UPDATE: The upgrade is complete. There should only be some minor issues I need to work through now that shouldn’t disrupt the blog much, if at all.
We’re going to need to do some maintenance to our Firewall/Router/Access Point. I need to to upgrade the firmware due to some issue unrelated to the blog. We may be down for a brief period of time. I am becoming less convinced that dd-wrt is robust and bug free enough for critical work. It’s certainly good for a consumer unit, but I think it’s rather appalling that I have to reset the whole unit to default settings in order to do a flash upgrade, and then be forced to manually re-enter everything. I’m thinking of ordering one of these and putting a MiniPCI WiFi card in it. I’ve always been really impressed by pfSense. As open source solutions go, quite capable and reliable. Like any project, they have hiccups and downsides, but generally speaking, it’s gotten the job done for me when it’s come to firewalls for years. But for home I went cheap. The Buffalo WiFi unit I own is pretty high end, but it’s still a consumer unit.
I’ll probably get started as soon as I’m finished dinner. It’ll probably only take me about 10-15 minutes from start to get the blog back online once the flash upgrade is completed, but I may need to reboot from time to time while I work on my other issue. That is, assuming, Murphy isn’t lurking, as he sometimes is.
I’ve used the Watchguard series of firewalls for some time now. A bit pricier than Linksys and such but nowhere near as much as your average Cisco. Easy to maintain and administer and just runs like a diesel engine. For the price, they’re well suited for hefty office and server work.
I’ve used the Watchguard firewalls and like them. But they aren’t any better than pfSense Firewalls, where the software is free.
That’s a rather severe limitation : I’m used to even Netgear’s home/small office routers having the ability to reload settings from a file after an update, and they’re terrible routers otherwise. The surfeit of variations of dd-wrt versions explain it, but that’s still a deal-killer for all but the simplest site configurations, and not an unsolvable problem.
I like Netgear’s enterprise hardware for the most part. For switches they are capable, cheaper than Cisco, and work well. But yes, they don’t make good routers. Their consumer level hardware doesn’t impress me.
Get m0nowall if you’re getting the PC Engines ALIX! Link: http://m0n0.ch/wall/ BSD, web interface and loads of high ens features.
I haven’t reboot mine in years. You can save the config as an XML file for backup. You can upgrade the CF card without losing you settings. It’s been around a lot longer than dd-wrt.
pfSense is a fork of m0n0wall. I’ve found pfSense to be a bit more refined.
I’ve found previous-generation Cisco gear to be the best bang-for-buck in terms of uptime and manageability.
At home, I’ve got a Cisco 1841, 3x 1231AG Ap’s, and a 3524XL switch. All of it set me back less than $150, and I haven’t had to reboot since I installed it over 18 months ago.
I have a few virtual instances of pfsense running at the office under ESX. It’s a great solution for virtual networks running on virtual hardware. I was disappointed with it when running it on genuine hardware, however.
I also agree that DD-WRT, while an excellent consumer product, has no business in any high-uptime environment.
“It’ll probably only take me about 10-15 minutes from start to get the blog back online once the flash upgrade is completed, but I may need to reboot from time to time while I work on my other issue. That is, assuming, Murphy isn’t lurking, as he sometimes is.”
Ain’t that the truth. At work, I was a graceful Einstein. Doing the same work at home for myself, I often resembled Quasimodo climbing the bell tower.
Patience is the key.
While pfSense is very nice, if you have to do Linux netfilter firewall setup as well I prefer to have only one set of things to remember (granted, I’m primarily a programmer, just do the minimum sysadmin necessary for my projects; if you’re a pro it would make sense to use both for defense in depth).
For that I’ve found alpinelinux to be very good along with a fresh copy of Shorewall (a Linux firewall compiler). I’ve got one in production for a friend running on a Supermicro Intel Atom Mini-ITX machine at a co-lo.
Times like this I wish I didn’t have to use Verizon’s router to ensure my tv works.