Date: Sat, 17 Mar 2001 12:18:34 -0600 From: Andrew Hesford <ajh3@chmod.ath.cx> To: richard childers <fscked@pacbell.net> Cc: Andrew Hesford <ajh3@chmod.ath.cx>, bcohen@bpecreative.com, freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: Re: FreeBSD Firewall vs. Black Ice Message-ID: <20010317121834.A41772@cec.wustl.edu> In-Reply-To: <3AB38160.EAC752EB@pacbell.net>; from fscked@pacbell.net on Sat, Mar 17, 2001 at 07:23:12AM -0800 References: <NNEMIHKLBKHCIJHJJFGPGEDGDNAA.bcohen@bpecreative.com> <3AB0CE99.FA945074@pacbell.net> <20010315091522.B2685@cec.wustl.edu> <3AB38160.EAC752EB@pacbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
First things first... I'm an EE, not an ME. So I don't care about moving
parts. Second, the cards that may be reseated aren't movable. Movable
parts as probable failure points are those which are constantly or
frequently moving, as in motors or relays. Cards become unseated when
people play with them, not on their own. They can't move on their own.
Since nobody is playing with my router, its cards won't become unseated.
In my ten-year computing history (I'm only 19), I have NEVER had to
reseat a card to solve a problem.
There is no hard drive in my router. If I had a hard disk, why would I
run PicoBSD off of a floppy? I'd just use a real FreeBSD install. The
idea behind this router is to keep noise and power consumption to a
minimum, so a clunky hard disk had to go.
As for failing floppy drives, every 3.5" floppy drive I've ever owned is
still fully functional, and many of those are older than the FreeBSD
project itself. While most haven't been used in a few years, they were
used regularly in their time, since that was the file transfer medium of
choice. The floppy drive in my router spins for five minutes at boot
time, and then it is never read again, until the next boot. This occurs
less frequently than every month, since reboots are only caused by cable
service interruptions and power failures.
It seems you are refuting my line about configurability with claims
against stability. I've addressed these stability issues, and I stand by
my configurability claims. As the Linksys router is kept in flash ROM
and information about the operating system is abundant, there is a
limited amount of configurability in the router. For one thing, upgrades
are subject to Linksys's firmware update schedule, whereas my PicoBSD
disk can be replaced by any RELENG_4 tree I desire. In addition, I
understand that only certain ports can be forwarded through the Linksys
router, namely 80 and 23. I can forward or drop any port I like.
In addition, I very highly doubt that the Linksys network interfaces are
configurable beyond IP address settings. For one thing, you are confined
to a single DHCP client on the outbound interface, which may not work
with all cable modems. I have only gotten my cable modem working with
dhcpcd and wide-dhcp (in the ports); it doesn't work with ISC's dhclient
or pump. Some cable modem users may be out of luck, but I can always
change my client. What about DSL modems that use PPPoE? I don't believe
the Linksys router has PPPoE capability, but if it does, I hear that
Linux's PPPoE implementation is buggy (assuming the router runs Linux).
As a final example, if I have more than 256 computers who want to share
a connection (this is a stretch, I know), or just want to break up my
sharing amongst different networks for ease of administration and
privacy, I can configure PicoBSD with an extra ethernet card or an alias
on a single card to handle NAT for extra networks. I don't believe the
Linksys router can do this.
Truthfully, when I talked about reliability, it was only referring to
reliability of software. However, your hardware stability points are
important, and did need to be addressed. But as far as software is
concerned, I heard it mentioned that someone suspects Linksys uses Linux
in the router. If this is true, PicoBSD has the advantage in stability
of the IP stack. As it was said on this list, Linux's IP stack is a
playground for Alan Cox, and is generally not nearly as stable as
FreeBSD's IP stack, which is based on 4.4BSD's stack, which is
considered the reference standard.
On Sat, Mar 17, 2001 at 07:23:12AM -0800, richard childers wrote:
> Summary for the impatient: moving parts are bad.
>
>
> "I always have to laugh, because it's $160-180, and it's probably not too
> configurable."
>
>
> I do not believe that there is any basis for considering a PC more reliable
> than a router.
>
> PCs generally have removable parts. This is good, because you can replace
> them; but it is bad, because they can move about and become disconnected; the
> interconnections between the components are at risk. And we all know how
> often a mysterious problem has been resolved by reseating the boards.
>
> It is generally a rule of thumb amongst mechanical engineers that there is a
> direct proportion between the number of moving parts in a given device and
> the probability that it will cease working as a result of these moving parts.
>
> In the case of a PC running PicoBSD, I would expect that the floppy would be
> the first to go - regardless of whether PicoBSD reads the floppy after
> bootup, repeatedly, or only reads the floppy once, and loads itself into
> memory.
>
> I haven't played with PicoBSD so I don't know if it has the capacity to log
> data to a hard drive but if it does that's your second probable point of
> failure. How many messages have you read over the past week from people whose
> drives were making noise? I count two or three.
>
> I encourage folks to secure their perimeters with multiple devices, which
> operate upon network traffic sequentially (IE, packets reach box B only by
> passing through box A).
>
> I would never encourage people to confuse potentially useful "choke point"
> hardware with the firewall itself; those whom bother to read the previous
> message from me on this thread, in full, will see that I never said anything
> else.
>
> ('The Screensavers'. What is this? The made-for-TV action drama based on the
> fish tank? :-)
--
Andrew Hesford
ajh3@chmod.ath.cx
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010317121834.A41772>