Date: Wed, 12 Jan 2000 21:43:44 -0500 From: Scott Gregory <bsdbox@citizen.infi.net> To: freebsd-questions@freebsd.org Subject: IPFW, Failover, and FreeBSD Message-ID: <387D3BE0.CAF5B836@citizen.infi.net>
index | next in thread | raw e-mail
[-- Attachment #1 --]
> To All,
>
> Happy New Year!!
>
> I am setting up a firewall using IPFW to protect a few web servers. The
> firewall will have a 1Mbit web connection. In the archives, Doug White
> claimed to be using a P-90 to protect a 100MB network. I assume that a
> P-200 will be more than sufficient, correct?
>
> My questions:
>
> 1. What are the advantages/disadvantages to using IPFW vs. a commercial
> firewall like Checkpoint (other than $$)?
>
> 2. If I have the following setup:
>
> ___ 100 ______ 100 ___
> --------------| S |-----| FBSD |-----| S |
> Incoming 1MB | w | MB | IPFW | MB | w |
> Main | i | ------ | i | 100
> | t | 100 ______ 100 | t |----- Web Servers
> --------------| c |-----| FBSD |-----| c | MB
> Incoming 1MB | h | MB | IPFW | MB | h |
> Backup --- ------ ---
>
> A. Is it possible to give the 2 FBSD IPFW boxes an alias IP that both
> listen (and answer) for? (on both sides of the firewall)
>
> B. Is it possible to have a failover setup which will allow one of the
> FBSD IPFW to take over should the other fail?
>
> I would like to have firewall boxes aliases to filter and route requests
> from the incoming network connection and I would like to have the firewall
> boxes aliased so either box can filter and route packets back to the 'net.
>
> Any assistance would be greatly appreciated.
>
> Thanks,
>
> Scott
[-- Attachment #2 --]
Return-Path: bsdbox@bsdbox.bsdbox.yi.org
Received: from localhost (bsdbox@localhost)
by bsdbox.yi.org (8.9.1/8.9.1) with ESMTP id VAA04441
for <bsdbox@bsdbox.bsdbox.yi.org>; Wed, 12 Jan 2000 21:41:05 -0500 (EST)
(envelope-from bsdbox@bsdbox.bsdbox.yi.org)
Date: Wed, 12 Jan 2000 21:41:00 -0500 (EST)
From: "Scott Gregory <bsdbox@citizen.infi.net>" <bsdbox@bsdbox.bsdbox.yi.org>
To: Mailing List Mail Account <bsdbox@bsdbox.bsdbox.yi.org>
Subject: IPFW, Failover, and FreeBSD (fwd)
Message-ID: <Pine.BSF.4.05.10001122140460.4439-100000@bsdbox.bsdbox.yi.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
---------- Forwarded message ----------
Date: Wed, 12 Jan 2000 21:21:54 -0500 (EST)
From: "Scott Gregory <bsdbox@citizen.infi.net>" <bsdbox@bsdbox.bsdbox.yi.org>
To: freebsd-questions@freebsd.org
Subject: IPFW, Failover, and FreeBSD
To All,
Happy New Year!!
I am setting up a firewall using IPFW to protect a few web servers. The
firewall will have a 1Mbit web connection. In the archives, Doug White
claimed to be using a P-90 to protect a 100MB network. I assume that a
P-200 will be more than sufficient, correct?
My questions:
1. What are the advantages/disadvantages to using IPFW vs. a commercial
firewall like Checkpoint (other than $$)?
2. If I have the following setup:
___ 100 ______ 100 ___
--------------| S |-----| FBSD |-----| S |
Incoming 1MB | w | MB | IPFW | MB | w |
Main | i | ------ | i | 100
| t | 100 ______ 100 | t |----- Web Servers
--------------| c |-----| FBSD |-----| c | MB
Incoming 1MB | h | MB | IPFW | MB | h |
Backup --- ------ ---
A. Is it possible to give the 2 FBSD IPFW boxes an alias IP that both
listen (and answer) for? (on both sides of the firewall)
B. Is it possible to have a failover setup which will allow one of the
FBSD IPFW to take over should the other fail?
I would like to have firewall boxes aliases to filter and route requests
from the incoming network connection and I would like to have the firewall
boxes aliased so either box can filter and route packets back to the 'net.
Any assistance would be greatly appreciated.
Thanks,
Scott
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387D3BE0.CAF5B836>