Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Jan 2009 15:09:46 -0800
From:      Chris H <chris#@1command.com>
To:        freebsd-stable@freebsd.org
Cc:        Chris Peterson <chris@lameness.info>
Subject:   Re: Replace Cisco IOS/CBOS with freebsd - possible?
Message-ID:  <20090129150946.8kkcd8e34c8840ws@webmail.1command.com>
In-Reply-To: <F9598B04-9CAD-4785-89E8-513095252B18@lamness.info>
References:  <20090129015034.7dxisep21w04gksg@webmail.1command.com> <0bca01c98202$a6124350$f236c9f0$@co.uk> <20090129051522.a92df0myf44gsko4@webmail.1command.com> <62b856460901290538x5d857f08ka3b2ffb5a7aa8e7f@mail.gmail.com> <20090129060243.adauuua9eokcsos8@webmail.1command.com> <F9598B04-9CAD-4785-89E8-513095252B18@lamness.info>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello, and thank you for your reply.

Quoting Chris Peterson <chris@lameness.info>:

> Pfsense sounds like exactly what you're looking for. It's a stripped  
> down freeBSD

Don't get me wrong, I think pfSense goes a long way to my intended
goal - not the least of which, is pfDNS. I haven't written it off
by any means.

> with a fancy web interface (well, not too fancy,

To be honest - the first thing I'd do, is strip the (any) GUI stuff
out. I have no issue with opening a terminal shell via cu - tip(1).
In fact, for security reasons, I'd prefer to insure that the only
access available is over a serial port (local). Not to mention the
size/space savings gains. :)

> it's been incredibly stable for me). I've deployed it a couple times 
> in  pseudo production environments and it's been holding up well for 
> the  last 1.5years+.
>
> You can also check out 
> http://www.netgate.com/product_info.php?cPath=60_84&products_id=492  
> for a nice PIX-sized chasis for pfsense if you need a small box.

Looks intriguing. The only real advantage I see here, would be the
amount of ram available. The 837 I propose to use, only supports 64Mb.

Thanks again for your infoamative response.

--Chris

>
> On Jan 29, 2009, at 6:02 AM, Chris H wrote:
>
>> Hello, and thank you for your reply.
>>
>> Quoting Michael Grant <mg-fbsd3@grant.org>:
>>
>>> On Thu, Jan 29, 2009 at 2:15 PM, Chris H <chris#@1command.com> wrote:
>>>> Hello, and thank you for your reply.
>>>>
>>>> While it's not /exactly/ what I was looking for - it's close. :)
>>>> The "filtering" capability is my biggest gripe on the Cisco
>>>> *DSL products. They're just not as /capable/ as is offered in
>>>> FBSD. DNS is another plus (pfDNS). But I don't think I'd be
>>>> modify pfDNS to accomodate BIND, or unbound. Although tinydns
>>>> might be able to fit the bill. Oh well, it's close - thanks
>>>> for the pointer. :)
>>>
>>> You can run iptables on openwrt.
>>
>> Actually, I was thinking more along the lines of pf(4). I think it's
>> more efficient - especially combined with all the network tuning that
>> has been done recently by Robert Watson, John Baldwin, Mohan  Srinivasan,
>> Peter Wemm, and others. Another reason I'm so inclined to be FBSD  centric
>> on this. :)
>>
>>> You can compile most anything for
>>> it, you're only limited by it's memory and cpu.  I'm not familiar  with
>>> pfDNS.  But if it runs on freebsd, it probably can be made to run on
>>> openwrt as well.
>>
>> Indeed, it's running a FreeBSD base. But like you said; CPU, and  Memory
>> are the only boundries here. Will need to do more research to compare
>> limits against a /desired/ install base.
>>
>> Thanks again for the reply.
>>
>> --Chris
>>
>>>
>>> Michael
>>>
>>
>>
>>
>> _______________________________________________
>> freebsd-stable@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org "
>
>






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090129150946.8kkcd8e34c8840ws>