Recent Thoughts About The Edge of My Network

monowall-pfsense-alix-kitIn recent weeks I’ve been accumulating some thoughts about the edge of networks, and the edge of my home office network in particular.

This all started last month where there was an Ars Technica article describing how someone found a backdoor that allowed an evil-doer to gain admin access to a common consumer combination DSL Modem/router/Wifi AP. The author initially proved the exploit by hacking his Linksys WAG200G wireless gateway.

The article describes how he published the script used to run the exploit. That allowed others to try the exploit against various makes/models of consumer hardware. It thus came to light that the same trick works against various products from Linksys and Netgear, amongst others.

Continue reading “Recent Thoughts About The Edge of My Network”

Choosing A Router/Firewall For A Small Office

net4801_2_lOne project that I’m am about to start is moving from my m0n0wall router to a new one build around pfsense. The motivation for the project is the integration of our Comcast Business Class internet service into the rest of the household. At present there are two separate networks, with only a few devices enjoying the high speed cable service. The pfsense system will be configured for dual WAN, accessing both the cable service and Covad DSL circuit.

My existing m0n0wall runs on an old Soekris Net4801. In service for many years, it has been extremely reliable. If m0n0wall does what you need I have no hesitation in recommending the software. Support from the user community is tremendous as well.

Continue reading “Choosing A Router/Firewall For A Small Office”

pfSense + Freeswitch

According to the pfSense blog there’s been an effort to implement Freeswitch as an installable package to pfSense. This is very interesting. There’s a long list of comments to the blog post which collectively spell out some of the merits of this idea, as well as how it relates to running an IP-PBX inside the LAN.

Some indicate a preference for Asterisk over Freeswitch. Others ask for a lightweight configuration supporting just a SIP proxy to an inside PBX. It’s noted that Freeswitch is a much larger application than siproxd, which would handle that well enough.

I’ve been considering giving pfSense a try. This is just one more good reason to make the effort some time soon.