Date: Sun, 29 Apr 2007 15:49:51 -0400 From: Gary Corcoran <gcorcoran@rcn.com> To: Julian Elischer <julian@elischer.org> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-net@freebsd.org, Jack Barnett <jackbarnett@gmail.com> Subject: Re: Firewall Message-ID: <4634F6DF.40701@rcn.com> In-Reply-To: <4634F0B0.5060007@elischer.org> References: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com> <20070429112838.GH848@turion.vk2pj.dyndns.org> <4634F0B0.5060007@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > Peter Jeremy wrote: >> On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett@gmail.com> >> wrote: >>> I plan on using NAT so both internal networks can get to the internets. >>> >>> In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, >>> IPFILTER and PF (BF?). I just need to do basic filtering and just a >>> few >>> port forwards. Nothing to fancy. Which one would be recommended? >> >> Basically any of them will do what you want. The major differences are: >> - IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland. > > though that is just fine for your average DSL link.. it is in kernel in 7.0 It is also just fine on a fast cable modem. I ran for several years with a low speed cable modem, around 1.5 - 2 Mbps, using nothing more than a 90MHz Pentium, with IPFW and NAT. Gary > >> - IPfilter is the most portable. >> - PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in >> userland. >> >> Userland NAT or proxies incur significantly higher overheads than >> in-kernel equivalents (because the packets have to cross the >> kernel/userland barrier twice). This may be an issue if you have a >> very fast Internet connection and an underpowered firewall. >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4634F6DF.40701>