-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
IPCop vs. Smoothwall vs. ClearOS
- Thread starter m1k3072
- Start date
DominionZA
Executive Member
Wow thats expensive
It is. But it works so well.
I have a spare Xeon machine that I am going to install ClearOS on later today to see what has changed. It has been a few a few years so hoping things have advanced a bit.
I am up for my annual license renewal again and tired of paying the fees. If ClearOS has not caught up with Kerio then I will just pay the fee again.
DrJohnZoidberg
Honorary Master
Can't get higher than 10MB/sec on my LAN
The NIC in the ClearOS box connected to the LAN has its 1000 light lit up and all the other PCs also have gigabit NICs. I have changed drivers and no love. Looks like I'm going to have to find another solution, maybe go back to looking at pfSense.
The NIC in the ClearOS box connected to the LAN has its 1000 light lit up and all the other PCs also have gigabit NICs. I have changed drivers and no love. Looks like I'm going to have to find another solution, maybe go back to looking at pfSense.
Can't get higher than 10MB/sec on my LAN
The NIC in the ClearOS box connected to the LAN has its 1000 light lit up and all the other PCs also have gigabit NICs. I have changed drivers and no love. Looks like I'm going to have to find another solution, maybe go back to looking at pfSense.
Take it you got a GB switch as well?
DrJohnZoidberg
Honorary Master
Yep. I was running everything on my Fedora machine previously but wanted to move it off there as I wanted to be able to switch that machine off without losing the internet. Was getting 100-120MB/sec with that set up.
Have no idea why it's transferring so slowly.
Showing up fine on ClearOS:
Firewall:
Code:
Settings for eth1:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: Symmetric Receive-only
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: pumbg
Wake-on: g
Current message level: 0x00000033 (51)
drv probe ifdown ifup
Link detected: yesClient machine:
Code:
Settings for p33p1:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: Not reported
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Cannot get wake-on-lan settings: Operation not permitted
Current message level: 0x0000003f (63)
drv probe link timer ifdown ifup
Link detected: yes
Last edited:
The_Unbeliever
Honorary Master
Yep. I was running everything on my Fedora machine previously but wanted to move it off there as I wanted to be able to switch that machine off without losing the internet. Was getting 100-120MB/sec with that set up.
Have no idea why it's transferring so slowly.
Showing up fine on ClearOS:
Firewall:
Code:Settings for eth1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: Symmetric Receive-only Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on MDI-X: Unknown Supports Wake-on: pumbg Wake-on: g Current message level: 0x00000033 (51) drv probe ifdown ifup Link detected: yes
Client machine:
Code:Settings for p33p1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: Not reported Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on MDI-X: Unknown Cannot get wake-on-lan settings: Operation not permitted Current message level: 0x0000003f (63) drv probe link timer ifdown ifup Link detected: yes
Now, just to be completely different, and out of morbid curiosity, what will happen if you :
1. Force the NIC on the firewall GREEN to 100 and to 10?
2. Force the NIC on the Gig switch going to the firewall to 100 and to 10?
3. What speeds do you get when copying a file with SCP to/from the firewall? At gig, 100 and 10 settings?
4. Is it possible to try other Ethernet cards (eg 3com) instead of the current ones you have?
5. And last, but not least, are you 100% sure the flylead is crimped correctly?
DrJohnZoidberg
Honorary Master
Thanks, I will muck with the speeds and recheck cables tonight. Unfortunately do not have a spare NIC.
DrJohnZoidberg
Honorary Master
Looking for a free solution and Untangles free version is sorely lacking in features.
DominionZA
Executive Member
Played with ClearOS today. Was back on Kerio by day end.
Spending a bit of cash on a decent solution pays off.
Spending a bit of cash on a decent solution pays off.
Depends what features you're after.
For example Smoothwall wins for me because of its ability to monitor (and cap) bandwidth per local user / ip address. (BandviewX)
IPCOP (1.4.21) can do this too with TCAR addon. (additional addon needed to monitor uploads)
ClearOS nor PSsense can do this (yet.)
For example Smoothwall wins for me because of its ability to monitor (and cap) bandwidth per local user / ip address. (BandviewX)
IPCOP (1.4.21) can do this too with TCAR addon. (additional addon needed to monitor uploads)
ClearOS nor PSsense can do this (yet.)
Last edited:
DrJohnZoidberg
Honorary Master
ClearOS is annoying me now. There is no way to do proper qos. I can install the bandwidth management app but cannot limit by local ip's, cannot prioritize protocols that aren't in their predefined list and causes my ppp connection to crash randomly.
Going to move to PfSense.
Going to move to PfSense.
The_Unbeliever
Honorary Master
Any news? Or is ClearOS the problem with your slow NIC speeds?
The_Unbeliever
Honorary Master
tried installing clearOS6 - it want to connect to clearcenter before installing.
Bad move. Gonna ditch it and look at SME Server. (same thing, same funtionality)
Bad move. Gonna ditch it and look at SME Server. (same thing, same funtionality)
InvisibleJim
Expert Member
- Joined
- Mar 9, 2011
- Messages
- 4,209
- Reaction score
- 3,341
I've just given Endian a quick spin in a Virtualbox test environment. Looks very good and has some nice features free out of the box.
Looks like it will be easier to configure for blacklisting/whitelisting domains than ClearOS and I like the authentication options (including AD.) Think I will try it in the live environment sometime soon.
Looks like it will be easier to configure for blacklisting/whitelisting domains than ClearOS and I like the authentication options (including AD.) Think I will try it in the live environment sometime soon.
graviti
Senior Member
Don't try in live environment until you've tested extensively.
AD authentication may sound awesome, but it has it's drawbacks. 300 000 http requests via the proxy in an 8 hour period, and each one of those waits for an authentication packet from the domain controller.
1. User sends request to proxy.
2. Proxy sends auth request to DC.
3. DC sends reply to proxy.
4. Proxy then sends request to cache.
5. If cache misses, then sends request to outside server.
6. Data returns to proxy.
7. Proxy delivers to user.
8. Proxy caches.
9. Repeat for next file.
Steps 2 and 3 can cause quite a bit of delay, which we found out the hard way. It's just extra packets on your network, and it does bulk up the HTTP headers a bit. But for some it is a necessary evil.
The one downside we've had to the EFW has been the actual firewall. Being an iptables nut, I prefer to hand code it, and the logic that EFW uses isn't alway clear. So blocking torrents etc has proven to be a PITA.
Other than that, we love it.
DrJohnZoidberg
Honorary Master
I'm testing IPCOP now and there seems to be a bunch of these firewall solutions that are basically identical except for the skin. Endian looks exactly like IPCOP to me (except IPCOP is really ugly), which is based off Smoothwall so I'm guessing they all really similar.
None of them I've looked at, except for Kerio as suggest by Mike are able to do what I want. I just cannot afford Kerio.
How hard is it to put these things in to an opensource firewall distro? I can do everything I need using separate tools on a normal centos box, but it's time consuming and annoying having to use a bunch of different consoles to do what you need.
All I want besides the base firewall is:
1. Proper per-workstation QoS
2. Bandwidth accounting per workstation
3. Proxy support
4. OpenVPN (not a must, but nice to have)
I can do all this stuff with Shorewall, ntop, webmin and squid but that means setting them all up and hassling with different config files and not having central access to everything.
Guess I'll just revert back to using Centos and doing my own thing till I find a proper solution or until ClearOS fixes it's issues.
graviti
Senior Member
EFW has ntop, under services. It has QoS, also under services. It has a proxy (transparent or non-transparent). It also has a easy to set up OpenVPN interface. Maybe play with EFW a bit more
InvisibleJim
Expert Member
- Joined
- Mar 9, 2011
- Messages
- 4,209
- Reaction score
- 3,341
Thanks. Provided I'm selective about what features I set up, I can setup Endian with a way back to ClearOS and no harm done if I have any problems.
Based on what you've said though, I'll probably hold off on jumping in with AD authentication. Would be nice to have though - reporting and access control via AD account is the main thing I miss from ISA.
DrJohnZoidberg
Honorary Master
Thanks! I looked at the live demo installation and didn't see any of that, so will rather download latest version and test out locally.