While I generally view hardware routers such as those from
Linksys,
SMC, or
Netgear as being the best solution for
connecting home networks to the Internet, for a variety of reasons these
proved inadequate for my needs. Instead, I use
OpenBSD and the included
PF firewall software.
|
The Problem
Hardware routers have a number of limitations, such as limited
configurability for options such as port forwarding. They also have
extremely limited memory, and therefore timeout idle connections
quickly enough for it to disrupt my Internet activities.
The Solution
I use the PF firewall included in OpenBSD. While other options
exist, PF is much simpler to use, and when security is paramount,
simplicity reduces opporunities for mistakes. While I have decided
not to post my specific configuration, a
basic configuration can be fairly easy
to understand.
There are also features that I find convenient such as
AuthPF. It
allows me to securely modify the ruleset from other machines when
the need arises. This is useful for occasions where I want to use
applications such as Skype that need to be externally accessible, but
that I don't want to be permanently accessible.
Another feature that I use is ALTQ, a system that allows traffic
shaping. This allows bandwidth to be reserved for time-sensitive
applications such as SSH and Skype, while increasing bandwidth
available to other applications. While it seems counter-intuitive
that limiting bandwidth should improve results,
the results when
it is done correctly speak for themselves. Many broadband routers now
support this feature for applications such as VoIP, but ALTQ allows
for much better granularity.
|