From owner-freebsd-questions Fri Nov 16 13:20:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by hub.freebsd.org (Postfix) with ESMTP id 8758A37B405 for ; Fri, 16 Nov 2001 13:20:17 -0800 (PST) Received: from columbia ([12.93.212.141]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20011116212015.GWQR4554.mtiwmhc22.worldnet.att.net@columbia>; Fri, 16 Nov 2001 21:20:15 +0000 From: "Andrew C. Hornback" To: "Anthony Atkielski" , "Ted Mittelstaedt" , "FreeBSD Questions" Subject: RE: DSL PPPoE with 2 NICs Date: Fri, 16 Nov 2001 16:18:40 -0500 Message-ID: <001d01c16ee4$4360c9e0$6600000a@ach.domain> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <001c01c16e99$3ba2a110$0a00000a@atkielski.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Anthony > Atkielski > Sent: Friday, November 16, 2001 7:21 AM > To: Ted Mittelstaedt; Andrew C. Hornback; FreeBSD Questions > Subject: Re: DSL PPPoE with 2 NICs > > Ted writes: > > > Not for the real cheapos. Crap like the LinkSys > > router requires that you be on the same physical > > network when you do your firmware upgrading because > > the router generally won't allow remote firmware > > updates ... > > That's the kind of behavior I'd prefer from a router. I don't want remote > firmware updates to be allowed except from the LAN side. It > keeps the rest of > the world out. To me this is a feature, not a drawback. If the router itself is configured securely, you don't need to worry about this. After all, isn't it possible to restrict firmwares to a specific IP, subnet or secure account? I'll admit that my IOS knowledge is lacking, but I figure that if this isn't possible, Cisco needs to get on the ball. > > You cannot run any kind of an enterprise with > > that sort of thing. > > If you have only one LAN, or only a few in physical proximity, it > seems entirely > practical to me. You don't need to update firmware very often (if ever), > anyway. I hate to say this, but I think you'll be eating those words when LinkSys or whoever manufacturered your router comes out with a firmware upgrade for security reasons. But, who knows, they may never respond to a request for an upgrade, depending on the size of their installed base. As for FreeBSD, if there's a security issue, you can bet that there are people working on the problem as soon as they learn about it. It's a matter of support... > > For a REAL router like a Cisco 1605-R, firmware > > updates can be done remotely quite easily. But the > > cost is much higher for the device. > > Unless there is a desperate need to perform such updates > remotely, there is no > point in spending the extra money for a fancier router. If the ease of update is the only thing you're basing your decision on... maybe it is a reason to buy the Cisco model. After all, isn't it easier to have a centralized authority configuring your network, as opposed to leaving each remote LAN admin to their own whims of how they see fit to configure their connectivity? Again... uniformity in configuration leads to a lower number of support problems. > > For starters you can terminate remote VPN links > > on a FreeBSD system, how many $100 routers can > > you do that on? > > The one I use does exactly that. It can and does maintain a > remote VPN link > with the DSL modem. That is one of its selling points, and that > is one reason > why I bought it (it is much easier to have the router handle this > than to try to > get it to work on FreeBSD). And you've tried to configure VPN on a FreeBSD machine? I don't remember seeing any questions about that... > > You can also run a proxy server on your FreeBSD > > system, and force all your inside clients to use > > that, so you can spy on where they are surfing. > > If you don't need a proxy and you don't wish to spy, this is irrelevant. Quite right... there's no need to try to optimize your network performance. *removes tongue from cheek* > > You can set your router up as a network monitoring > > device and if the link to the Internet goes down > > your BSD system can send you a page. > > The cheapo router can send a message to syslog on the machine of > your choice, > which can then alert anyone. Are you going to be running syslog on every machine and have the router reporting to each one of them simply to ensure that you get the message when your link dies? > > In short, there's lots of things that you can do > > with your FreeBSD system that a hardware router > > cannot do. > > There are lots of things you can do with a FreeBSD system that > you really have > no need to do. And if you don't need these things, you don't > need FreeBSD. *confused look* Now you're saying that simply because we can do something, we don't need to do it? You may have more years of IT experience than I do of years period, but I doubt that you have the full understanding of my needs that I do. > > Nobody building any network large enough to deserve > > the label "IT infrastructure" is going to be fooling > > around with $100 cheapie routers. > > What is the minimum size of a network that may legally quality as "IT > infrastructure"? *yawns* More flame bait... I won't take it this time. > In any case, any network as large as you imply isn't going to be > relying on PCs > running an unsupported, free OS to replace real routers, > either--not if they can > afford Cisco. Unsupported? Hmm, seems to me that if FreeBSD doesn't meet your criteria for being supported, you may have chosen the wrong OS. Not to mention the fact that so did Yahoo, Hotmail, etc, etc. *shakes his head* --- Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message