From owner-freebsd-current  Mon Dec 28 14:25:52 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA01939
          for freebsd-current-outgoing; Mon, 28 Dec 1998 14:25:52 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from mail1.twcny.rr.com (mail1-1.twcny.rr.com [24.92.226.139])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA01932
          for <freebsd-current@FreeBSD.ORG>; Mon, 28 Dec 1998 14:25:49 -0800 (PST)
          (envelope-from klmac@twcny.rr.com)
Received: from [192.168.0.2] ([24.92.243.36]) by mail1.twcny.rr.com
          (Post.Office MTA v3.5.2 release 221 ID# 0-53939U80000L80000S0V35)
          with ESMTP id com for <freebsd-current@FreeBSD.ORG>;
          Mon, 28 Dec 1998 17:22:27 -0500
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: klmac@pop-server
Message-Id: <v04020a01b2adb5162400@[192.168.0.2]>
In-Reply-To: <19981228171401.B1333@ns1.adsu.bellsouth.com>
References: 
 <Pine.BSF.4.05.9812281601360.13575-100000@gamefish.pcola.gulf.net>; from
 Phillip Salzman on Mon, Dec 28, 1998 at 04:04:16PM -0600
 <Pine.BSF.4.05.9812280839130.14811-100000@janus.syracuse.net>
 <Pine.BSF.4.05.9812281601360.13575-100000@gamefish.pcola.gulf.net>
Date: Mon, 28 Dec 1998 17:25:32 -0500
To: freebsd-current@FreeBSD.ORG
From: Ken McKittrick <klmac@twcny.rr.com>
Subject: keeping IPFILTER  (was Re: wanton Atticizing is bad)
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello

I don't see how dumping IPFILTER would be a good thing. It is actively
supported by the developer and runs on Linux, Solaris, *BSD, etc.

Ken

>On Mon, Dec 28, 1998 at 04:04:16PM -0600, Phillip Salzman wrote:
>> > You can do that with natd.
>>
>> 	That is possible, but not logical.  Say you have 2000
>> dialup users attempting to access the web at the same time... all
>> coming from different IP addresses -- would you want the packet
>> scanning to go at the Cisco, or at the NATd?  Its simple to do
>> a transparent proxy from the cisco, and does not require too much on
>> the squid side (IPFILTER), with less on the router.
>
>I thought the issue was, given IPFILTER or IPFW, can we do everything with
>IPFW that IPFILTER and other kludges did?  So that we can start to phase
>out IPFILTER.
>
>Cisco's can't do transparent redirection at the present time.  The do speak
>WCCP however.  No, source routing is not an option.
>
>IMHO, we can argue all day long whether we want a FreeBSD or a Cisco in the
>datapath.  Knowing both network stacks quite well, I'd vote for a Cisco
>anytime.  But others may not feel the same way (for whatever reason) and
>want the FreeBSD box to do it.
>
>Anyone ever done any performance benchmarking on natd/IPFILTER/IPFW?
>
>Cheers,
>Chris
>
>--
>Frisbeetarianism, n.:
>    The belief that when you die, your soul goes up on the roof and gets
>stuck.
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-current" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message