From owner-freebsd-questions  Sat Jan 13 14:55:51 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from snipe.prod.itd.earthlink.net (snipe.prod.itd.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP id 966C237B6A1
	for <freebsd-questions@freebsd.org>; Sat, 13 Jan 2001 14:55:32 -0800 (PST)
Received: from anonymou-2smyer.yahoo.com (pool0049.cvx2-bradley.dialup.earthlink.net [209.178.134.49])
	by snipe.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id OAA17092
	for <freebsd-questions@freebsd.org>; Sat, 13 Jan 2001 14:55:29 -0800 (PST)
Message-Id: <5.0.2.1.2.20010113140507.00b009d0@pop.mail.yahoo.com>
X-Sender: adamlau@pop.mail.yahoo.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sat, 13 Jan 2001 14:55:42 -0800
To: freebsd-questions@freebsd.org
From: Adam Lau <adamlau@yahoo.com>
Subject: IPFilter, Squid, Snort Config
In-Reply-To: <1006467990.20010113165708@gmx.net>
References: <NEBBKCBJALGONAJFPFDJGEHICDAA.muratbsd@softhome.net>
 <NEBBKCBJALGONAJFPFDJGEHICDAA.muratbsd@softhome.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello,

I plan to put up a 4.2-RELEASE box running IPFilter 3.4.x. and had a few 
questions. We have two boxes and three applications (IPFilter, Squid, Snort).

1. Should we go with IPFilter/Squid > Snort or IPFilter > Squid/Snort?
2. Since Snort has a win32 port, would it make sense to run Snort on a 
hardened NT box as opposed to a BSD box? I remember one of my professors as 
saying that a properly configured NT box is generally more secure that *NIX.
3. We need a second firewall between RADIUS server and SQL DB. Anybody have 
any good experiences with Zorp? I do not know any Python. Would I still be 
able to use Zorp? What is another recommended (free), application-level 
firewall?
4. Would I be able to install Tripwire 2.2.1 for Linux (Intel) on the boxes 
with Linux Binary Emulation enabled? Are there any drawbacks?
5. Trouble installing FreeBSD 4.2-RELEASE on a box with Adaptec 29160 SCSI 
controller. http://www.freebsd.org/handbook/install-hw.html does not 
indicate support for the 29160. Do I have to go out and purchase a 
supported 294X controller?
6. This may be off topic, but is there an ISO image of OpenBSD 2.8 
available for download? I looked all over the OpenBSD site with no luck.

Much thanks!   



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message