Date: Wed, 12 Jan 2000 21:43:44 -0500 From: Scott Gregory <bsdbox@citizen.infi.net> To: freebsd-questions@freebsd.org Subject: IPFW, Failover, and FreeBSD Message-ID: <387D3BE0.CAF5B836@citizen.infi.net>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------A131B41736BACB29EEF2C59F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
> To All,
>
> Happy New Year!!
>
> I am setting up a firewall using IPFW to protect a few web servers. The
> firewall will have a 1Mbit web connection. In the archives, Doug White
> claimed to be using a P-90 to protect a 100MB network. I assume that a
> P-200 will be more than sufficient, correct?
>
> My questions:
>
> 1. What are the advantages/disadvantages to using IPFW vs. a commercial
> firewall like Checkpoint (other than $$)?
>
> 2. If I have the following setup:
>
> ___ 100 ______ 100 ___
> --------------| S |-----| FBSD |-----| S |
> Incoming 1MB | w | MB | IPFW | MB | w |
> Main | i | ------ | i | 100
> | t | 100 ______ 100 | t |----- Web Servers
> --------------| c |-----| FBSD |-----| c | MB
> Incoming 1MB | h | MB | IPFW | MB | h |
> Backup --- ------ ---
>
> A. Is it possible to give the 2 FBSD IPFW boxes an alias IP that both
> listen (and answer) for? (on both sides of the firewall)
>
> B. Is it possible to have a failover setup which will allow one of the
> FBSD IPFW to take over should the other fail?
>
> I would like to have firewall boxes aliases to filter and route requests
> from the incoming network connection and I would like to have the firewall
> boxes aliased so either box can filter and route packets back to the 'net.
>
> Any assistance would be greatly appreciated.
>
> Thanks,
>
> Scott
--------------A131B41736BACB29EEF2C59F
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Return-Path: bsdbox@bsdbox.bsdbox.yi.org
Received: from localhost (bsdbox@localhost)
by bsdbox.yi.org (8.9.1/8.9.1) with ESMTP id VAA04441
for <bsdbox@bsdbox.bsdbox.yi.org>; Wed, 12 Jan 2000 21:41:05 -0500 (EST)
(envelope-from bsdbox@bsdbox.bsdbox.yi.org)
Date: Wed, 12 Jan 2000 21:41:00 -0500 (EST)
From: "Scott Gregory <bsdbox@citizen.infi.net>" <bsdbox@bsdbox.bsdbox.yi.org>
To: Mailing List Mail Account <bsdbox@bsdbox.bsdbox.yi.org>
Subject: IPFW, Failover, and FreeBSD (fwd)
Message-ID: <Pine.BSF.4.05.10001122140460.4439-100000@bsdbox.bsdbox.yi.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
---------- Forwarded message ----------
Date: Wed, 12 Jan 2000 21:21:54 -0500 (EST)
From: "Scott Gregory <bsdbox@citizen.infi.net>" <bsdbox@bsdbox.bsdbox.yi.org>
To: freebsd-questions@freebsd.org
Subject: IPFW, Failover, and FreeBSD
To All,
Happy New Year!!
I am setting up a firewall using IPFW to protect a few web servers. The
firewall will have a 1Mbit web connection. In the archives, Doug White
claimed to be using a P-90 to protect a 100MB network. I assume that a
P-200 will be more than sufficient, correct?
My questions:
1. What are the advantages/disadvantages to using IPFW vs. a commercial
firewall like Checkpoint (other than $$)?
2. If I have the following setup:
___ 100 ______ 100 ___
--------------| S |-----| FBSD |-----| S |
Incoming 1MB | w | MB | IPFW | MB | w |
Main | i | ------ | i | 100
| t | 100 ______ 100 | t |----- Web Servers
--------------| c |-----| FBSD |-----| c | MB
Incoming 1MB | h | MB | IPFW | MB | h |
Backup --- ------ ---
A. Is it possible to give the 2 FBSD IPFW boxes an alias IP that both
listen (and answer) for? (on both sides of the firewall)
B. Is it possible to have a failover setup which will allow one of the
FBSD IPFW to take over should the other fail?
I would like to have firewall boxes aliases to filter and route requests
from the incoming network connection and I would like to have the firewall
boxes aliased so either box can filter and route packets back to the 'net.
Any assistance would be greatly appreciated.
Thanks,
Scott
--------------A131B41736BACB29EEF2C59F--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387D3BE0.CAF5B836>