Share your router/firewall BSD distribution or dedicated BSD box experience (for FreeBSD users)

[sidetone]

OPNsense and pfSense are based off of the defunct m0n0wall distribution: m0n0wall has encouraged OPNsense as its successor. DynFi is another router/firewall distribution based off of OPNsense and pfSense. It uses a modified FreeBSD, and has a ports overlay on top of FreeBSD ports. DynFi also has a firewall manager which also works with OPNsense and pfSense boxes. BSD Router Project (BSDRP) is a distribution which uses Linux and GPL components for its routing software. These BSD operating systems all happen to be specifically FreeBSD based.

Share your experiences with opensource BSD distributions or dedicated BSD boxes for router, firewall and closely related networking and security functions for FreeBSD users, including on networks which have FreeBSD computers on it. Other networking functions such as VPN, proxy, gateways, modems and load balancer functions for dedicated boxes can also be included. Include other network security functions in addition to firewall for dedicated boxes. Comparisons between systems can be made too. Also, do you use any BSD distribution router/firewall for your FreeBSD computer?

Based on replies:
Dedicated boxes using Solaris based operating systems with common BSD routing/firewall and related network software can be included. Experiences using proprietary software for routing/firewall on top of an opensource BSD or Solaris distribution for a dedicated networking/routing/firewall box can also be included, provided that it was a legal copy at the time of use. CDDL and similarly licensed software can also be included for dedicated BSD/Solaris boxes.

 

[SirDice]

Do Juniper firewalls count? Technically they're using BSD under the hood. It's more obvious if you drop to a shell instead of the configuration editor.

 

[sidetone]

Do Juniper firewalls count?

I think so. Why not? Juniper is part of the opensource ecosystem. I'm not sure if their operating system is open source. Especially it can be mentioned in comparison to FreeBSD or used for a FreeBSD computer.

If Juniper's OS is closed source, it might be an exception to include, because of their opensource firewall and contribution to FreeBSD. Maybe focus on the opensource side and services of Juniper? Perhaps IPF.

If its opensource aspects are mentioned as a dedicated router/firewall in a way which can be tied to use with FreeBSD in some way. Why not? Maybe any use of Juniper through use and mention of IPF or other opensource software by them is also welcome.

Maybe not as a Juniper box, but as a box which uses IPF that runs on Juniper.

 

[SirDice]

I'm not sure if their operating system is open source.

It's not. I have managed to get a hold of that 'illegal' JunOS package once. You basically install a blank FreeBSD 4.x and install this package on it. You then have a "JunOS" router. Really old version but it worked good enough for testing purposes.

If Juniper's OS is closed source, it might be an exception to include, because of their opensource firewall and contribution to FreeBSD.

They do still sponsor certain commits. Newer Juniper devices seem to have moved away from FreeBSD though. So not sure what Juniper will do in the future.

 

[Emrion]

I have this at home.

A FreeBSD box for home

We are many here to ask questions. But few tell what they want to achieve. I want to share this project involving FreeBSD. My goal was to set up a firewall / router just after my internet box and also use it as a media reader on my TV. I almost completed the configuration. The main components...

forums.freebsd.org

Now on 14.0-RELEASE.
Debian VM version is 11 (bulleye).
pfSense VM version is 2.7.2.

 

[patmaddox]

I have a protectli device running vanilla FreeBSD with pf and dhcpd.

 

[sidetone]

I don't understand how JunOS works in comparison to opensource BSD distributions. JunOS and Juniper need a dedicated thread to describe its opensource aspects and history, including contributions and ecosystem with FreeBSD. I'm not sure if they use Linux or cloud now: these aspects shouldn't be included in this thread. Maybe, to write about its history in another thread, to say how it drifted to that from being used on top of BSD. I don't understand about Juniper and JunOS enough to write about that. A "junos" tag: https://forums.freebsd.org/tags/junos/.

If it's JunOS software on top of any opensource BSD box, and can be tied to FreeBSD, then include it. IPF and other software contributions by Juniper deserve mention. Juniper software (also which resembles JunOS) which is opensource on top of BSD with some relation to on top of opensource BSD operating system use can be mentioned here.

Maybe you meant unofficial version of JunOS parts on top of FreeBSD. As long as it's opensourced JunOS/Juniper components on an opensource BSD box by a typical FreeBSD user include it.

Related to FreeBSD use would be by using any opensource BSD box: as a router/firewall used with a FreeBSD computer, or as a user of FreeBSD who ever used another router/firewall BSD distribution. Also to compare those BSD distributions to FreeBSD.

 

[SirDice]

Maybe you meant unofficial version of JunOS parts on top of FreeBSD.

Yeah, that's the one. I couldn't remember the name, but I found the files again (I'm a bit of a file hoarder). It's called "Juniper Olive". Uses a FreeBSD 4.x base. But you need actual valid JunOS installation files. And the only ones floating around on the internet have a similar status as Metin-2. So probably best if we exclude it here too

That said, I have pretty good experiences with the Juniper SRX line of firewalls. Their way of configuring took some time to get used to but is actually quite logical once you start learning more.

 

[homeadm]

I use old-but-still-good m0n0wall. It's at the center of my home network. Its main task is to separate machines with my valuable data from hackers. But it also divides my network into two subnets. I'm so happy with it that I don't even think about replacing it with something newer.

It's rock solid, never crashed, uses few resources, is easy to manage and almost bug-free (I found 2 minor issues). Without much effort, I can configure it to allow an SMB or NFS connection from a PC on WAN side to another one on LAN side, whether it's Windows or Unix.

My first idea was to create this router from plain Solaris. But why do it the hard way and manually edit all the rules, when Manuel gave us such a nice GUI? But the bottom line is: if you can do it on m0n0wall/OPNsense, you can do it on Solaris, FreeBSD, OpenBSD ... On any operating system with IPF.