From owner-freebsd-questions@FreeBSD.ORG Thu Jan 4 22:52:07 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 31C0116A403 for ; Thu, 4 Jan 2007 22:52:07 +0000 (UTC) (envelope-from jjongsma@tradersmedia.com) Received: from mx1.tradersmedia.com (mx1.tradersmedia.com [216.64.202.22]) by mx1.freebsd.org (Postfix) with ESMTP id F0F9E13C43E for ; Thu, 4 Jan 2007 22:52:06 +0000 (UTC) (envelope-from jjongsma@tradersmedia.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx1.tradersmedia.com (Postfix) with ESMTP id 0013E57A5F; Thu, 4 Jan 2007 16:30:45 -0600 (CST) Received: from mx1.tradersmedia.com ([127.0.0.1]) by localhost (mail.tradersmedia.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06311-04; Thu, 4 Jan 2007 16:30:42 -0600 (CST) Received: from [10.2.2.43] (unknown [69.211.177.8]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mx1.tradersmedia.com (Postfix) with ESMTP id CCD7757A5E; Thu, 4 Jan 2007 16:30:42 -0600 (CST) From: Jeremy Jongsma To: Brett Davidson In-Reply-To: <60224D09909C0B43A50935A0893D8FF31DA2DC@srv.exchange.net24.net.nz> References: <60224D09909C0B43A50935A0893D8FF31DA2DC@srv.exchange.net24.net.nz> Organization: Traders Media Date: Thu, 04 Jan 2007 16:30:42 -0600 Message-Id: <1167949842.19629.8.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.8.1 X-Virus-Scanned: amavisd-new at tradersmedia.com Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: questions@freebsd.org Subject: Re: Advice on which FreeBSD firewall package to choose. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2007 22:52:07 -0000 I can't speak to the advantages or disadvantages of each of those options, but from other lists I get the sense the pf is the best option out there. If you want something quick to setup, pfSense and m0n0wall are prebuilt firewall packages based on FreeBSD that will do exactly what you're looking for. pfSense uses pf and ALTQ, m0n0wall uses ipfw and ipfilter. http://m0n0.ch/wall/ http://www.pfsense.com/ We use redundant 5-port pfSense boxes for our firewall - works quite well. -j On Fri, 2007-01-05 at 10:25 +1300, Brett Davidson wrote: > Before I start, I'm familiar with IPTables from Linux but am wanting to > use FreeBSD as a firewalling router after seeing it in action on a > heavily-loaded webserver. I like the efficiency of the TCP stack. > > Upon reading the handbook I found that I can have my choice of three > firewalls; pf, iptables and ipfw. > > What would be the most useful (and easiest) package to use given the > following scenario: > > A FreeBSD router comprising of four physical interfaces - > Eth0 is the outside 10Mbyte/s cable connection to the Internet. > Eth1 is a 100Mbit DMZ housing a webserver. > Eth2 is a 100Mb DMZ housing a 802.11g Wireless Access Router. > (My normal preference is to isolate Wireless LANs from physical > LANS). > Eth3 is the inside LAN. > > Software-based VPN connections out from both the Inside LAN and Wireless > DMZ are required. (Allowing VPN tunnels through the firewall; not > tunnels terminated at the firewall). > > Against prudence, they wish to allow torrent connections to the inside > lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The > torrent and ICQ connections will need to be bandwidth-managed so that is > a major consideration for the choice of which firewall to use. Is there > an equivalent to HTB on FreeBSD? > > I look forward to your answers... > > Regards, > Brett. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" tradersmedia Jeremy Jongsma Director of Bits & Bytes p 312.386.1130 x221 | f 312.386.1263 | c 312.399.4513 e jjongsma@tradersmedia.com