From owner-freebsd-cluster Sat Nov 17 0:47:34 2001 Delivered-To: freebsd-cluster@freebsd.org Received: from web20105.mail.yahoo.com (web20105.mail.yahoo.com [216.136.226.42]) by hub.freebsd.org (Postfix) with SMTP id 0F92937B417 for ; Sat, 17 Nov 2001 00:47:20 -0800 (PST) Message-ID: <20011117084719.96349.qmail@web20105.mail.yahoo.com> Received: from [62.11.70.64] by web20105.mail.yahoo.com via HTTP; Sat, 17 Nov 2001 09:47:19 CET Date: Sat, 17 Nov 2001 09:47:19 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: natd/ipfw VS ipnat/ipf To: john@day-light.com Cc: freebsd-isp@freebsd.org, freebsd-cluster@freebsd.org In-Reply-To: <000401c16eaa$56275b00$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-cluster@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks for the reply,in you opinion is there a way to make my firewall/nat clusterized? For example, if one machine goes down another takes the service? I looked at balance.soundforge.net & vqalive (inter7.com) but I'm afraid of security issues of that two software. I'm asking because we are building only one machine as nat/fw and If this one goes down for any reason, it will be a complete "blackout" for our two lan. Any suggestions? best regards Fabrizio --- John Brooks ha scritto: > In my opinion a hardened OpenBSD firewall would be > more secure. Speed is > dependent upon many factors: hardware, kernel > recompile, rulesets, etc. > I use only FreeBSD on all of my clients servers, > likewise I only use > OpenBSD for firewalls (of which I'm building 4 in > the next week or so). > A firewall should be a single purpose dedicated > machine stripped of all > software not directly required for that purpose. > Take a look at > http://geodsoft.com/howto/harden/ > > Hope that helps... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Friday, November 16, 2001 2:44 AM > To: freebsd-isp@freebsd.org > Subject: natd/ipfw VS ipnat/ipf > > > Hello,we've done a Nat/firewall between our > 2 Lan and the Internet with natd & ipfw. > We've read somewhere that we can do the same thing > using ipnat & ipfilter (as is in openbsd), the > question is, why someone did so? is ipnat/ipf > faster than natd/ipfw ? or also ipf more "secure" > than ipfw? > We question this because our 2 Lan are composed of > about 200 machines, so some extra speed would be > appreciated. > thanks > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ > | |________LAN2 192.168.1.x > | > LAN1 > 10.0.0.x > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocitą, e senza limiti > di tempo! > Per saperne di pił vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-cluster" in the body of the message From owner-freebsd-cluster Sat Nov 17 6:44:40 2001 Delivered-To: freebsd-cluster@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id E756437B41A; Sat, 17 Nov 2001 06:44:21 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id 84F8643E52; Sat, 17 Nov 2001 08:44:19 -0600 (CST) Reply-To: From: "John Brooks" To: "'Fabrizio Ravazzini'" Cc: , Subject: RE: natd/ipfw VS ipnat/ipf Date: Sat, 17 Nov 2001 08:43:43 -0600 Message-ID: <000601c16f76$5b8bd7c0$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 In-Reply-To: <20011117084719.96349.qmail@web20105.mail.yahoo.com> Importance: Normal Sender: owner-freebsd-cluster@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That's a question I best leave for those more knowledgable than me. ;-) -- John Brooks Email: john@stlbsd.org -----Original Message----- From: Fabrizio Ravazzini [mailto:freefabri@yahoo.it] Sent: Saturday, November 17, 2001 2:47 AM To: john@day-light.com Cc: freebsd-isp@freebsd.org; freebsd-cluster@freebsd.org Subject: RE: natd/ipfw VS ipnat/ipf Thanks for the reply,in you opinion is there a way to make my firewall/nat clusterized? For example, if one machine goes down another takes the service? I looked at balance.soundforge.net & vqalive (inter7.com) but I'm afraid of security issues of that two software. I'm asking because we are building only one machine as nat/fw and If this one goes down for any reason, it will be a complete "blackout" for our two lan. Any suggestions? best regards Fabrizio --- John Brooks ha scritto: > In my opinion a hardened OpenBSD firewall would be > more secure. Speed is > dependent upon many factors: hardware, kernel > recompile, rulesets, etc. > I use only FreeBSD on all of my clients servers, > likewise I only use > OpenBSD for firewalls (of which I'm building 4 in > the next week or so). > A firewall should be a single purpose dedicated > machine stripped of all > software not directly required for that purpose. > Take a look at > http://geodsoft.com/howto/harden/ > > Hope that helps... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Friday, November 16, 2001 2:44 AM > To: freebsd-isp@freebsd.org > Subject: natd/ipfw VS ipnat/ipf > > > Hello,we've done a Nat/firewall between our > 2 Lan and the Internet with natd & ipfw. > We've read somewhere that we can do the same thing > using ipnat & ipfilter (as is in openbsd), the > question is, why someone did so? is ipnat/ipf > faster than natd/ipfw ? or also ipf more "secure" > than ipfw? > We question this because our 2 Lan are composed of > about 200 machines, so some extra speed would be > appreciated. > thanks > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ > | |________LAN2 192.168.1.x > | > LAN1 > 10.0.0.x > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocitą, e senza limiti > di tempo! > Per saperne di pił vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-cluster" in the body of the message