|
I have a 15 year old son that loves technology and is starting to get into *nix systems and network. I figure its a great time to let him set up and configure a firewall/router box and play with his own network. So far I set up PFSense 2.2 beta on a dual core Atom build and let him go hog wild. Thing is Pfsense is based on BSD and I think it would be a good idea to get him used to the Linux side of routing and firewalling. Recommendations? Of course I could have him load a distro from scratch too and build the stuff from scratch.. but I don't think anyone does that anymore.
|
#
?
Jul 27, 2014 19:20
|
|
|
|
| # ? Apr 29, 2024 16:05 |
|
|
Untangle is pretty good, and ubuntu based, it has a free version as well as trial to enterprise features. https://www.untangle.com/ it can install as a virtual appliance or on bare metal.
|
|
#
?
Jul 27, 2014 19:53
|
|
|
Dilbert As gently caress posted:Untangle is pretty good, and ubuntu based, it has a free version as well as trial to enterprise features. Not bad looking at all. Will give it a try. Thanks. [edit] So.. most advanced stuff is paid only. redeyes fucked around with this message at 01:04 on Jul 28, 2014 |
|
#
?
Jul 27, 2014 21:00
|
|
|
redeyes posted:Not bad looking at all. Will give it a try. Thanks. No, it isn't paid only, but it's really broad. What does he want to do? If he's really into it, gently caress *nix and use a juniper or gns3 network. Anything else, please say what you actually want. I'm a Linux developer, and you have options, but what you said is frankly too generic to give suggestions
|
|
#
?
Jul 28, 2014 02:20
|
|
|
redeyes posted:Not bad looking at all. Will give it a try. Thanks. The software allows for free trials, and offers a lot of the features have a "lite" mode.
|
|
#
?
Jul 28, 2014 05:21
|
|
|
TLDR; Buy a used Cisco router and switch and start studying for the CCNA. I'd seriously consider a Cisco router and switch bought off of ebay. Get as new of a model as you can with the latest code as is financially feasible. With one router and switch you can do a lot! No-one in the industry uses homebrew linux network gear. It's cool and *nix knowledge is invaluable for a career in IT. Once he learns Cisco he can take that fundamental networking knowledge and apply it to anything else. The commands will be different but the concepts are the same. None of the vendors really do anything different, it's all packaging and configuration differences. Learn Cisco it's the most common denominator. Once he gets layers 1-3 down, then start looking at firewalls, WAN (BGP) and other protocols. Basically set him up to study for the CCNA, If he can get that far, there are a ton of great jobs out there for him. I got my CCNA about 10 years ago and am very successfully employed as a network engineer. OSI layers, IP's, MAC's, don't change and wont change, IPV6 is fundamentally the same as IPV4, just larger. Callel fucked around with this message at 17:14 on Jul 29, 2014 |
|
#
?
Jul 29, 2014 17:10
|
|
|
I was going to mention m0n0wall but PFSense is based off it so they pretty much go hand-in-hand. MikroTik (SA thread) seems to be fairly popular as well but I don't know much about it. I think there's something to be said about firing up a fresh linux or *BSD box, enabling IPF or IPTABLES and doing everything by hand. I've found that it helps immensely when you're trying to troubleshoot if something goes wrong or the GUI isn't working for whatever reason and you need to add a firewall rule asap.
|
|
#
?
Jul 29, 2014 17:58
|
|
|
redeyes posted:Thing is Pfsense is based on BSD and I think it would be a good idea to get him used to the Linux side of routing and firewalling. Recommendations? pfSense is fine, but Linux vs BSD has nothing to do with it. All these appliances hide the underlying utilities anyway. What you need to do is teach him the concepts. Broadcast domains, collision domains, ARP, MAC addresses, IPv4 headers, how to read packet dumps, what are routing protocols and how do they work, 3-way handshakes, how to properly read a traceroute, MTU, PMTU and why blocking pings is bad, what are VLANs, etc etc etc redeyes posted:Of course I could have him load a distro from scratch too and build the stuff from scratch.. but I don't think anyone does that anymore. I wouldn't suggest that to anyone these days. The utilities are constantly changing. He's better off understanding the real concepts so he can apply them anywhere. edit: I have a Juniper J2320 I'm willing to sell if you want to PM me. He can play with some real gear. It's aging, but it's been rehashed as Juniper SRX and runs the same software and has the exact same features. feld fucked around with this message at 23:05 on Jul 29, 2014 |
|
#
?
Jul 29, 2014 23:00
|
|
|
Helushune posted:I was going to mention m0n0wall but PFSense is based off it so they pretty much go hand-in-hand. MikroTik (SA thread) seems to be fairly popular as well but I don't know much about it. I think there's something to be said about firing up a fresh linux or *BSD box, enabling IPF or IPTABLES and doing everything by hand. I've found that it helps immensely when you're trying to troubleshoot if something goes wrong or the GUI isn't working for whatever reason and you need to add a firewall rule asap. I'd agree, though that "something" is mostly fumbling through Google looking for the right syntax to do something for some concept you barely understand instead of learning it. It's 2014. Use something that doesn't get in your way or designed for it (Cisco/Juniper kit, virtualized or otherwise). No need to do it the hard way. Learn that part once you have a the concepts down pat, especially since you still have to touch sysctls for some stuff. Honestly, what does he want to learn? Because "networking" is a little too broad. And if it is just "networking", buy a ccna lab off Craigslist, get a study guide, and go from there. If it's "stuff on the network (webservers, DNS, etc)", you'll need a different tack.
|
|
#
?
Jul 29, 2014 23:34
|
|
|
|
| # ? Apr 29, 2024 16:05 |
|
|
Mikrotik is a bitch to learn at first, but the cheap price point of their routers (180$ for a 24port gigabit layer 3 switch yase) makes up for it. Especially in most work environments now where price trumps quality for network deployment-- knowing Mikrotik can be a real good skill to know.
|
|
#
?
Jul 30, 2014 06:24
|
|
