From owner-freebsd-questions  Wed Jan 12 18:44:21 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from fh106.infi.net (fh106.infi.net [209.97.16.33])
	by hub.freebsd.org (Postfix) with ESMTP id 6F90014A2F
	for <freebsd-questions@freebsd.org>; Wed, 12 Jan 2000 18:44:17 -0800 (PST)
	(envelope-from bsdbox@citizen.infi.net)
Received: from citizen.infi.net (pm1-35.w66.infi.net [208.130.33.35])
	by fh106.infi.net (8.8.8/8.8.8) with ESMTP id VAA24696
	for <freebsd-questions@freebsd.org>; Wed, 12 Jan 2000 21:44:13 -0500 (EST)
Message-ID: <387D3BE0.CAF5B836@citizen.infi.net>
Date: Wed, 12 Jan 2000 21:43:44 -0500
From: Scott Gregory <bsdbox@citizen.infi.net>
X-Mailer: Mozilla 4.04 [en] (WinNT; U)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: IPFW, Failover, and FreeBSD
Content-Type: multipart/mixed; boundary="------------A131B41736BACB29EEF2C59F"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.
--------------A131B41736BACB29EEF2C59F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

> To All,
>
> Happy New Year!!
>
> I am setting up a firewall using IPFW to protect a few web servers.  The
> firewall will have a 1Mbit web connection.  In the archives, Doug White
> claimed to be using a P-90 to protect a 100MB network.  I assume that a
> P-200 will be more than sufficient, correct?
>
> My questions:
>
> 1.  What are the advantages/disadvantages to using IPFW vs. a commercial
> firewall like Checkpoint (other than $$)?
>
> 2.  If I have the following setup:
>
>                ___  100  ______  100  ___
> --------------| S |-----| FBSD |-----| S |
> Incoming 1MB  | w |  MB | IPFW |  MB | w |
> Main          | i |      ------      | i | 100
>               | t | 100  ______  100 | t |----- Web Servers
> --------------| c |-----| FBSD |-----| c |  MB
> Incoming 1MB  | h |  MB | IPFW |  MB | h |
> Backup         ---       ------       ---
>
>  A.  Is it possible to give the 2 FBSD IPFW boxes an alias IP that both
> listen (and answer) for? (on both sides of the firewall)
>
>  B.  Is it possible to have a failover setup which will allow one of the
> FBSD IPFW to take over should the other fail?
>
> I would like to have firewall boxes aliases to filter and route requests
> from the incoming network connection and I would like to have the firewall
> boxes aliased so either box can filter and route packets back to the 'net.
>
> Any assistance would be greatly appreciated.
>
> Thanks,
>
> Scott



--------------A131B41736BACB29EEF2C59F
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Return-Path: bsdbox@bsdbox.bsdbox.yi.org
Received: from localhost (bsdbox@localhost)
	by bsdbox.yi.org (8.9.1/8.9.1) with ESMTP id VAA04441
	for <bsdbox@bsdbox.bsdbox.yi.org>; Wed, 12 Jan 2000 21:41:05 -0500 (EST)
	(envelope-from bsdbox@bsdbox.bsdbox.yi.org)
Date: Wed, 12 Jan 2000 21:41:00 -0500 (EST)
From: "Scott Gregory <bsdbox@citizen.infi.net>" <bsdbox@bsdbox.bsdbox.yi.org>
To: Mailing List Mail Account <bsdbox@bsdbox.bsdbox.yi.org>
Subject: IPFW, Failover, and FreeBSD (fwd)
Message-ID: <Pine.BSF.4.05.10001122140460.4439-100000@bsdbox.bsdbox.yi.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII



---------- Forwarded message ----------
Date: Wed, 12 Jan 2000 21:21:54 -0500 (EST)
From: "Scott Gregory <bsdbox@citizen.infi.net>" <bsdbox@bsdbox.bsdbox.yi.org>
To: freebsd-questions@freebsd.org
Subject: IPFW, Failover, and FreeBSD

To All,

Happy New Year!!  

I am setting up a firewall using IPFW to protect a few web servers.  The
firewall will have a 1Mbit web connection.  In the archives, Doug White
claimed to be using a P-90 to protect a 100MB network.  I assume that a
P-200 will be more than sufficient, correct?

My questions:

1.  What are the advantages/disadvantages to using IPFW vs. a commercial
firewall like Checkpoint (other than $$)?

2.  If I have the following setup:

               ___  100  ______  100  ___
--------------| S |-----| FBSD |-----| S |
Incoming 1MB  | w |  MB | IPFW |  MB | w |
Main          | i |      ------      | i | 100 
              | t | 100  ______  100 | t |----- Web Servers
--------------| c |-----| FBSD |-----| c |  MB
Incoming 1MB  | h |  MB | IPFW |  MB | h |  
Backup         ---       ------       ---

 A.  Is it possible to give the 2 FBSD IPFW boxes an alias IP that both
listen (and answer) for? (on both sides of the firewall)

 B.  Is it possible to have a failover setup which will allow one of the
FBSD IPFW to take over should the other fail?

I would like to have firewall boxes aliases to filter and route requests
from the incoming network connection and I would like to have the firewall
boxes aliased so either box can filter and route packets back to the 'net.

Any assistance would be greatly appreciated.

Thanks,

Scott





--------------A131B41736BACB29EEF2C59F--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message