From owner-freebsd-security  Thu Mar  8  6:26:59 2001
Delivered-To: freebsd-security@freebsd.org
Received: from Samizdat.uucom.com (samizdat.uucom.com [198.202.217.54])
	by hub.freebsd.org (Postfix) with ESMTP id 6821337B71A
	for <freebsd-security@FreeBSD.ORG>; Thu,  8 Mar 2001 06:26:55 -0800 (PST)
	(envelope-from cshenton@OutBounderInc.com)
Received: (from cshenton@localhost)
	by Samizdat.uucom.com (8.9.3/8.9.3) id JAA11758;
	Thu, 8 Mar 2001 09:26:37 -0500 (EST)
To: Christopher Schulte <christopher@schulte.org>
Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>,
	Nathan Dorfman <nathan@rtfm.net>, freebsd-security@FreeBSD.ORG
Subject: Re: ipfw or ipf?
References: <20010307190222.A72795@rtfm.net>
	<5.0.2.1.0.20010307181400.0336ed18@pop.schulte.org>
From: Chris Shenton <cshenton@OutBounderInc.com>
Date: 08 Mar 2001 09:26:37 -0500
In-Reply-To: Christopher Schulte's message of "Wed, 07 Mar 2001 18:29:10 -0600"
Message-ID: <lfd7bs49r6.fsf@Samizdat.uucom.com>
Lines: 14
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 07 Mar 2001 18:29:10 -0600, Christopher Schulte <christopher@schulte.org> said:

Christopher> ipfw is beautiful - two nics just hop into promisc mode.
Christopher> One connects to the 'internal' network, the other to
Christopher> possibly a router or public switch.  Then using the
Christopher> firewall/shaping rules defined with ipfw traffic is
Christopher> transparently passed (or dropped/rejected) from the
Christopher> external network to machines on the inside via software
Christopher> bridging.

Has anyone set up a pair of FreeBSD firewallowing boxes with VRRP (new
in ports) to provide fail-over redundancy?  I hate being dependent on
a single point of failure.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message