From owner-freebsd-questions@FreeBSD.ORG Wed Jul 21 19:25:47 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3A9416A4D7 for ; Wed, 21 Jul 2004 19:25:47 +0000 (GMT) Received: from mbox.ibctech.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0B5743D49 for ; Wed, 21 Jul 2004 19:25:45 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 21246 invoked by uid 1002); 21 Jul 2004 19:25:44 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 1.032537 secs); 21 Jul 2004 19:25:44 -0000 Received: from unknown (HELO webmail.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 21 Jul 2004 19:25:42 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca); by webmail.ibctech.ca with HTTP; Wed, 21 Jul 2004 15:25:43 -0400 (EDT) Message-ID: <3193.209.167.16.15.1090437943.squirrel@209.167.16.15> In-Reply-To: <0e6601c46f57$9b486f70$4df24243@tsgincorporated.com> References: <2D5D66504FBF4E4FB3A199F121C862382D08E0@exch1.nfmwe.com> <0e6601c46f57$9b486f70$4df24243@tsgincorporated.com> Date: Wed, 21 Jul 2004 15:25:43 -0400 (EDT) From: "Steve Bertrand" To: "Micheal Patterson" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: Paul Hillen cc: freebsd-questions@freebsd.org Subject: Re: Firewall, OpenVPN and Squid question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 19:25:47 -0000 >> I have around 100 users at our site that would require the use of squid, > we >> house are own webserver, mail server, public DNS servers in the DMZ and >> 2 >> private DNS servers on the internal network, used by both Internal and >> VPN >> users. >> >> Sites connecting Gateway to Gateway, there are apprx as follows; >> Site 1 - 25 users >> Site 2 - 5 users >> Site 3 - 12 users >> Our site VPN users are Apprx 25, and about 50% of them are connected at > any >> given time. >> >> My first thought is to put up a Firewall box that can the load of > publishing >> many internal boxes and "publish" a box with OpenVPN and another for >> SQUID >> and just keep them all separate. >> >> Will this setup put to much strain on the FIREWALL box or will it have >> no >> problem handling the NAT/ROUTING in this configuration. >> >> Thanks in advance >> Paul >> > > Considering that many of the current hardware firewall solutions aren't > much > more than either a BSD or Linux kernel in a ROM chip, with a 486 or 586 > based cpu, memory, and a nice gui (Windows or Internal Web interface), I > can't see why a similar system on a PC would be any different. > Yes, but take into consideration disk reads/writes. It is possible to eliminate these tasks, and I have even done setups where everything was flashed onto a CF card (ro) (obviously w/o logging capabilities). I did a custom build, frequently referring to: http://neon1.net/misc/minibsd.html and put the system on an IDE->CF card converter. Steve > -- > > Micheal Patterson > TSG Network Administration > 405-917-0600 > > Confidentiality Notice: This e-mail message, including any attachments, > is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >