Topic: SME or pfSence or both ?

[vl1969]

as the subj said, is SME an alternative solution to pfSence?
can/should/need  I use both?

I am setting up a home server right now.
the idea was/is to get a openSuse + Xen running and then setup pfSence VM  to replace my netgear router.
my hardware have 4 NIC  gigabit interfaces, 2 buildin  NICs and an Intel pro dual port card

so the idea is to use the intel card as a router with pfSence provide a router/firewall functions to whole home network.

as in

myserver -- > intelNic port1  as IN-port connect to WAN(cabelvision modem) --><pfsence VM > -- pass all to intel Nic port 2 as out to lan port -->gigabit switch
than conect my build in NICs to the switch for all LAN access.

can I do all of this with SME?

[janet]

vl1969

SME in server gateway mode supports 2 NICs by default, one for WAN (to bridged modem usually) the other for LAN (to hub or switch).

SME has a robust firewall built in, which is controlled from server manager & other contribs.
If you want more extensive control of the firewall then you need to create custom templates firewall rules, & to do this you need to know what you are doing with iptables & so on.

pfsense & other firewall distros usually give you a lot of GUI type control of all firewall parameters & a whole lot of other functionality that sme does not have in it, dual WAN, load sharing & so on.

It really depends if you need the features of a specialized firewall distro.

Usually for a home server SME is quite OK, but your local needs may dictate using another firewall.

Why do you need to replace your netgear router ?

my hardware have 4 NIC  gigabit interfaces, 2 buildin  NICs and an Intel pro dual port card
so the idea is to use the intel card as a router with pfSence provide a router/firewall functions to whole home network.
as in
myserver -- > intelNic port1  as IN-port connect to WAN(cabelvision modem) --><pfsence VM > -- pass all to intel Nic port 2 as out to lan port -->gigabit switch
than conect my build in NICs to the switch for all LAN access.

Sorry I do not quite follow this, please explain a little better.

[gzartman]

My SME boxes are behind a standalone router in server only mode. I think it is the better option, providing a more secure setup.  However SME is a very good router too.  I ran SME like this for many years.

I really like pfsense.  Excellent gateway and community.  Devs are very conservative, so you can expect a solid deployment.  PFsense is a fork of moonwalk and has the edge, IMO, in that it runs on just about any hardware and there are a host of add-on packages like http-proxy and backup DNS.

Greg

[vl1969]

Why do you need to replace your netgear router ?
Sorry I do not quite follow this, please explain a little better.

Sorry was away for a while.

here is my situation more clearly:
I have a Netgear supplied router from cabelvision.
it is a good router, but #1 it runs special firmware which is not supported by anyone, even cablevision  as they now have new setup.
#2 I can not even get into the router anymore as I either forgot the password or CV have updated the software and  reset the password.
tried to reset the router several times to stock config but no luck.
#3 want to have option to access my server from outside but do to the fact that router is locked I can not get this setup.
also I use DynDns for outside access and the custom software seams to not support the IP update properly.
#4 it is a wireless router, but it have to sit in the basements as the CV modem need to be hooked up to it.

if I replace the router with pfSence vm I can have more control over all the settings and such.
and I can maybe move the router to some where on main floor to increase the wireless range, providing I can ever reset it and configure it as access point.