On 2020-03-30 17:04, Trevor Cordes wrote:
On 2020-03-30 Alberto Abrao wrote:
I have the feeling that's redundant. That, and having a main router in front of them would help me set up things such as QoS and a central firewall.
I'd say find a way to start slow. Like start making your single-connection-point firewall first without putting any boxes behind it. Then move them behind it one by one as you add more setups/features to the firewall.
Agreed.
Some will say use OpenBSD for all of this, but I say use Linux. Or, more accurately, use what you know and are good at. It'll be easier to get a grasp of things if you're already partway there.
That's true, assuming you don't think IPTables/NFtables is some Lovecrraftian nightmare that needs to be killed with fire.
My personal preference is to use pfSense, as it provides a good balance between a helpful GUI, access to the OS if needed, performance, flexibility, etc. It's not perfect, but it's a good starting point if you have a clue what you want to do. There are quite a lot of pfSense users here, most lurk.
Also, I always recommend "rolling your own" using basic utilities rather than using some pre-made "simple" firewall/router distro. But that's mostly because I like my boxes to serve many duties, not one just for firewall, one just for NAS, etc. Plus, you learn more doing it yourself, and have ultimate flexibility. With a purpose-made distro you'll eventually run into something you want to do that it can't.
While true, security best-practice says to never do more than one thing on your firewall in the first place. There's always an exception to that rule, but not being *able* to install Samba on your firewall might be a good thing...
-Adam