Interview with Jeff Starkweather, Chris Buechler and Scott Ullrich

Centipede Networks has recently entered a partnership with BSD Perimeter to offer commercial support for two important free software projects, pfSense and m0n0wall.

The Free Software Magazine talked to Jeff Starkweather (CEO of Centipede Networks), Chris Buechler (BSD Perimiter’s CTO) and Scott Ullrich (Chief Architect at BSD Perimiter).

TM: Hello everybody, and thank you for answering my questions! Jeff, Chris, Scott please introduce yourselves and your companies to our readers.

JS: My name is Jeff Starkweather and I am the CEO of Centipede Networks. Centipede Networks is a dba of S4F, Inc. in Tulsa, OK, U.S.A. The company started out about 10 years ago as an ISP providing dialup access that had content filtering bundled with the service. As time progressed we branched out into products which included an internet security appliance that provides firewall, content filter and spam and virus filtering services.

CB: My name is Chris Buechler and I am the CTO of BSD Perimeter, a co-founder of the pfSense project, and a long time m0n0wall contributor. I’m not a developer on either project, but possess a deep understanding of networks and security that has enabled me to contribute heavily to both projects in project direction, testing, documentation and support.

BSD Perimeter was founded in Louisville, KY, U.S.A. by Chris Buechler and I to provide commercial backing and support for the pfSense and m0n0wall projects.

SU: My name is Scott Ullrich, and I am the Chief Architect of BSD Perimeter, the other co-founder of pfSense, and its primary developer.

Read the whole interview here

Internet access & time slots (pre)defined with pfSense

pfSense logoHave you ever wasted too much time online? Right, so posting this on my blog imparts some selection bias to the answers to that question. But have you really wasted time to the point of not getting work done, or letting other things fall by the wayside?

We’re going to block some sites that sing their siren song to us, calling like the blue light inside the bug zapper. I’ll use four that friends have suggested.

Now, it’s simply no good to just cut off your access to these sites. The goal here is to get you back to work, not to make it so that you have to go find a way around an all-encompassing block to get your fix. So, we’re going to block access to problem sites during parts of the day when you think you ought not be accessing them.

This can now be easily done with pfSense

To implement this we need to break down the problem into two parts:

1. What do we want to block?
2. When do we want to block it?

Read the complete howto here.

pfSense 1.2-BETA-2 released

pfSense logoAfter a long bug hunting and regression testing period, Scott Ullrich has announced the second beta release of pfSense 1.2, a FreeBSD-based firewall on 04 July.

1.2-BETA-2 has many new features and stability improvements making it the leading Open Source firewall solution. Enterprise features, rock solid stability adds up to one great release!

Here are just a few of the new improvements and features that have made their way into this new version: advanced outbound NAT fixes; UPNP now works on live CD; miscellaneous log viewing fixes; password field lengths now line up on nervecenter theme; IPSEC now works correctly on CARP interfaces out of the box; routed hosts behind a policy-routed segment can now reach the LAN interface correctly when the anti-lockout rule is enabled; pfSync and CARP now will work correctly on extremely restrictive rulesets; captive portal images fixed…

Read the rest of the release announcement for full details.

pfSense 1.2 status update

I’ve been going through all the open bug tickets cleaning up things that have been fixed and reviewing everything else to help Scott and the other developers fix the remaining issues. We’re down to about a half dozen known issues in the current RELENG_1_2 snapshots, which will hopefully all be fixed in a week or less. At that point, assuming we don’t find any other issues in the mean time, 1.2b2 will be released.As always, I can’t speculate on a release date for 1.2. That largely depends on what issues people find once 1.2b2 is out, and how much the developers’ real lives and paid work get in the way of open source work. Probably somewhere between 1-4 months from now. We’re shooting for sooner rather than later, as this release is already drastically more reliable and bug free than 1.0.1, but we also want to make sure there are no known issues in the 1.2 release.

Source: pfSense Blog

pfSense versus m0n0wall

A very short comparison

Compared to m0n0wall, it (i.e. pfSense) has many many more features. That proves problematic for very basic systems, like the soekris net4501 which only has 64mb of ram. m0n0wall runs great on that platform, but pfsense requires 128MB of RAM so its a no go.

m0n0wall does have simplicity going for it, as well as security. Simplicity is nice in many ways – fewer things can go wrong, etc., and with no ssh or servers other than the webGUI which can use SSL, you’ve got a tight box – even the console is very limited.

