Defining rules for packet shaping is a little more involved and requires an understanding of entities m0n0wall refers to as "pipes" and "queues." Basically, a pipe is a restriction on bandwidth. A queue lets you specify how "flows" -- packets with a common characteristic, such as the same source IP address -- share that bandwidth. The online documentation points to a short essay on the subject, which is worth reading before you try your hand at building shaping rules.
The creators of m0n0wall envisioned a straightforward firewall system and therefore deliberately kept the distribution small. Currently, m0n0wall can fit on a 16MB CompactFlash card. This means that some facilities have been omitted. For example, you won't find a proxy server, intrusion detection, an FTP server, a Web server and so forth. On a m0n0wall-protected intranet, such services would run on separate hardware.
Nevertheless, m0n0wall's simplicity is its strength. It is easy to set up and maintain. Documentation boasts setup times of less than 15 minutes, which is about how long it took me.
OpenFiler is a SAN/NAS appliance based on rPath Linux. According to its creator, OpenFiler actually began life atop Fedora Linux, moved to CentOS, and final settled on rPath, attracted by that Linux's impressive package-management environment. OpenFiler can operate at either the SAN or NAS level -- or both simultaneously.
OpenFiler's feature set is impressive. It provides drivers for a wide array of peripheral busses: It can talk to disk drives on IDE, SAS, SATA, SCSI or iSCSI interfaces. If you need RAID, OpenFiler is compatible with hardware from Adaptec, LSI Logic, Intel, and others. Further, it can handle file systems up to 60TB in size. Its supported Ethernet controllers include Fast, Gigabit, and 10 Gigabit controllers from Intel and Broadcom.
In spite of these bounteous capabilities, its actual processor and memory requirements are modest. A standard x86 system with 256MB of RAM, 1GB of disk space for the OS image, and at least one Ethernet card is all you need to get going.
There's not much to see in the console when you boot an OpenFiler system. You can log in to the console or through SSH and execute Linux commands in case you need to modify boot scripts and configuration files. But as with m0n0wall and IPCop, management of OpenFiler is through the administration user GUI hosted on a built-in Web server. (If you need access to shell commands, the GUI provides a secure shell terminal via a Java applet.)
The tabbed administration GUI leads you to sections where you can configure several components. Among them are users and groups. This requires you to select either LDAP or Windows as the authentication system. If you don't have a Windows server available, OpenFiler comes with the open source OpenLDAP server.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts