From owner-freebsd-security Wed Nov 21 9:42: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 2A57937B419 for ; Wed, 21 Nov 2001 09:42:01 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id OAA87844; Wed, 21 Nov 2001 14:40:28 -0300 (ART) X-Authentication-Warning: ns1.via-net-works.net.ar: fpscha set sender to fschapachnik@vianetworks.com.ar using -f Date: Wed, 21 Nov 2001 14:40:28 -0300 From: Fernando Schapachnik To: Fernando Germano Cc: security@FreeBSD.ORG Subject: Re: Best security topology for FreeBSD Message-ID: <20011121144028.B27934@ns1.via-net-works.net.ar> References: <00d201c172af$a96227b0$ed64a8c0@audi2k> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <00d201c172af$a96227b0$ed64a8c0@audi2k>; from fgermano@audiotel.com.ar on Wed, Nov 21, 2001 at 02:12:12PM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org En un mensaje anterior, Fernando Germano escribió: > > We'll, the answer is simple: money, we don't use something like PIX because > it's way too expensive for something like this. > > I'm worried about NAT, will FreeBSD and IpFilter be able to NAT all of this > traffic?? I've used IP Filter in a couple of heavy-loaded scenarios and never had a problem (also, machine load was almost allways at 0). Good luck. Fernando P. Schapachnik Gerente de tecnología de red y sistemas de información VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Tel.: (54-11) 4323-3381 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message