From owner-freebsd-net@FreeBSD.ORG Sun Apr 29 20:14:39 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7134C16A404 for ; Sun, 29 Apr 2007 20:14:39 +0000 (UTC) (envelope-from gcorcoran@rcn.com) Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net [207.172.157.102]) by mx1.freebsd.org (Postfix) with ESMTP id 1B0F513C457 for ; Sun, 29 Apr 2007 20:14:38 +0000 (UTC) (envelope-from gcorcoran@rcn.com) Received: from mr02.lnh.mail.rcn.net ([207.172.157.22]) by smtp02.lnh.mail.rcn.net with ESMTP; 29 Apr 2007 15:45:39 -0400 Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11]) by mr02.lnh.mail.rcn.net (MOS 3.8.3-GA) with ESMTP id NGA08009; Sun, 29 Apr 2007 15:45:38 -0400 (EDT) Received: from 207-172-55-230.c3-0.tlg-ubr5.atw-tlg.pa.cable.rcn.com (HELO [10.56.78.161]) ([207.172.55.230]) by smtp01.lnh.mail.rcn.net with ESMTP; 29 Apr 2007 15:45:35 -0400 Message-ID: <4634F6DF.40701@rcn.com> Date: Sun, 29 Apr 2007 15:49:51 -0400 From: Gary Corcoran User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: Julian Elischer References: <20070429112838.GH848@turion.vk2pj.dyndns.org> <4634F0B0.5060007@elischer.org> In-Reply-To: <4634F0B0.5060007@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Junkmail-Whitelist: YES (by domain whitelist at mr02.lnh.mail.rcn.net) Cc: Peter Jeremy , freebsd-net@freebsd.org, Jack Barnett Subject: Re: Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Apr 2007 20:14:39 -0000 Julian Elischer wrote: > Peter Jeremy wrote: >> On 2007-Apr-28 07:08:18 -0500, Jack Barnett >> wrote: >>> I plan on using NAT so both internal networks can get to the internets. >>> >>> In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, >>> IPFILTER and PF (BF?). I just need to do basic filtering and just a >>> few >>> port forwards. Nothing to fancy. Which one would be recommended? >> >> Basically any of them will do what you want. The major differences are: >> - IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland. > > though that is just fine for your average DSL link.. it is in kernel in 7.0 It is also just fine on a fast cable modem. I ran for several years with a low speed cable modem, around 1.5 - 2 Mbps, using nothing more than a 90MHz Pentium, with IPFW and NAT. Gary > >> - IPfilter is the most portable. >> - PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in >> userland. >> >> Userland NAT or proxies incur significantly higher overheads than >> in-kernel equivalents (because the packets have to cross the >> kernel/userland barrier twice). This may be an issue if you have a >> very fast Internet connection and an underpowered firewall. >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >