Date: Fri, 1 Oct 2010 10:29:11 +0100 From: krad <kraduk@gmail.com> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: freebsd-questions@freebsd.org Subject: Re: router / firewall with PF and carp. Message-ID: <AANLkTinGA6eGB7Tvo0bOLv0aAqbOCoq_JVx-OfAHHdNV@mail.gmail.com> In-Reply-To: <20101001001926.6ef8aa93@davenulle.org> References: <20101001001926.6ef8aa93@davenulle.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30 September 2010 23:19, Patrick Lamaiziere <patfbsd@davenulle.org>wrote: > Hi, > > We are in the process to replace two Cisco Pix firewalls and one Cisco > router with two servers running PF with carp. The network is large > (it is an University) and all will depend on this two machines. > > We have made some tests with OpenBSD, PF and OpenBGPD and it looks to > work (but we have to make a lot of more tests to validate this). > > I think that the support for an OpenBSD release is very small (only one > year) and I'm suggesting to use FreeBSD instead (we can expect ~3/4 > years of support if we follow a stable branch). > > I am an happy user of FreeBSD since some time - I mean that I know it is > not perfect and there are some bugs! - but I dont have any experience > running it as a router on a large network. So, are PF and carp expected > to work fine on FreeBSD or are there some known problems? > > Do you think that OpenBSD suits better for this? > > Thanks, regards. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > In my experiance freebsd should work fine. However I would say openbsd is probably better suited to your needs, due to its tighter security model (auditing) You will also get a newer version of pf with openbsd. If you get issues with openBGP would could look at quagga. I have used it in the past but havent for a while so am not sure of the state of it now.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinGA6eGB7Tvo0bOLv0aAqbOCoq_JVx-OfAHHdNV>