Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Feb 2002 21:31:27 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        flash@neworleans.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: router preference: hardware or software?
Message-ID:  <20020213213127.E33833@blossom.cjclark.org>
In-Reply-To: <91698.1013637711317.JavaMail.www@webmail.neworleans.com>; from flash@neworleans.com on Wed, Feb 13, 2002 at 04:01:51PM -0600
References:  <91698.1013637711317.JavaMail.www@webmail.neworleans.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 13, 2002 at 04:01:51PM -0600, flash@neworleans.com wrote:
> What is the prevailing wisdom for the gateway between private LAN and the net:
> 
> a separate hardware box (firewall/gateway/NAT) or the FreeBSD box running 
> ipfw/natd/qmail/BIND/whatever?
> 
> security?  reliability?  convenience?

Network devices like routers are not really "hardware" devices any
more than your PC is. The routing is mostly done in software, albiet
specialized software that is designed soley to do routing on the
specific hardware platform (usually off-the-shelf chips).

As for security, it depends. It's eaiser for the administrator to
botch the security on a full-fledged server OS like FreeBSD. OTOH, if
the vendor has botched the security on your network device, it can be
difficult, if not impossible, for the administrator to fix it (if they
ever find out there is a vulnerability).

As for reliability, it depends. Network devices are generally built
with reliability being one of the primary design goals. There is
typically less to go wrong. That said, if you get a bummer device, it
can be bad and there is usually little you can do to fix it on your
own.

As for convenience, it depends. If you know your way around an OS like
FreeBSD and have a spare box to do the job, you can't beat the
convenience for setting it up. For a device, you need to do some
research to find the right one (which is inconvenient), but once you
find the right one and get it, the maintenance level could be
extremely low, which is convenient.

So, it depends.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020213213127.E33833>