Best FOSS firewall/gateway to manage internet usage?

So this is where I am and what I have tried:

1) ClearOS - One of the best, but it only monitors web browsing. It does not monitor all traffic, so if a user is torrenting, there is no method of tracking this.
2) Untangle - Requires expensive apps to be really functional, and our Untangle just started maxing out our upload line... for no apparent reason. It also sucks with new hardware and runs on outdated debian.
3) Endian - A polished system, but only has raw ntop to manage internet usage
4) IPCop - Have not tried it out as their website looks like it was done by a 5 year old about 10 years ago. Also, you cant download 2.0.4 (you have to download 2.0.3 and then upgrade to 2.0.4 - this indicates to me lazy developers... which puts me off)
5) Zentyal aka Ebox - Have not tried this since it was ebox, but last I checked into only metered web browsing, not all traffic.
6) PFSense - Have not tried it yet.
7) m0n0wall - Have not tried yet
8) Smoothwall - Have not tried yet

So what FOSS firewall/gateway solutions are out there to help me manage how much a user downloads? What do you recommend?

takes some getting use to but this works wonderfully for me

http://www.softperfect.com/products/bandwidth/

I am still itching to try ClearOS.

Worked with Untangle quite a bit in the past, you are spot on RE the hardware. A bit of trial and error when installing on a new system. Other than that, even the free apps got the basics done.

I did have a few issues with Untangle itself - at some point we had problems with FTP connections from behind Untangle. Connections could be made, but file transfers would get to 99% and hang. I think it was only with passive connections, but cannot remember for sure. Gaming from behind Untangle also showed weird spikes at times, WoW EU servers for example, would start out fine but then jump to 12k ms for no reason. Bypassed Untangle and would be back down to 200-300ms stable.

IPCop... The website put me off as well, but I downloaded and installed anyway. I was actually surprised. It performed as advertised and gave me the basics that we needed at the time.

Flidiot said:

IPCop... The website put me off as well, but I downloaded and installed anyway. I was actually surprised. It performed as advertised and gave me the basics that we needed at the time.

Click to expand...

You can do a lot with IPCop v1.4.21 and the addons available for it, unfortunately it lacks support for a lot of current hardware (runs on kernel 2.4.36).

v2.0.4 is usable but still a work in progress as far as detailed traffic monitoring addons are concerned, however update accelerator is now up & running .

v2.1, when released, is supposed to have the same functionality provided by the v1.4.21 addons.

So far outta all the firewalls I have tried. Endian is the only one able to block torrents. Very affective. I asked the guys at work to try get around the firewall with vpns and tunnels and such... and they failed. I have enabled ssh out, but only for my mac

I'd go with smoothwall - heard good things about it. Also...libs is a smoothwall rep I think which is probably useful.

MickZA said:

You can do a lot with IPCop v1.4.21 and the addons available for it, unfortunately it lacks support for a lot of current hardware (runs on kernel 2.4.36).

v2.0.4 is usable but still a work in progress as far as detailed traffic monitoring addons are concerned, however update accelerator is now up & running .

v2.1, when released, is supposed to have the same functionality provided by the v1.4.21 addons.

Click to expand...

Agree with you completely. The times I have used it, we really just needed something plain vanilla. Basically to dial the PPPoE connection and act as a firewall. I am quite looking forward to a new release, will be good to see what they throw in the mix now.

I used an early version of smoothwall and I think it did support this, this was like 10 or so years ago

I tried out some smoothwall. A nice firewall, but the free version is very nerfed. I really like the live bandwidth graphs, but they do become confusing with lots of small packets. Right now I am liking Endian. Just its lack of reporting sucks (ntop that breaks a lot). The way it locks down a network is pretty good.