Date: Wed, 21 Jul 2004 15:25:43 -0400 (EDT) From: "Steve Bertrand" <iaccounts@ibctech.ca> To: "Micheal Patterson" <micheal@tsgincorporated.com> Cc: freebsd-questions@freebsd.org Subject: Re: Firewall, OpenVPN and Squid question Message-ID: <3193.209.167.16.15.1090437943.squirrel@209.167.16.15> In-Reply-To: <0e6601c46f57$9b486f70$4df24243@tsgincorporated.com> References: <2D5D66504FBF4E4FB3A199F121C862382D08E0@exch1.nfmwe.com> <0e6601c46f57$9b486f70$4df24243@tsgincorporated.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> I have around 100 users at our site that would require the use of squid, > we >> house are own webserver, mail server, public DNS servers in the DMZ and >> 2 >> private DNS servers on the internal network, used by both Internal and >> VPN >> users. >> >> Sites connecting Gateway to Gateway, there are apprx as follows; >> Site 1 - 25 users >> Site 2 - 5 users >> Site 3 - 12 users >> Our site VPN users are Apprx 25, and about 50% of them are connected at > any >> given time. >> >> My first thought is to put up a Firewall box that can the load of > publishing >> many internal boxes and "publish" a box with OpenVPN and another for >> SQUID >> and just keep them all separate. >> >> Will this setup put to much strain on the FIREWALL box or will it have >> no >> problem handling the NAT/ROUTING in this configuration. >> >> Thanks in advance >> Paul >> > > Considering that many of the current hardware firewall solutions aren't > much > more than either a BSD or Linux kernel in a ROM chip, with a 486 or 586 > based cpu, memory, and a nice gui (Windows or Internal Web interface), I > can't see why a similar system on a PC would be any different. > Yes, but take into consideration disk reads/writes. It is possible to eliminate these tasks, and I have even done setups where everything was flashed onto a CF card (ro) (obviously w/o logging capabilities). I did a custom build, frequently referring to: http://neon1.net/misc/minibsd.html and put the system on an IDE->CF card converter. Steve > -- > > Micheal Patterson > TSG Network Administration > 405-917-0600 > > Confidentiality Notice: This e-mail message, including any attachments, > is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3193.209.167.16.15.1090437943.squirrel>