[TriLUG] Best O/S for a Linux Router/Firewall?

Jym Williams Zavada trilugj at jrwz.net
Sat Sep 10 08:54:47 EDT 2011


If you are willing to do command-line only, I can recommend OpenBSD as an OS 
that can provide routing, firewalling, DHCP service, and supports IPv6 and 
OpenVPN.  I've used it very successfuly for routing/firewalling.  Being that 
it's a *nix variant, the learning curve isn't very steep.

You may also want to take a look at Routerboard.com's RB750GL Gigabit 
Ethernet 5-port SOHO router for $59.95 (or the 10/100 version RB750 for 
$39.95).  I bought the RB750G for $79.95 a year ago (the RB750GL's 
predecessor).  I've not yet done any production level testing on it (still 
learning the CLI and experimenting with it), so I can't really say how well 
it might work for you, but I can say that it does routing and firewalling, 
and claims to provide DHCP, IPv6, and OpenVPN support (which I've not tested 
yet).

Although they run Linux under the hood, they use their own proprietary CLI, 
which is neither the easiest nor most intuitive interface that I've used, 
and definitely involves a much steeper learning curve than OpenBSD would 
(online manual at http://wiki.microtik.com/wiki/Main_Page).  However, the 
price is phenomenal, and I suppose if you were persistent enough, you could 
find a way to re-flash it to get a standard linux command-line.  For me, I 
figure that the time and effort it takes to do that is better spent learning 
the proprietary interface.  For that matter, they sell DIY, enclosures, 
boards that include serial ports, etc., but the cost starts going up 
significantly.  If my budget weren't nearly as tight, I probably go that 
route and roll my own.

On Fri, 9 Sep 2011 at 17:44, Tarus Balog wrote:

> Since I'll end up routing ethernet, I figured it was time to switch to a
> Linux-based router. In a perfect world, it would support routing between
> the Centurylink ethernet interface and our lan, act as a DHCP server,
> and act as a firewall.
>
> It must support IPv6. It would also be nice if it could easily handle
> OpenVPN as well.
>
> Suggestions for a distribution to use? I hear good things about monowall.



More information about the TriLUG mailing list