<< TOC - Linux, Apple, and TOC - Linux, Apple, and MS | Home | Starbucks and IT >>

RSS | Atom | E-mail

Links:

Tags | Advanced Search

Tags

Recent Blog Entries

Nikon NIkkor 24-70mm -- great lens or great waste ?
$1,600 for a few pieces of glass to attach to the front of my camera, and I feel extremely torn. I sit here late Friday night ( after the kids have finally drifted off to sleep ), considering the good, the bad, and whether this purchase was ugly.. ...
DRIVERS me crazy
To save someone the annoyance, I will give the simple answer up front, with a story to follow. If you have a Mac running any version of OSX, and own a Dell 2130cn color laser printer, there is no driver available. However, you can easily use the driver ( ...
A Porting experience
I just ported several of our applications from iPhone to Android. Today's blog entry is about the harrowing adventure of accomplishing such a task. Before I delve into the details, here is a summary of my experience:Read more...
Old School Tech
Most of my time is spent at the keyboard. Be it on my laptop (both Apple and PC), or one of the many "smart" phones I have collected over the years. My life is about what's new. But sometimes, forward is backwards. On that premise, today's post ...
More Patent Sense
Not that anyone cares, since progress in technology and economics is a square second to fighting over who thought of what first (or at least who made it to the patent office first), but here is an interesting article about how the patent mess called ...
iPad hardly a revolution
Lets face it, I doubt even Apple believes that line. The iPad is a very simple design : take the success that two other locked in devices were having (Nook and Kindle), and through the miracle of science through in a few OS features that let's you do ...
Multi-tasking, yea..
Just finished watching the live broadcast of Apple's coming 4.0. Here's the situation in my mind:Read more...
Adobe Goes Monster Style
Almost forgot to put up my images of web awards at SXSW.. Didn't bother staying for the show because, well this year it was lame.
CRG @ SXSW 2010
Amazing party at Frog Design. Everything was well designed, though there were many technical difficulties. From unplugged RFIDreaders to video players crashing. Still, good party.
Patents! Seriously
Microsoft lost again today, with a $240 million dollar judgment against them for using a certain technique to write out XML documents. It's a word processor writing text to a file, but somehow unique enough of an idea to net somone $240 million, and ...

pfSense has alternatives?!

Sometimes I find a great idea, put it in writing, then realize that it isn't working. pfsense was one of those moments. To be fair to the project, I am still using pfsense in many places, and am perfectly pleased with it as a part of most solutions. But my corporate firewall had some issues that were causing me sleepless nights.

The first problem was with our Voip provider. The firewall configuration to work with our sip trunks took several hours to find the solution, which required the firewall to be more open than I would like. Fortunately, the instructions I found solved the problem, and we were online. Then weeks later, and for reasons I don't care to review right now, I ran into my second problem. It appears that if you use PPTP connections to remote locations, you can not turn on the PPTP server on the firewall. The reasons are just as complicated as the reasons behind the VoIp issue, but this time there was no solutions, and I was left with grumbling users on both side of the great wall.

The problems, as it turns out, were both caused by the same issue. pfsense uses a product named packet filter for its firewall. packet filter as I understand has a good history in security, but it's connection tracking systems lack support for at least a few of the protocols that I use on a regular basis.

After a bit of research, I learned that pfsense's parent project, m0n0wall, used a different firewall - ipfilter. On a whim, I switched out the memory card and replaced the main firewall with m0n0wall. The install process was basically the same process I learned from pfsense. The interface, though lacking some of the features and extensibility of pfsense, was so similar that I was reconfigured in minutes. Two notable differences: the VoIp worked out of the box, and PPTP was now available from both sides. I was now able to host a server, and dial into remote networks. PfSense has failover options that I would have liked to explore some day, but right now PPTP was a make it or break it option. Both projects are great assets to the open source community, but at least for now, m0n0wall has taken over my main router.

Tags : m0n0wall, pfsense

Add a comment

Posted by on February 9, 2010 12:44:00 AM CST #

Add a comment Send a TrackBack

Re: pfSense has alternatives?! Comment from Anonymous on September 8, 2010 7:57:36 AM CDT #
Title
Body	HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

2010 September (1) August (1) July (0) June (0) May (3) April (2) March (6) February (4) January (0)	2009 December (3) November (1) October (0) September (1) August (0) July (0) June (1) May (1) April (0) March (0) February (2) January (1)
2008 December (1) November (0) October (3) September (2) August (2) July (0) June (1)

Username
Password
Remember me

pfSense has alternatives?!

Re: pfSense has alternatives?!