From owner-freebsd-questions Wed Feb 13 21:31:33 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 30E9537B402 for ; Wed, 13 Feb 2002 21:31:28 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020214053127.TZTK1147.rwcrmhc52.attbi.com@blossom.cjclark.org>; Thu, 14 Feb 2002 05:31:27 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g1E5VR934335; Wed, 13 Feb 2002 21:31:27 -0800 (PST) (envelope-from cjc) Date: Wed, 13 Feb 2002 21:31:27 -0800 From: "Crist J. Clark" To: flash@neworleans.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: router preference: hardware or software? Message-ID: <20020213213127.E33833@blossom.cjclark.org> References: <91698.1013637711317.JavaMail.www@webmail.neworleans.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <91698.1013637711317.JavaMail.www@webmail.neworleans.com>; from flash@neworleans.com on Wed, Feb 13, 2002 at 04:01:51PM -0600 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Feb 13, 2002 at 04:01:51PM -0600, flash@neworleans.com wrote: > What is the prevailing wisdom for the gateway between private LAN and the net: > > a separate hardware box (firewall/gateway/NAT) or the FreeBSD box running > ipfw/natd/qmail/BIND/whatever? > > security? reliability? convenience? Network devices like routers are not really "hardware" devices any more than your PC is. The routing is mostly done in software, albiet specialized software that is designed soley to do routing on the specific hardware platform (usually off-the-shelf chips). As for security, it depends. It's eaiser for the administrator to botch the security on a full-fledged server OS like FreeBSD. OTOH, if the vendor has botched the security on your network device, it can be difficult, if not impossible, for the administrator to fix it (if they ever find out there is a vulnerability). As for reliability, it depends. Network devices are generally built with reliability being one of the primary design goals. There is typically less to go wrong. That said, if you get a bummer device, it can be bad and there is usually little you can do to fix it on your own. As for convenience, it depends. If you know your way around an OS like FreeBSD and have a spare box to do the job, you can't beat the convenience for setting it up. For a device, you need to do some research to find the right one (which is inconvenient), but once you find the right one and get it, the maintenance level could be extremely low, which is convenient. So, it depends. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message