Date: Fri, 1 Oct 2010 09:17:40 -0300 From: jorge espada <espada.jorge@gmail.com> To: krad <kraduk@gmail.com> Cc: Patrick Lamaiziere <patfbsd@davenulle.org>, freebsd-questions@freebsd.org Subject: Re: router / firewall with PF and carp. Message-ID: <AANLkTin3MMHv7JEg=CuOkOYQEUdFre2Gp_3aZcNPz9FG@mail.gmail.com> In-Reply-To: <AANLkTinGA6eGB7Tvo0bOLv0aAqbOCoq_JVx-OfAHHdNV@mail.gmail.com> References: <20101001001926.6ef8aa93@davenulle.org> <AANLkTinGA6eGB7Tvo0bOLv0aAqbOCoq_JVx-OfAHHdNV@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I can say that both of them are pretty good choice, in my personal experience I had the same configuration that you are planning to implement qith two servers on OpenBsd 4.6 + carp+ bgp as a router in a huge network , the only problem was some well know bug with carp and bgp..that for some reason some times one of the server nic (carp-backup) try to became master, when wasn't necesary... and the routes were screwed up. But now with the new openbsd 4.8, if i were you I would give it a try Jorge E. Espada On Fri, Oct 1, 2010 at 6:29 AM, krad <kraduk@gmail.com> wrote: > On 30 September 2010 23:19, Patrick Lamaiziere <patfbsd@davenulle.org > >wrote: > > > Hi, > > > > We are in the process to replace two Cisco Pix firewalls and one Cisco > > router with two servers running PF with carp. The network is large > > (it is an University) and all will depend on this two machines. > > > > We have made some tests with OpenBSD, PF and OpenBGPD and it looks to > > work (but we have to make a lot of more tests to validate this). > > > > I think that the support for an OpenBSD release is very small (only one > > year) and I'm suggesting to use FreeBSD instead (we can expect ~3/4 > > years of support if we follow a stable branch). > > > > I am an happy user of FreeBSD since some time - I mean that I know it is > > not perfect and there are some bugs! - but I dont have any experience > > running it as a router on a large network. So, are PF and carp expected > > to work fine on FreeBSD or are there some known problems? > > > > Do you think that OpenBSD suits better for this? > > > > Thanks, regards. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > > > In my experiance freebsd should work fine. However I would say openbsd is > probably better suited to your needs, due to its tighter security model > (auditing) You will also get a newer version of pf with openbsd. If you get > issues with openBGP would could look at quagga. I have used it in the past > but havent for a while so am not sure of the state of it now. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin3MMHv7JEg=CuOkOYQEUdFre2Gp_3aZcNPz9FG>