If you do a Google search for OSI 7-layer model, you'll find any number of pictures and references describing network traffic as it happens from the lowest layer (physical) up to the highest layer (application). Most routers typically sit at layer 3 since they use an IP address to make decisions on what to do with the data. Most firewalls typically involve the basic functions of a router along with filtering and physical separation, meaning two separate network connections, to do their job.
First up is Clear OS, defined on their website as "a powerful network and gateway server designed for small organizations and distributed environments." Clear OS is based on the Cent OS distribution which in turn is based on the open source version of Red Hat Enterprise Linux. The latest stable release is version 5.2, although version 6.0 is in the final stages of testing prior to final release. Many familiar open source projects such as Apache, ClamAV, DansGuardian, Snort and Spam Assassin do the heavy lifting, running on top of Cent OS.
What you get with Clear OS is an enterprise-quality OS, a laundry list of established open source anti-virus and firewall tools, coupled with a community-based support system focused on any number of different deployment scenarios. Clear OS has an international following and counts many not-for-profit organizations in its list of satisfied customers. They have an active community page and an extensive user guide. A developer page provides insight into current and proposed applications that are part of the Clear OS distribution.
Small is the theme with m0n0wall. In fact, the current version of m0n0wall only needs 12 MB of disk space. The obvious target for m0n0wall is the small, embedded device focused at protecting a small workgroup or home network. m0n0wall is based on a customized version of FreeBSD along with a short list of extras to perform all the necessary firewall functions. It uses a tiny web server to provide a web-based user interface to manage all its functionality.
m0n0wall is no slouch when it comes to performance either. It can easily handle a single 50 Mbps pipe with embedded hardware such as a net4801 or WRAP and up to 100 Mbps on relatively recent PC hardware. That's more than enough to protect your typical Internet connection. This solution could be really cost effective for protecting remote offices or for work-from-home employees.