From owner-freebsd-isp Wed Jun 30 17: 0: 8 1999 Delivered-To: freebsd-isp@freebsd.org Received: from uq.net.au (fox.uq.net.au [203.101.255.1]) by hub.freebsd.org (Postfix) with ESMTP id 7670B15595 for ; Wed, 30 Jun 1999 16:59:47 -0700 (PDT) (envelope-from mynet@uq.net.au) Received: from uq.net.au (dyn-17-182.dialin.uq.net.au [203.100.17.182]) by uq.net.au (8.9.3/8.9.3) with ESMTP id JAA15720; Thu, 1 Jul 1999 09:59:28 +1000 (GMT+1000) Message-ID: <377AAF9B.89017EBE@uq.net.au> Date: Thu, 01 Jul 1999 10:00:27 +1000 From: Andrew X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Mitch Vincent Cc: freebsd-isp@freebsd.org Subject: Re: Using one FreeBSD box as router/firewall/vpn References: <01b201bec30b$f2cf96e0$0200000a@windows.cygone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You use a ram disk for the parts that need to be witeable or you could have them mouted via NFS or SMBFS but kinda defeats the security aspect a bit. There is no decrease in speed except for when the system is loading. From there it all runs from ram ( which the machine would have plenty of ). You would not use this for a server but for a firewall where all you are doing is routing/filetrting/blocking packets then this is an interesting way to bring down cost and improve reliablity. If something happens and you are not in the office you simply inform the office staff to hit the reset switch. Andrew Mitch Vincent wrote: > > > >A novel idea though that I have seen done is burning > >the whole OS to a bootable CD-rom. > > > >The great thing is you have no danger of the HD crashing > >and even if someone finds a way in theres not a much they > >can do that a reboot wont fix ;) > How in the world would you do that? You would still have to have writable > filesystems for the OS to function properly. I suppose you could put system > binaries and such on the CD, but then you're talking about a horribly > decrease in speed. > > Ack, when you can just read up and secure your box, I don't think that > drastic of a measure is needed :-) > > - Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message