From owner-freebsd-questions@FreeBSD.ORG Thu Jan 4 23:03:03 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 08A2E16A47E for ; Thu, 4 Jan 2007 23:03:03 +0000 (UTC) (envelope-from tsmullins@wise.k12.va.us) Received: from mail.wise.k12.va.us (mail.wise.k12.va.us [208.19.254.12]) by mx1.freebsd.org (Postfix) with ESMTP id C618C13C45B for ; Thu, 4 Jan 2007 23:03:02 +0000 (UTC) (envelope-from tsmullins@wise.k12.va.us) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Thu, 4 Jan 2007 17:51:49 -0500 Message-ID: <537CB068C0C3DB4C857BB2719A89DC91014126@mail2.wise.k12> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-topic: Advice on which FreeBSD firewall package to choose. Thread-index: AccvzepbCKPANBG1TQmtUxGnwR5I1gAcvhQgAAR3DfA= From: "Thomas Mullins" To: "Brett Davidson" , Cc: Subject: RE: Advice on which FreeBSD firewall package to choose. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2007 23:03:03 -0000 I have not used iptables or ipfw. But, pf is very easy to use, and has lots of options. I would give it a try. I can send some sample configs if you need. Shane -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Brett Davidson Sent: Thursday, January 04, 2007 4:26 PM To: questions@freebsd.org Subject: Advice on which FreeBSD firewall package to choose. Before I start, I'm familiar with IPTables from Linux but am wanting to use FreeBSD as a firewalling router after seeing it in action on a heavily-loaded webserver. I like the efficiency of the TCP stack. Upon reading the handbook I found that I can have my choice of three firewalls; pf, iptables and ipfw. What would be the most useful (and easiest) package to use given the following scenario: A FreeBSD router comprising of four physical interfaces - Eth0 is the outside 10Mbyte/s cable connection to the Internet. Eth1 is a 100Mbit DMZ housing a webserver. Eth2 is a 100Mb DMZ housing a 802.11g Wireless Access Router.=20 (My normal preference is to isolate Wireless LANs from physical LANS). Eth3 is the inside LAN.=20 Software-based VPN connections out from both the Inside LAN and Wireless DMZ are required. (Allowing VPN tunnels through the firewall; not tunnels terminated at the firewall). Against prudence, they wish to allow torrent connections to the inside lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The torrent and ICQ connections will need to be bandwidth-managed so that is a major consideration for the choice of which firewall to use. Is there an equivalent to HTB on FreeBSD? I look forward to your answers... Regards, Brett. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"