From owner-freebsd-questions@FreeBSD.ORG Tue May 20 21:10:37 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC48437B401 for ; Tue, 20 May 2003 21:10:37 -0700 (PDT) Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7110B43F85 for ; Tue, 20 May 2003 21:10:37 -0700 (PDT) (envelope-from andras@kende.com) Received: from AK ([64.169.116.115]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 HotFix 1.6 (built Oct 18 2002)) with SMTP id <0HF7003BZY9OIH@mta6.snfc21.pbi.net> for freebsd-questions@freebsd.org; Tue, 20 May 2003 21:10:37 -0700 (PDT) Date: Tue, 20 May 2003 21:10:34 -0700 From: Andras Kende To: freebsd-questions@freebsd.org Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Subject: ipfw rules for low-end server?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 May 2003 04:10:38 -0000 Hello All, Have PIII-450, 386Mb FreeBSD 4.8 machine as natd gateway (2 NIC) for around 100 computers. To minimize load on the machine which would be the best options?? Should I use ipfw "dynamic" or "stateful" rules? Also should set to kernel with: option IPFIREWALL_VERBOSE for debugging purposes if needed but disable logging firewall_logging=NO at rc.conf ? I want to allow everything to go out, only 22tcp,80tcp 53udp and 25tcp (port_forwading) to in... Thanks, Andras Kende