monowall vs pfsense

Question

I'm building a router out of a Mini-ITX pc + compact flash card setup and I'm trying to choose a suitable distro. My criteria are:

Must be able to run from a CF card (so no excessive disk writes)
I'm mostly interested in having a high powered router for the purpose of traffic shaping
That said, I'm also interested in using this to learn more about how routing / networking works (my original plan was to use a basic bare-bones distro like LFS and put the routing software on top myself) so I'm not after a distro that hides the inner workings from me
I'd also like to have SSH

I think I've narrowed it down to two - Monowall and pfSense (pfSense being a fork of Monowall)

Monowall has the advantage of being targetted towards flash cards, wheras pfSense has more of the traffic shaping and other features I'm interested in.

I also understand that they use different mechanisms unerneath the covers, but I cant say I understand that much about the differences to make an informed decision.

Does anyone have any advice / information on either of those (or another alternative I havent yet considered)

Josh Brower · Answer 1 · 2018-05-27T09:53:17.627

"Monowall is first and foremost, a routing platform. Nothing more, nothing less. The distribution comes in two flavors, either for embedded systems or for regular PCs."

"pfSense is a hybrid of sorts, that has multiple sources for it’s major components. It was originally derived from monowall, but uses OpenBSD’s ported Packet Filter, a package management system to provide an integrated extensibility to the platform and Alternate Queuing (ALTQ) from FreeBSD"

From here: A little old, but still current.

score 6 · Accepted Answer · answered Sep 07 '09 at 20:52

I have used Smoothwall for a long time, though I have been watching pfSense with great anticipation. I am kind of sad that third-party development for smoothwall seems to have largely died out since the great 2.0 days... thus I have been watching other products to see where they are going.

pfSense has an embedded version that is perfect for running from flash media. I think you will ultimately be much happier with it than monowall for what you describe as key criteria above, though I think it also is a touch more advanced so it might take a bit more elbow grease on your part to get it where you like it. But the best thing in my opinion, is that pfSense still seems to be a very active project.

score 2 · Answer 3 · answered Sep 07 '10 at 14:29

M0n0wall is good for you:

Has traffic Shapping
Can be installed in CF

Unfortunately, has no ssh and inner-working is a bit hidden - very little in exec.php

You might want to look at Zeroshell from www.zeroshell.net/eng. Has much more

__
M0n0wall Captive Portal logout url - not pop-up window

score 2 · Answer 4 · answered Mar 24 '11 at 09:55

I have been useing pfSense myself without any hitche. I have also been considering trying out MoNowall since ipv6 is implemented from the get-go with it. I have tried load-balancing from both sides and configured ipv6 tunnels. I have installed both to systems, and specialized hardware. I use SSH for managing my box and like that it can do openBGP.

score 1 · Answer 5 · edited Sep 19 '13 at 10:00

1

I tried IPCop, Smoothwall, m0n0wall and finally landed and stuck with pfSense. Extremely good, we are hosting WAN, DMZ, LAN, WLAN and One other without falt.

edited Sep 19 '13 at 10:00

TaXXoR

17

answered Feb 22 '12 at 09:45

Stuart

203

score -1 · Answer 6 · answered Sep 07 '09 at 20:43

Rather than using either of these, I'd use OpenBSD, and PF. It's able to do all the same routing stuff that Monowall or PFsense can do, but it's firewall (pf) is far more capable than the IPfilter monowall uses. You'll have to write rules by hand, but OpenBSD and PF is a wonderful firewall platform, and is more than capable of traffic shaping, using AltQ. It comes with ssh (OpenBSD is responsible for the SSH used with most Unixs these days).

monowall vs pfsense

6 Answers6

Linked