[Cialug] IPFire
Justin Richeson
neomatrixjr at gmail.com
Mon Feb 10 22:28:37 UTC 2020
I guess I'd be like most people that are used to their Router being
Router/DHCP/DNS/Firewall. My OPNSense is all of the above with the
exception of it provides DNS for it's DHCP entries, but I have PiHole
running the majority of my DNS. I know an alternative is to have PiHole
run DHCP so it can also provide local DNS. Right now it just checks
OPNSense for local devices. Eventually I want to provide redundancy/HA for
OPNSense and PiHole.
On Mon, Feb 10, 2020 at 4:04 PM David Champion <dchamp1337 at gmail.com> wrote:
> A lot of the consumer SOHO routers let you attach a disk or printer to
> their USB ports, and do file sharing or run a print-server too. For people
> that don't want to have an additional appliance it is convenience. But
> you're potentially giving up a lot of security.
>
> Personally I'd recommend to them to get a NAS appliance like a Synology for
> the extras, and just let the firewall be the firewall.
>
> -dc
>
>
> On Mon, Feb 10, 2020 at 3:55 PM Jared Brees <fromj2sitsme at msn.com> wrote:
>
> > To be fair, most Linux/BSD firewall distros (including pfSense and
> > OPNsense), have the ability to add features like file sharing, etc.
> >
> > It's just a matter of whether or not you really should. Further, the
> > argument could be made you should *only* have the firewall be a firewall.
> > No DHCP, no DNS, etc. Just firewalling. The only add-on* I have with my
> > main pfSense setup is OpenVPN Client Export utility - which having the
> > firewall handle VPN is relatively standard practice for even enterprise
> > firewalls.
> >
> >
> > *I use DNS, DHCP, etc., but those aren't add-ons.
> > ------------------------------
> > *From:* Cialug <cialug-bounces at cialug.org> on behalf of David Champion <
> > dchamp1337 at gmail.com>
> > *Sent:* Monday, February 10, 2020 14:41
> > *To:* Central Iowa Linux Users Group <cialug at cialug.org>
> > *Subject:* Re: [Cialug] IPFire
> >
> > I've done this in a lab setup, not sure I'd rely on it for a "production"
> > configuration.
> >
> > I had done some testing with Untangle about a year ago but not using it
> > currently. I didn't have any problems with installing it. It isn't Free
> > (has a free-to-use community version), but does have a nice GUI and a lot
> > of advanced features if you need those.
> >
> > -dc
> >
> >
> > On Mon, Feb 10, 2020 at 2:29 PM Justin Richeson <neomatrixjr at gmail.com>
> > wrote:
> >
> > > Agreed, though...that's coming from a guy running OPNSense as a VM on
> my
> > > primary unRAID NAS/DOCKER/VM host. Though, to aid in isolation it has
> a
> > > hardware 4xGB Nic passthrough to it and no virtual NICs....someone
> would
> > > have to break the VM wall or break through the firewall to get in.
> > > Admittedly, I'm finding this isn't a great setup in practice though.
> > >
> > > On Mon, Feb 10, 2020 at 12:34 PM Jeffrey Ollie <jeff at ocjtech.us>
> wrote:
> > >
> > > > I was just looking through the features and I saw that it offered
> > > "add-ons"
> > > > that would let you turn your firewall into a Samba file/print server,
> > > > backup server, yadda yadda yadda. This is precisely the kind of
> thing
> > > that
> > > > I DON'T want in a firewall. OK, I get that they are targeting the
> > > > home/small office user but your firewall shouldn't be your everything
> > > else
> > > > server as well.
> > > >
> > > > On Tue, Jan 21, 2020 at 10:13 PM L. V. Lammert <lvl at omnitec.net>
> > wrote:
> > > >
> > > > > Caughr a blurb today about a new release - anyone using it?
> > > > >
> > > > > Lee
> > > > > _______________________________________________
> > > > > Cialug mailing list
> > > > > Cialug at cialug.org
> > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > >
> > > >
> > > >
> > > > --
> > > > Jeff Ollie
> > > > The majestik møøse is one of the mäni interesting furry animals in
> > > Sweden.
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
More information about the Cialug
mailing list