From owner-freebsd-questions Fri Dec 28 6: 6:49 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ns2.robhughes.com (12-237-138-77.client.attbi.com [12.237.138.77]) by hub.freebsd.org (Postfix) with SMTP id 571CF37B417 for ; Fri, 28 Dec 2001 06:06:44 -0800 (PST) Received: (qmail 3375 invoked from network); 28 Dec 2001 14:06:43 -0000 Received: from hexch01.robhughes.com (192.168.1.3) by ns2.robhughes.com with SMTP; 28 Dec 2001 14:06:43 -0000 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: newbie's question: which firewall??? X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Fri, 28 Dec 2001 08:06:43 -0600 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: newbie's question: which firewall??? Thread-Index: AcGPfvvpT8deL7o5RNiw2Cv+j31sywAKYzbw From: "Robert D. Hughes" To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Instead, why not yank that Netgear, get some of you money back, and put = in a FreeBSD router/firewall. You can do everything you want there with = much more control. Both IPF and IFPW are very good, though other's = thoughts will differ, I'm sure. -----Original Message----- From: Richard Kaestner [mailto:richard.kaestner@ycn.com] Sent: Friday, December 28, 2001 3:15 AM To: freebsd-questions@FreeBSD.ORG Subject: newbie's question: which firewall??? First, it's the time (after watching this list for some time) to say thanks to many helping hands here! Lots of good information found there! I am in the process of switching for the office-equipment from Linux and MS to FreeBSD. As a matter of fact, I can see everyday a lot of attempts to pay a 'visit' to my local network (Nimda, Code Red ...) Still I can smile about - but when will be the first success ...? Can anyone give me some ideas, which firewall to use (ipfw, ipfilter)? Current solution is a NetgearBox (NAT, basic IP filtering) and e-smith (a linux based firewall, gateway, webserver, ... 'all-in-one') acting as gateway to internal network. My intention is: - a dedicated box to block between DMZ and internal network. ipfw or ipfilter ?, Should I do again NAT on this box? - Another dedicated box in DMZ for 'public' access (not really public, but why not representing my company on the net...) Apache, VPN, ssh access from outside (?) This should allow _me_ to access my internal network (without too much headake) Thanks in advance! -- ciao - Richard "you have moved your mouse, please reboot to make this change take = effect" Richard K=E4stner Woerthgasse 17 2500 Baden mailto:richard.kaestner@ycn.com Austria To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message