Date: Fri, 16 Nov 2001 23:27:12 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "Andrew C. Hornback" <achornback@worldnet.att.net>, "Ted Mittelstaedt" <tedm@toybox.placo.com>, "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: DSL PPPoE with 2 NICs Message-ID: <00ce01c16eed$da3a1a70$0a00000a@atkielski.com> References: <001d01c16ee4$4360c9e0$6600000a@ach.domain>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew writes: > If the router itself is configured securely, you > don't need to worry about this. If the router doesn't allow access from the WAN side at all (at least by default), I don't need to care. > After all, isn't it possible to restrict firmwares > to a specific IP, subnet or secure account? I'll > admit that my IOS knowledge is lacking, but I figure > that if this isn't possible, Cisco needs to get on > the ball. I don't know. My budget doesn't stretch to Cisco, especially after the 300% mark-up that I'm likely to pay if I buy the equipment here in France (if I can even find it). > I hate to say this, but I think you'll be eating > those words when LinkSys or whoever manufacturered > your router comes out with a firmware upgrade for > security reasons. I've already updated the firmware once, just to be up to date. It took about thirty seconds. > As for FreeBSD, if there's a security issue, you > can bet that there are people working on the problem > as soon as they learn about it. It's a matter of > support... It's not a good idea to bring up support with respect to free software. If a company needs support, it has to buy proprietary software, or pay for a separate support contract. There's no hotline to call if your FreeBSD system crashes at 3 AM. With Windows or HP-UX or something, you can get support immediately, for a price. > If the ease of update is the only thing you're > basing your decision on... maybe it is a reason > to buy the Cisco model. Agreed. But with a tiny LAN, that is unlikely to be a criterion of choice. > And you've tried to configure VPN on a FreeBSD > machine? I don't remember seeing any questions > about that... Yes, I got PPTP working just fine. The only problem was that I couldn't get the machine to act as a gateway, and I couldn't find out what to change to make it behave as one. After flailing around looking for documentation somewhere, I finally gave up and just bought a router. In ten minutes, the problem was solved, and I'm not putting any extra load on my FreeBSD system, either. > Quite right... there's no need to try to optimize > your network performance. It depends on how heavily your network is used. I have two machines with 100 Mbps between them; optimization isn't a high priority. > Are you going to be running syslog on every machine > and have the router reporting to each one of them > simply to ensure that you get the message when > your link dies? Every machine? How many do I need? Incidentally, I couldn't get the syslog thing to work with the router. I'm not sure why. > Now you're saying that simply because we can do > something, we don't need to do it? No, I'm saying that the ability to do something is not synonymous with the necessity of doing it. > Unsupported? Yes, unsupported. One of the huge obstacles to running any open-source software is the total lack of reliable support. Yes, I know that lots of volunteers provide support, but they aren't required to do so, and they don't guarantee response times, and there is no central pool of experts or hotline to reach them. When you are running in a production environment, this lack of support can kill the deal. This is why so many organizations continue to pay big bucks for Windows and other proprietary solutions instead of installing free software like FreeBSD. When Windows crashes, you can pick up the phone and get help. Yes, it's expensive, but at least it _exists_. With free software, you're out of luck. A single urgent problem can completely obliterate years of savings accumulated through the use of free software. In fact, a single urgent problem with no emergency support can put a company under real fast. > Hmm, seems to me that if FreeBSD doesn't meet your > criteria for being supported, you may have chosen > the wrong OS. I'm not running a corporate network in my house. The cost advantage of FreeBSD outweighs the inconvenience of inadequate emergency support. If I were running a multi-megabuck mission-critical application, though, I'd be very nervous about relying on FreeBSD--not because there is anything inherently unreliable about it (it seems quite solid to me), but because there is no place to go if I need support _right now_. > Not to mention the fact that so did Yahoo, Hotmail, > etc, etc. *shakes his head* Those companies can afford to hire full-time geeks who can fix problems themselves, given the source code. But people like that cost a small fortune, and smaller companies, as well as non-IT companies, usually can't justify the cost of hiring that sort of person. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ce01c16eed$da3a1a70$0a00000a>