Firewalls and spray paint

[hslayer]

I've been using pfSense, an open-source, FreeBSD-based router/firewall for about two weeks now, on some old PC hardware I had lying around. The motivation was upgrading to multiple public IP addresses, which necessitated using multiple routers, since the little SOHO routers only support one WAN IP address. That would quickly get out of control.

Comments

[slackwench]

Don't set up an ARP loop.

Why do you want multiple external addresses?

[hslayer]

I'm using virtual IP addresses, so no matter how many I have with Verizon, it'll still use just the one interface. I'll only use the second interface if I add a second connection for loadsharing/failover. Were I to use both for the same ISP, though, there is a simple checkbox in the webGUI to "suppress ARP messages when interfaces share the same physical network".

For now it's just to segregate personal and business traffic, so when Michelle is on IRC or I'm on BitTorrent, the address won't resolve to mail.dormpro.com. The next step up from one is a block of five, so I have a few more to play with as the business grows, too.

[cbreakr]

So what's your issue with Linux + MySQL?

[hslayer]

I don't feel Linux has the polish of Windows. It's a little too obvious that it was written by geeks in basements instead of by geeks in offices with corporate overseers cracking whips over their heads. And the devil's in the details.... You have to "Eject" a USB flash disk from Ubuntu to flush the write cache, while Windows has stopped write caching them by default at least since XP SP2. Too many things still require going to the command line instead of using the GUI interface. The online help and man pages are practically useless. And, of course, there's the Windows software library. Emulation layers are just plain too much trouble. Maybe I'm getting crotchety in my old age, but I expect things to just work. This is supposed to be mature technology, after all. I'm still happy to sit tweaking all day, but tweaks should bring extra features or performance, not be required for baseline features and performance. Basically, I feel like Windows is the best of both worlds, combining Linux's power and MacOS's usability. (No, the

[cbreakr]

I never knew that about MySQL's query optimizer. That is a big hassle. Maybe I've just been succumbing to a "grass greener on the other side" feeling lately with the frustratingly incomplete custom objects I've been downloading for .NET.

[anonymous]

"used to use it for my DOS prompt."

means the greatest geek cred of all :)

If you use watchguard at work, you'll know the other reason to avoid them. The livesecurity contracts that you need just to access the smallest of patches.

On the other hand, there are a number of people who are running pfsense on retired watchguard boxes.

Now open source is fine, for learning from. But custom code on Win2k(x) written by someone who KNOWS the win32 api will spank anything you can find in the open source world. Besides, open sourcers don't seem to know how to comment code or even format it in a readable fashion Migraines every time I delude myself that there might be something worthwhile to borrow.