From owner-freebsd-questions@FreeBSD.ORG Thu Jul 13 10:56:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8075D16A4DD for ; Thu, 13 Jul 2006 10:56:16 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20DDA43D46 for ; Thu, 13 Jul 2006 10:56:15 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from localhost (monrovll-cuda1-24-53-251-44.pittpa.adelphia.net [24.53.251.44]) (AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Thu, 13 Jul 2006 06:56:15 -0400 id 00056403.44B626CF.00012FC0 Date: Thu, 13 Jul 2006 06:56:14 -0400 From: Bill Moran To: spock@dwinner.net Message-Id: <20060713065614.75ab56ee.wmoran@collaborativefusion.com> In-Reply-To: <44B61824.7030309@dwinner.net> References: <44B61824.7030309@dwinner.net> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.6 (GTK+ 2.8.19; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: *bsd firewall appliance? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 10:56:16 -0000 DW wrote: > Hi all, > > Just doing some early morning brainstorming, and my crazy thought of the > day is this: > > My life would be so much easier if I could just get rid of my stupid PIX > firewalls, and replace them what I know and love: FreeBSD. It's not that > the PIX's have been causing me problems or anything like that, it's just > that I believe in streamlining whenever possible, and since we've > already exterminated Microsoft in my server room for at least 3 years, > the only thing left that's not running FreeBSD are my appliances > (firewalls and switches) and 2 leftover legacy servers still running > Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a > one-man shop, and I can survive using the PIX IOS when I have to, but > would just as soon use BSD if I could. Questions: > > 1) If I did this, I would probably only do it if I could figure out how > to rack up some diskless servers to my 2-post communications rack. Any > thoughts on hardware candidates, etc.? > > 2) If I did this, maybe it would be wiser to go with OpenBSD instead, > since it is known for security? > > 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? > > 4) Any other considerations? Keep in mind that PC hardware does not make good switching/routing hardware for high loads. The way PCs are designed, you really can't put more than 2 network cards in and expect any kind of performance. If your PIX are serving simple gateway/firewall roles, then replacing with *BSD on a PC is possible. If they have many interfaces, you'll find that the PC hardware just can't switch packets at line speed, no matter what OS you put on it. > 5) Am I just being stupid and should I just keep my PIX's going? I know, > I know, if it ain't broke, don't fix it. No. Proactive is the way to go. People who wait around for things to break are always fixing broken things. -- Bill Moran If you take sexual advantage of her, you're going to burn in a very special level of hell. A level they reserve for child molesters and people who talk at the theater. Shepherd Book