From owner-freebsd-stable@FreeBSD.ORG Thu Jan 29 23:09:56 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADD03106564A for ; Thu, 29 Jan 2009 23:09:56 +0000 (UTC) (envelope-from chris#@1command.com) Received: from mail.1command.com (mail.1command.com [75.160.109.226]) by mx1.freebsd.org (Postfix) with ESMTP id 61D708FC26 for ; Thu, 29 Jan 2009 23:09:56 +0000 (UTC) (envelope-from chris#@1command.com) Received: from mail.1command.com (localhost.1command.com [127.0.0.1]) by mail.1command.com (8.13.3/8.13.3) with ESMTP id n0TN9llL095742; Thu, 29 Jan 2009 15:09:53 -0800 (PST) (envelope-from chris#@1command.com) Received: (from www@localhost) by mail.1command.com (8.13.3/8.13.3/Submit) id n0TN9lC7095741; Thu, 29 Jan 2009 15:09:47 -0800 (PST) (envelope-from chris#@1command.com) Received: from hitme.hitometer.net (hitme.hitometer.net [75.160.109.235]) by webmail.1command.com (H.R. Communications Messaging System) with HTTP; Thu, 29 Jan 2009 15:09:46 -0800 Message-ID: <20090129150946.8kkcd8e34c8840ws@webmail.1command.com> X-Priority: 3 (Normal) Date: Thu, 29 Jan 2009 15:09:46 -0800 From: Chris H To: freebsd-stable@freebsd.org References: <20090129015034.7dxisep21w04gksg@webmail.1command.com> <0bca01c98202$a6124350$f236c9f0$@co.uk> <20090129051522.a92df0myf44gsko4@webmail.1command.com> <62b856460901290538x5d857f08ka3b2ffb5a7aa8e7f@mail.gmail.com> <20090129060243.adauuua9eokcsos8@webmail.1command.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: H.R. Communications Internet Messaging System (HCIMS) 4.1 Professional (not for redistribution) / UNIX Cc: Chris Peterson Subject: Re: Replace Cisco IOS/CBOS with freebsd - possible? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2009 23:09:58 -0000 Hello, and thank you for your reply. Quoting Chris Peterson : > Pfsense sounds like exactly what you're looking for. It's a stripped > down freeBSD Don't get me wrong, I think pfSense goes a long way to my intended goal - not the least of which, is pfDNS. I haven't written it off by any means. > with a fancy web interface (well, not too fancy, To be honest - the first thing I'd do, is strip the (any) GUI stuff out. I have no issue with opening a terminal shell via cu - tip(1). In fact, for security reasons, I'd prefer to insure that the only access available is over a serial port (local). Not to mention the size/space savings gains. :) > it's been incredibly stable for me). I've deployed it a couple times > in pseudo production environments and it's been holding up well for > the last 1.5years+. > > You can also check out > http://www.netgate.com/product_info.php?cPath=60_84&products_id=492 > for a nice PIX-sized chasis for pfsense if you need a small box. Looks intriguing. The only real advantage I see here, would be the amount of ram available. The 837 I propose to use, only supports 64Mb. Thanks again for your infoamative response. --Chris > > On Jan 29, 2009, at 6:02 AM, Chris H wrote: > >> Hello, and thank you for your reply. >> >> Quoting Michael Grant : >> >>> On Thu, Jan 29, 2009 at 2:15 PM, Chris H wrote: >>>> Hello, and thank you for your reply. >>>> >>>> While it's not /exactly/ what I was looking for - it's close. :) >>>> The "filtering" capability is my biggest gripe on the Cisco >>>> *DSL products. They're just not as /capable/ as is offered in >>>> FBSD. DNS is another plus (pfDNS). But I don't think I'd be >>>> modify pfDNS to accomodate BIND, or unbound. Although tinydns >>>> might be able to fit the bill. Oh well, it's close - thanks >>>> for the pointer. :) >>> >>> You can run iptables on openwrt. >> >> Actually, I was thinking more along the lines of pf(4). I think it's >> more efficient - especially combined with all the network tuning that >> has been done recently by Robert Watson, John Baldwin, Mohan Srinivasan, >> Peter Wemm, and others. Another reason I'm so inclined to be FBSD centric >> on this. :) >> >>> You can compile most anything for >>> it, you're only limited by it's memory and cpu. I'm not familiar with >>> pfDNS. But if it runs on freebsd, it probably can be made to run on >>> openwrt as well. >> >> Indeed, it's running a FreeBSD base. But like you said; CPU, and Memory >> are the only boundries here. Will need to do more research to compare >> limits against a /desired/ install base. >> >> Thanks again for the reply. >> >> --Chris >> >>> >>> Michael >>> >> >> >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org " > >