Date: Sat, 17 Nov 2001 08:43:43 -0600 From: "John Brooks" <john@day-light.com> To: "'Fabrizio Ravazzini'" <freefabri@yahoo.it> Cc: <freebsd-isp@freebsd.org>, <freebsd-cluster@freebsd.org> Subject: RE: natd/ipfw VS ipnat/ipf Message-ID: <000601c16f76$5b8bd7c0$1505010a@daylight.net> In-Reply-To: <20011117084719.96349.qmail@web20105.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
That's a question I best leave for those more knowledgable than me. ;-) -- John Brooks Email: john@stlbsd.org -----Original Message----- From: Fabrizio Ravazzini [mailto:freefabri@yahoo.it] Sent: Saturday, November 17, 2001 2:47 AM To: john@day-light.com Cc: freebsd-isp@freebsd.org; freebsd-cluster@freebsd.org Subject: RE: natd/ipfw VS ipnat/ipf Thanks for the reply,in you opinion is there a way to make my firewall/nat clusterized? For example, if one machine goes down another takes the service? I looked at balance.soundforge.net & vqalive (inter7.com) but I'm afraid of security issues of that two software. I'm asking because we are building only one machine as nat/fw and If this one goes down for any reason, it will be a complete "blackout" for our two lan. Any suggestions? best regards Fabrizio --- John Brooks <john@day-light.com> ha scritto: > In my opinion a hardened OpenBSD firewall would be > more secure. Speed is > dependent upon many factors: hardware, kernel > recompile, rulesets, etc. > I use only FreeBSD on all of my clients servers, > likewise I only use > OpenBSD for firewalls (of which I'm building 4 in > the next week or so). > A firewall should be a single purpose dedicated > machine stripped of all > software not directly required for that purpose. > Take a look at > http://geodsoft.com/howto/harden/ > > Hope that helps... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Friday, November 16, 2001 2:44 AM > To: freebsd-isp@freebsd.org > Subject: natd/ipfw VS ipnat/ipf > > > Hello,we've done a Nat/firewall between our > 2 Lan and the Internet with natd & ipfw. > We've read somewhere that we can do the same thing > using ipnat & ipfilter (as is in openbsd), the > question is, why someone did so? is ipnat/ipf > faster than natd/ipfw ? or also ipf more "secure" > than ipfw? > We question this because our 2 Lan are composed of > about 200 machines, so some extra speed would be > appreciated. > thanks > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ > | |________LAN2 192.168.1.x > | > LAN1 > 10.0.0.x > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocitą, e senza limiti > di tempo! > Per saperne di pił vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-cluster" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c16f76$5b8bd7c0$1505010a>