Date: Wed, 21 Jul 2004 14:38:27 -0400 (EDT) From: "Steve Bertrand" <iaccounts@ibctech.ca> To: "Paul Hillen" <PHILLEN@NFM.NET> Cc: freebsd-questions@freebsd.org Subject: RE: Firewall, OpenVPN and Squid question Message-ID: <2957.209.167.16.15.1090435107.squirrel@209.167.16.15> In-Reply-To: <2D5D66504FBF4E4FB3A199F121C862382D08E0@exch1.nfmwe.com> References: <2D5D66504FBF4E4FB3A199F121C862382D08E0@exch1.nfmwe.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have around 100 users at our site that would require the use of squid, > we > house are own webserver, mail server, public DNS servers in the DMZ and 2 > private DNS servers on the internal network, used by both Internal and VPN > users. > > Sites connecting Gateway to Gateway, there are apprx as follows; > Site 1 - 25 users > Site 2 - 5 users > Site 3 - 12 users > Our site VPN users are Apprx 25, and about 50% of them are connected at > any > given time. > > My first thought is to put up a Firewall box that can the load of > publishing > many internal boxes and "publish" a box with OpenVPN and another for SQUID > and just keep them all separate. > > Will this setup put to much strain on the FIREWALL box or will it have no > problem handling the NAT/ROUTING in this configuration. I'll go as far as to say that it should have no problem. At the ISP I am currently working full time for, we recently deployed an ipfw bridge configured firewall (internally) to protect our core servers from improper access. There's 8 servers in all (mail, web, mysql, ftp, radius, ssh and dns). We have about 6000 users, and the FBSD firewall never ever hiccup'ed. I could even run tcpdump for hours, and it would rarely ever drop even a single packet. Sounds like a good setup you are planning. I would set it up, implement it (with the old setup on standby), and if you find performance problems, pull the drive out of the P3 and do as you say, go on a 'spending spree', and put the drive directly into a p4 with a gig of memory, and drop it back in place. Please note that natd is NOT running on the ISP firewall, but on the other such setup it is, and I"ve never seen any performance problems at all. Steve >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2957.209.167.16.15.1090435107.squirrel>