I have been playing with both Zentyal and ClearOS on a test system Intel 810e with Celeron 1200T.
As a n00b and because there will be many n00bs after me, I want to share my first impressions.
I may be wrong at some points, please correct me if so.
First thing I noticed was that Zentyal requires a very powerful machine, even as a simple gateway it practically doesn't run on my old test box.
Based on Ubuntu it is not my first choice. Like RH/CentOS better for stability reasons. Not that Zentyal isn't stable, although very slow it ran without problems.
A false assumption is that Zentyal can limit bandwidth with transparent proxy enabled: It cannot (most of them cannot, even Astaro cannot do it), well not without some extra rules.
The devs found a workaround by using Squid delay pools, but you have to add two rules: One in the shaper and one in the proxy section.
Besides that, limiting upload is practically impossible, only when using a all-all rule we can do some upload shaping but as you understand that doesn't suit any purpose.
For that matter, the bandwidth limiter on COS is way simpler and more effective, but of course no transparent proxy. That's for me the ugliest part of Zentyal, but more on that later.
The good (or even excellent) part of Zentyal are the "Network objects".
These are groups of IP ranges, users or machines that can be assigned a single name. Those objects can be used later with different modules, this is an enormous advantage that speeds up the further configuration task.
Even better, those network objects give you the option to assign IP address and optional MAC address. When both IP and MAC are entered, it works as a MAC-IP binding and you can use it to allow or deny users on the FW, if you delete the default accept-all rule.
I really miss these networks objects with IP-MAC binding on COS, i had to resort to custom FW rules after installing the module.
Other good part of Zentyal is the desktop with browser on the server. It is possible to do some browsing and even installing some apps.
I never got a desktop on COS, upon first boot my old Compaq MV520 monitor didn't support the frequency and went out of sync. Had to do further config from a remote web browser.
On the server I can, at most, bring up a console.
That's another advantage with Zentyal because I definitely need to do some occasional browsing on the server.
At last I looked at the QoS (shaper) of Zentyal and it was easy to follow and setup. Do not ever use application based rules though, with 50 or so users it's way to heavy even for a quad core machine.
ClearOS also has an unbeatable future: The FlexShares. That's something I will certainly miss on Zentyal.
In short, from what I've seen in one week of n00bing around the various Linux distro's is this:
Zentyal wins in functionality and features, but is heavy on resources.
ClearOS is more polished and feels more solid. Runs fantastic on old hardware.
If COS can offer me the same functionality as Zentyal, I'll stick with COS.
So what about bandwidth control and transparent proxy at the same time?
Of all the distro's I tested, not a single one could do this in an efficient way.
So you have to make a decision: Drop either the transparent proxy or the bandwidth limiting.
Choosing between the two was not easy, but I finally changed my view on the limiting issue when I read the stance of someone over at Astaro Germany:
....although you can use the Astaro QoS to limit bandwidth, that's not the way to think about it if you want to get the most benefit from it.
The central concept of Astaro is to leave the pipe wide open to everything, but to guarantee certain traffic priority if needed. Why limit uploads by FTP if they aren't preventing other users from browsing?
When I finally got a better understanding of how bandwidth limiting works, it became clear that it isn't all that efficient.
Limiting bandwidth consist in dropping packages, which will have to be re-transmitted. This results in increased latency, so what we are trying to achieve can actually have the opposite effect!
I now believe the correct way of doing things is QoS.
Giving priority to certain types of traffic like streaming video, voip and browsing is way better than just put the brakes on everything.
At this point I have setup Zentyal with Squid Delay pools using class-1, limiting only large http downloads (25MB at full speed, after that throttled).
QoS port based, http/voip/streaming high priority, lowest prio and limit on ports used by p2p apps.
My goal is to offer the best possible Internet experience to the users. The right QoS setup will help us more than just plane BW limiting.
I hope more people share their views, in the end we all benefit from it.