There’s more detailed information on the differences and similarities between pfSense and M0n0wall on the FreeBSD systems page.

What is FreeBSD?

This website deals with the FreeBSD Operating System, but what is FreeBSD?

FreeBSD (FBSD) is an advanced Unix-like operating system developed by the FreeBSD Project. FBSD is one of the most reliable, robust and secure operating systems in the world. It is free, open source and powers some of the internet’s largest web servers, including Yahoo’s and Sony’s (more companies). Rock-solid stability and the ability to perform extremely well under heavy workloads makes this operating system a popular choice among Internet Service Providers and Web hosting companies. A cohesive userland and kernel, the ports system and regular OS upgrades are the strengths of this OS.

FreeBSD is derived from the Berkeley Software Distribution (BSD), the version of UNIX developed at the University of California at Berkeley between 1975 and 1993. FreeBSD is not a UNIX clone. Historically and technically, it has greater rights than UNIX System V to be called UNIX. Legally, it may not be called UNIX, since UNIX is now a registered trade mark of The Open Group.

FreeBSD runs on Intel processors as well as on DEC Alpha, Sun UltraSPARC processors, Itanium (IA-64) and AMD64 processors and soon on Suns Niagara servers (FreeBSD 7).

FreeBSD is an operating system that is very flexible and can therefore be used for various purposes:

  • FreeBSD – (web)servers
  • FreeNAS – Network Attached Storage servers
  • DragonFly BSD – Powering cluster computing
  • PC-BSD and DesktopBSD – Desktop
  • M0n0wall and pfSense – Firewall
  • Frenzy – portable system administrator toolkit
  • FreeSBIE and RoFreeSBIE- Live CDs

Stability, flexibility and security are what is needed for a good operating system, and FreeBSD has them all, whether you use it on your desktop or as server. There’s an interesting article on IBM’s website “Why FreeBSD” dealing with the strong points of FreeBSD.

pfSense 1.2-BETA-1 released

pfSense project logoAbout 2 weeks ago the pfSense Project have released 1.2-Beta-1. This version contains a quite a number of improvements and new features, including

  • FreeBSD updated to 6.2
  • Reworked load balancing pools which allow for round robin or failover
  • miniupnpd has proven to work so well that it is now in the base install but deactivated by default (uninstall the miniupnpd package before upgrading to avoid duplicate menu items)
  • Much enhanced RRD graphs
  • Numerous Squid Package fixes
  • etc etc click here for the full list of changes/additions
  • If you want to see how to install pfSense or how to access the web interface, check out hese two video’s here.

    A list of FreeBSD based operating systems

    FreeBSD is an advanced operating system for x86 compatible (including Pentium® and Athlon), amd64 compatible (including Opteron, Athlon 64, and EM64T), UltraSPARC, IA-64, PC-98 and ARM architectures. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. It is developed and maintained by a large team of individuals. Additional platforms are in various stages of development.

    PC-BSD has been designed with the “casual” computer user in mind. Installing the system is simply a matter of a few clicks and a few minutes for the installation process to finish. Hardware such as video, sound, network and other devices will be auto-detected and available at the first system startup. Home users will immediately feel comfortable with PC-BSD’s desktop interface, with KDE 3.5 running under the hood. Software installation has also been designed to be as painless as possible, simply double-click and software will be installed.

    DesktopBSD aims at being a stable and powerful operating system for desktop users. DesktopBSD combines the stability of FreeBSD, the usability and functionality of KDE and the simplicity of specially developed software to provide a system that’s easy to use and install.

    m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

    pfSense is an open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD’s ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features.

    FreeNAS is a free NAS (Network-Attached Storage) server, supporting: CIFS (samba), FTP, NFS, RSYNC protocols, local user authentication, Software RAID (0,1,5) with a Full WEB configuration interface. FreeNAS takes less than 32MB once installed on Compact Flash, hard drive or USB key. The minimal FreeBSD distribution, Web interface, PHP scripts and documentation are based on M0n0wall.

    Freesbie is a LiveCD based on the FreeBSD Operating system, or even easier, a FreeBSD-based operating system that works directly from a CD, without touching your hard drive.

    RoFreeSBIE is a Live DVD/CD installable on hark disk. Its goal is to promote FreeBSD and make it an educational tool and a mobile desktop too.

    Frenzy is a “portable system administrator toolkit,” LiveCD based on FreeBSD. It generally contains software for hardware tests, file system check, security check and network setup and analysis.

    More and more up-to-date information can be found on the FreeBSD systems page.