From owner-freebsd-questions@FreeBSD.ORG Fri Oct 1 09:29:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FC021065673 for ; Fri, 1 Oct 2010 09:29:15 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id B638F8FC16 for ; Fri, 1 Oct 2010 09:29:13 +0000 (UTC) Received: by fxm9 with SMTP id 9so2466078fxm.13 for ; Fri, 01 Oct 2010 02:29:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=rIF7dgg31lfE2XVV5UgUYd+VtsY/yD4twP5zBCHhOIk=; b=s9ZBHzCw65KSkLkn2wcgy96MK/DTqQzn/XGqBvIZyfP/GPrZXJhNpdMZ9803GgYIs/ 0drZqnxGPzteOD0iAWR4VrHDUmyvoC/Tr12kiHMzCrWoo2zsCLMnN8ioNDWkVpA/KdAw LF+stlBLw+YT+ECqtNUvW9H90EyE6bb2d6TJI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=hmvVsmUpPY0g2ctoXv/j2Zkog3DjN9B9LpcAt+FgArjZ+GPNtdqjCt/XBxrFKvuHgJ Uj1WOyV7tT8qWfagBrc1ArrKqoh8xLHfvvvcyvL+EyqoxL0n1RpLQYJDsVIFWFLq0Rrt hoi/OH8gsTRQPVfbET6nlYjK16IKX9esiKdcA= MIME-Version: 1.0 Received: by 10.103.24.15 with SMTP id b15mr2435075muj.39.1285925351873; Fri, 01 Oct 2010 02:29:11 -0700 (PDT) Received: by 10.103.68.9 with HTTP; Fri, 1 Oct 2010 02:29:11 -0700 (PDT) In-Reply-To: <20101001001926.6ef8aa93@davenulle.org> References: <20101001001926.6ef8aa93@davenulle.org> Date: Fri, 1 Oct 2010 10:29:11 +0100 Message-ID: From: krad To: Patrick Lamaiziere Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: router / firewall with PF and carp. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2010 09:29:15 -0000 On 30 September 2010 23:19, Patrick Lamaiziere wrote: > Hi, > > We are in the process to replace two Cisco Pix firewalls and one Cisco > router with two servers running PF with carp. The network is large > (it is an University) and all will depend on this two machines. > > We have made some tests with OpenBSD, PF and OpenBGPD and it looks to > work (but we have to make a lot of more tests to validate this). > > I think that the support for an OpenBSD release is very small (only one > year) and I'm suggesting to use FreeBSD instead (we can expect ~3/4 > years of support if we follow a stable branch). > > I am an happy user of FreeBSD since some time - I mean that I know it is > not perfect and there are some bugs! - but I dont have any experience > running it as a router on a large network. So, are PF and carp expected > to work fine on FreeBSD or are there some known problems? > > Do you think that OpenBSD suits better for this? > > Thanks, regards. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > In my experiance freebsd should work fine. However I would say openbsd is probably better suited to your needs, due to its tighter security model (auditing) You will also get a newer version of pf with openbsd. If you get issues with openBGP would could look at quagga. I have used it in the past but havent for a while so am not sure of the state of it now.