Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: vl1969 on September 13, 2013, 06:09:39 PM
-
as the subj said, is SME an alternative solution to pfSence?
can/should/need I use both?
I am setting up a home server right now.
the idea was/is to get a openSuse + Xen running and then setup pfSence VM to replace my netgear router.
my hardware have 4 NIC gigabit interfaces, 2 buildin NICs and an Intel pro dual port card
so the idea is to use the intel card as a router with pfSence provide a router/firewall functions to whole home network.
as in
myserver -- > intelNic port1 as IN-port connect to WAN(cabelvision modem) --><pfsence VM > -- pass all to intel Nic port 2 as out to lan port -->gigabit switch
than conect my build in NICs to the switch for all LAN access.
can I do all of this with SME?
-
vl1969
SME in server gateway mode supports 2 NICs by default, one for WAN (to bridged modem usually) the other for LAN (to hub or switch).
SME has a robust firewall built in, which is controlled from server manager & other contribs.
If you want more extensive control of the firewall then you need to create custom templates firewall rules, & to do this you need to know what you are doing with iptables & so on.
pfsense & other firewall distros usually give you a lot of GUI type control of all firewall parameters & a whole lot of other functionality that sme does not have in it, dual WAN, load sharing & so on.
It really depends if you need the features of a specialized firewall distro.
Usually for a home server SME is quite OK, but your local needs may dictate using another firewall.
Why do you need to replace your netgear router ?
my hardware have 4 NIC gigabit interfaces, 2 buildin NICs and an Intel pro dual port card
so the idea is to use the intel card as a router with pfSence provide a router/firewall functions to whole home network.
as in
myserver -- > intelNic port1 as IN-port connect to WAN(cabelvision modem) --><pfsence VM > -- pass all to intel Nic port 2 as out to lan port -->gigabit switch
than conect my build in NICs to the switch for all LAN access.
Sorry I do not quite follow this, please explain a little better.
-
My SME boxes are behind a standalone router in server only mode. I think it is the better option, providing a more secure setup. However SME is a very good router too. I ran SME like this for many years.
I really like pfsense. Excellent gateway and community. Devs are very conservative, so you can expect a solid deployment. PFsense is a fork of moonwalk and has the edge, IMO, in that it runs on just about any hardware and there are a host of add-on packages like http-proxy and backup DNS.
Greg
-
Why do you need to replace your netgear router ?
Sorry I do not quite follow this, please explain a little better.
Sorry was away for a while.
here is my situation more clearly:
I have a Netgear supplied router from cabelvision.
it is a good router, but #1 it runs special firmware which is not supported by anyone, even cablevision as they now have new setup.
#2 I can not even get into the router anymore as I either forgot the password or CV have updated the software and reset the password.
tried to reset the router several times to stock config but no luck.
#3 want to have option to access my server from outside but do to the fact that router is locked I can not get this setup.
also I use DynDns for outside access and the custom software seams to not support the IP update properly.
#4 it is a wireless router, but it have to sit in the basements as the CV modem need to be hooked up to it.
if I replace the router with pfSence vm I can have more control over all the settings and such.
and I can maybe move the router to some where on main floor to increase the wireless range, providing I can ever reset it and configure it as access point.