Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
The Linux Virtual Server Project is a project to cluster many real servers together into a highly available, high-performance virtual server. The LVS load balancer handles connections from clients and passes them on the the real servers (so-called Layer 4 switching) and can virtualize almost any TCP or UDP service, like HTTP, HTTPS, NNTP, FTP, DNS, ssh, POP3, IMAP4, SMTP, etc. It is fully transparent to the client accessing the virtual service.
Pure FTP Server is a fast, production quality, standards-conformant FTP server based on Troll-FTPd. It has no known vulnerability, it is trivial to set up, and it is especially designed for modern kernels. Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in 'ls', FXP protocol, anti-warez system, bandwidth throttling, restricted ports for passive downloads, an LDAP backend, XML output, and more.
Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
MCS MyRoute helps diagnose connectivity problems with detailed network routing discovery and analysis, providing visibility to poor-performing networks and devices. It includes a Java applet that enables remote users to easily test connections from the MyRoute server. Essential diagnostic tools including traceroute, ping, reverse DNS, and whois are combined into a single graphical interface that analyzes Internet connections, reporting quick and essential data points for finding connectivity problems. An IP location database identifies the geographical location of IP addresses and Web servers, showing the path of an Internet connection on a global map.
RANCID (Really Awesome New Cisco confIg Differ) collects a router's (or device's) configuration, including software and hardware (cards, serial numbers, etc.), and uses CVS to display differences from a previous collection. It supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, and ADC EZT3 muxes. The Beta version currently includes support for Bay Networks (nortel) routers and Extreme switches. Rancid also includes a lookingglass and the device login scripts may be used to automate a number of tasks.