From owner-freebsd-questions@FreeBSD.ORG Fri Sep 5 13:12:28 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 005A816A4BF for ; Fri, 5 Sep 2003 13:12:28 -0700 (PDT) Received: from merle.it.northwestern.edu (merle.it.northwestern.edu [129.105.16.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1168C43FE1 for ; Fri, 5 Sep 2003 13:12:27 -0700 (PDT) (envelope-from r-militante@northwestern.edu) Received: (from mailnull@localhost) by merle.it.northwestern.edu (8.12.9/8.12.9) id h85KCQ0Q000112 for ; Fri, 5 Sep 2003 15:12:26 -0500 (CDT) Received: from merle.it.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.51.23]) by merle.it.northwestern.edu via smap (V2.0) id xma029550; Fri, 5 Sep 03 15:12:12 -0500 Date: Fri, 5 Sep 2003 15:03:18 -0500 From: Redmond Militante To: freebsd-questions@freebsd.org Message-ID: <20030905200318.GJ65035@darkpossum> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="MzdA25v054BPvyZa" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=1 X-DSA-and-ElGamal-Fingerprint: 2AA2 E78E A6FC 9144 3534 39A2 EE0F 8D26 5FDF 481D Subject: ipfilter vs. firewall appliance X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Redmond Militante List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2003 20:12:28 -0000 --MzdA25v054BPvyZa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hi i have an ipfilter/ipnat box, that i'm using to protect an apache webserver. the machine is 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #1: Mon Aug 11 18:27:0= 6 CDT 2003. the machine is a dell optiplex gx260 Intel(R) Pentium(R) 4 CPU 2.40G= Hz 512 mb of ram. it's been doing a fine job. i'd like to get extra nics for this machine and stick additional servers, s= uch as our win2k domain controllers, and a mysql box, possibly more, behind= the firewall/nat. =20 i wanted to ask - for a firewall/nat that would potentially be protecting m= ultiple production machines, is ipfilter's performance comparable to produc= tion firewall appliances and software such as netscreen and symantec firewa= ll? i'm the only unix person where i work, and sometimes it's hard to get proje= cts green lighted when a) i'm the only one on staff who knows the technolog= y and b) it probably seems hard to believe to windows admins that a little = pentium3 box with 2 nic cards and hand written firewall rules can do the sa= me thing as an appliance that some companies are charging tens of thousands= of dollars for. i'd like to be able to present a case to my employers - that the ipfilter/i= pnat box that i set up would be able to provide the performance of commerci= al firewall solutions, and was wondering if anyone knows of any benchmarks/= reviews/etc. that i can cite. any comments welcome thanks as always redmond --=20 FreeBSD 5.1-RELEASE-p2 FreeBSD 5.1-RELEASE-p2 #0: Thu Aug 28 12:42:04 CDT 2= 003 2:45PM up 8 days, 1:42, 1 user, load averages: 0.73, 0.23, 0.13 =20 "You should, without hesitation, pound your typewriter into a plowshare, your paper into fertilizer, and enter agriculture." -- Business Professor, University of Georgia =20 --MzdA25v054BPvyZa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/WOwG7g+NJl/fSB0RAligAKDLARifPPJLzt7oDN4OtIZV94NsiQCgv754 nTbHxq1mBKOUL2Wp1NxrOcE= =WCsg -----END PGP SIGNATURE----- --MzdA25v054BPvyZa--