Date: Thu, 29 Jan 2009 15:09:46 -0800 From: Chris H <chris#@1command.com> To: freebsd-stable@freebsd.org Cc: Chris Peterson <chris@lameness.info> Subject: Re: Replace Cisco IOS/CBOS with freebsd - possible? Message-ID: <20090129150946.8kkcd8e34c8840ws@webmail.1command.com> In-Reply-To: <F9598B04-9CAD-4785-89E8-513095252B18@lamness.info> References: <20090129015034.7dxisep21w04gksg@webmail.1command.com> <0bca01c98202$a6124350$f236c9f0$@co.uk> <20090129051522.a92df0myf44gsko4@webmail.1command.com> <62b856460901290538x5d857f08ka3b2ffb5a7aa8e7f@mail.gmail.com> <20090129060243.adauuua9eokcsos8@webmail.1command.com> <F9598B04-9CAD-4785-89E8-513095252B18@lamness.info>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, and thank you for your reply. Quoting Chris Peterson <chris@lameness.info>: > Pfsense sounds like exactly what you're looking for. It's a stripped > down freeBSD Don't get me wrong, I think pfSense goes a long way to my intended goal - not the least of which, is pfDNS. I haven't written it off by any means. > with a fancy web interface (well, not too fancy, To be honest - the first thing I'd do, is strip the (any) GUI stuff out. I have no issue with opening a terminal shell via cu - tip(1). In fact, for security reasons, I'd prefer to insure that the only access available is over a serial port (local). Not to mention the size/space savings gains. :) > it's been incredibly stable for me). I've deployed it a couple times > in pseudo production environments and it's been holding up well for > the last 1.5years+. > > You can also check out > http://www.netgate.com/product_info.php?cPath=60_84&products_id=492 > for a nice PIX-sized chasis for pfsense if you need a small box. Looks intriguing. The only real advantage I see here, would be the amount of ram available. The 837 I propose to use, only supports 64Mb. Thanks again for your infoamative response. --Chris > > On Jan 29, 2009, at 6:02 AM, Chris H wrote: > >> Hello, and thank you for your reply. >> >> Quoting Michael Grant <mg-fbsd3@grant.org>: >> >>> On Thu, Jan 29, 2009 at 2:15 PM, Chris H <chris#@1command.com> wrote: >>>> Hello, and thank you for your reply. >>>> >>>> While it's not /exactly/ what I was looking for - it's close. :) >>>> The "filtering" capability is my biggest gripe on the Cisco >>>> *DSL products. They're just not as /capable/ as is offered in >>>> FBSD. DNS is another plus (pfDNS). But I don't think I'd be >>>> modify pfDNS to accomodate BIND, or unbound. Although tinydns >>>> might be able to fit the bill. Oh well, it's close - thanks >>>> for the pointer. :) >>> >>> You can run iptables on openwrt. >> >> Actually, I was thinking more along the lines of pf(4). I think it's >> more efficient - especially combined with all the network tuning that >> has been done recently by Robert Watson, John Baldwin, Mohan Srinivasan, >> Peter Wemm, and others. Another reason I'm so inclined to be FBSD centric >> on this. :) >> >>> You can compile most anything for >>> it, you're only limited by it's memory and cpu. I'm not familiar with >>> pfDNS. But if it runs on freebsd, it probably can be made to run on >>> openwrt as well. >> >> Indeed, it's running a FreeBSD base. But like you said; CPU, and Memory >> are the only boundries here. Will need to do more research to compare >> limits against a /desired/ install base. >> >> Thanks again for the reply. >> >> --Chris >> >>> >>> Michael >>> >> >> >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org " > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090129150946.8kkcd8e34c8840ws>