Pagine

Linux - Firewall per creare Gateway gratuito

Ecco un software che permette di creare un Gateway e firewall con le seguenti caratteristiche


http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43


Ecco delle screenshot:


http://www.pfsense.org/screenshots/


Il relativo link per il download


http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=46




Common Deployments
pfSense is used in about every type and size of network environment imaginable, and is almost certainly suitable for your network whether it contains one computer, or thousands. This section will outline the most common deployments.

Perimeter Firewall

The most common deployment of pfSense is as a perimeter firewall, with an Internet connection plugged into the WAN side, and the internal network on the LAN side. It supports multiple Internet connections as well as multiple internal interfaces.
pfSense accommodates networks with more complex needs, such as multiple Internet connections, multiple LAN networks, multiple DMZ networks, etc. Unlike many similar solutions, you can deploy systems with dozens of interfaces if needed.
Some users also add BGP capabilities to provide connection redundancy and load balancing.

LAN or WAN Router

The second most common deployment of pfSense is as a LAN or WAN router. This is a separate role from the perimeter firewall in midsized to large networks, and can be integrated into the perimeter firewall in smaller environments.

LAN Router

In larger networks utilizing multiple internal network segments, pfSense is a proven solution to connect these internal segments. This is most commonly deployed via the use of VLANs with 802.1Q trunking. Multiple Ethernet interfaces are also used in some environments.

Note

In environments requiring more than 3 Gbps or 1 million packets per second of sustained throughput, no router based on commodity hardware offers adequate performance. Such environments need to deploy layer 3 switches (routing done in hardware by the switch) or high end ASIC-based routers. As commodity hardware increases in performance, and general purpose operating systems like FreeBSD improve packet processing capabilities in line with what new hardware capabilities can support, scalability will continue to improve with time.

WAN Router

For WAN services providing an Ethernet port to the customer, pfSense is a great solution for private WAN routers. It offers all the functionality most networks require and at a much lower price point than big name commercial offerings.

Wireless Access Point

pfSense can be deployed strictly as a wireless access point. Wireless capabilities can also be added to any of the other types of deployments.

Special Purpose Appliances

Many deploy pfSense as a special purpose appliance. The following are three scenarios we know of, and there are sure to be many similar cases we are not aware of. Most any of the functionality of pfSense can be utilized in an appliance-type deployment. You may find something unique to your environment where this type of deployment is a great fit.

VPN Appliance

Some users drop in pfSense as a VPN appliance behind an existing firewall, to add VPN capabilities without creating any disruption in the existing firewall infrastructure. Most pfSense VPN deployments also act as a perimeter firewall, but this is a better fit in some circumstances.

Sniffer Appliance

One user was looking for a sniffer appliance to deploy to a number of branch office locations. Commercial sniffer appliances are available with numerous bells and whistles, but at a very significant cost especially when multiplied by a number of branch locations. pfSense offers a web interface for tcpdump that allows the downloading of the resulting pcap file when the capture is finished. This enables this company to capture packets on a branch network, download the resulting capture file, and open it in Wireshark for analysis.
pfSense is not nearly as fancy as commercial sniffer appliances, but offers adequate functionality for many purposes at about 2% of the total cost.

DHCP Server Appliance

One pfSense user deploys single interface pfSense installs as solely DHCP servers. In most environments this probably does not make much sense. But in this case, the user's staff were already familiar and comfortable with pfSense and this enabled further deployments without additional training for the administrators, which was an important consideration in this deployment.

DNS Server Appliance

There is a pre-built DNS Server appliance available, pfDNS. This is a custom version of pfSense with a simplified web interface, providing only the functionality desired on a system functioning strictly as a DNS server. There is a tinydns package available for pfSense that allows you to add this functionality to a stock pfSense install.