From owner-freebsd-questions@FreeBSD.ORG Wed Jul 21 17:19:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56F9716A4D0 for ; Wed, 21 Jul 2004 17:19:34 +0000 (GMT) Received: from exch1.nfmwe.com (68-75-194-133.ded.ameritech.net [68.75.194.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0FD143D46 for ; Wed, 21 Jul 2004 17:19:33 +0000 (GMT) (envelope-from PHILLEN@NFM.NET) Received: by exch1.nfmwe.com with Internet Mail Service (5.5.2657.72) id ; Wed, 21 Jul 2004 13:24:49 -0400 Message-ID: <2D5D66504FBF4E4FB3A199F121C862382D08DF@exch1.nfmwe.com> From: Paul Hillen To: freebsd-questions@freebsd.org Date: Wed, 21 Jul 2004 13:24:49 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Firewall, OpenVPN and Squid question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 17:19:34 -0000 Hi everyone, I am relatively new to the Unix world, have setup a couple TINYDNS server and a postfix relay server, so that is the extent of my FreeBSD knowledge. I have 2 Microsoft ISA servers in a BACK to BACK configuration providing a DMZ in-between that I would like to get rid of, way more trouble than what they are worth. They work well for about a month and then the performance goes south. There are 3 remote sites connecting to our network using GATEWAY to GATEWAY VPN and around 25 remote VPN users that must be dealt with also. Last item, there is a chance that I will have to connect 3 more remote sites into the picture within the next 6 months, so this needs to be scalable to handle the load.. My question is, what is the best way to set this up. Here are my thoughts, but not sure what is the best way. * Setup one FreeBSD box that contains FIREWALL, SQUID and OPENVPN or * Setup 3 separate boxes to break up the work load. Many thanks in advance for being patient with what I am sure is stupid beginner questions to most of you. When giving your choice of which setup, please point me in the direction of the best resource to put it all together and the hardware requirement you would recommend. I have a truck load of PII 300 - 450's due to upgrades, so if I can use them great, if not, time to go on a spending spree. Thanks again Paul