Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Jun 2005 15:09:11 -0500
From:      "Chad Albert" <Chad.Albert@healthcarefirst.com>
To:        "Khanh Cao Van" <cvkhanh@gmail.com>, "freebsd-questions" <freebsd-questions@freebsd.org>
Subject:   RE: firewall on freebsd
Message-ID:  <433CEE75B1339547BBB373B340665384844421@hfmail01.sgf.healthcarefirst.med>

next in thread | raw e-mail | index | archive | help
I have been using ipfw for quite some time and I love it.  The only
issues I have with it are on the NAT side.  Without a tool to modify the
current nat rules, I can not change them dynamically without editing my
config file then doing something like...
killall -9 natd ; sleep 2 ; /sbin/natd -f /etc/natd.conf &
to reinitialize it.  Also natd is resource intensive.  I have a PII 266
(not exactly a monster) and natd chews up 20-30 percent of my cpu during
the day while nating about 3Mb/sec of traffic.  I am planning on
switching to pf and implementing a load balanced pair of firewalls using
carp and pfsync.  I hope that using an in-kernel nat will help
performance and give me better control while adding/removing rules.

-- Chad


-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Khanh Cao Van
Sent: Friday, June 24, 2005 8:33 AM
To: freebsd-questions
Subject: firewall on freebsd

I'm going to learn about the freebsd firewall . In the handbook list
some of them and I could not find out what is the best . So I decided to
post here hoping to gain some of your opinion and experience .
I would like to know what firewall was the most wanted ? I have used
Linux several months and IP tables was a good statefull firewall .
What about in freeBSD ?

Thank for reading :)
--
----------------------------------
Cao Van Khanh
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?433CEE75B1339547BBB373B340665384844421>