Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Dec 1998 17:25:32 -0500
From:      Ken McKittrick <klmac@twcny.rr.com>
To:        freebsd-current@FreeBSD.ORG
Subject:   keeping IPFILTER  (was Re: wanton Atticizing is bad)
Message-ID:  <v04020a01b2adb5162400@[192.168.0.2]>
In-Reply-To: <19981228171401.B1333@ns1.adsu.bellsouth.com>
References:   <Pine.BSF.4.05.9812281601360.13575-100000@gamefish.pcola.gulf.net>; from Phillip Salzman on Mon, Dec 28, 1998 at 04:04:16PM -0600 <Pine.BSF.4.05.9812280839130.14811-100000@janus.syracuse.net> <Pine.BSF.4.05.9812281601360.13575-100000@gamefish.pcola.gulf.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello

I don't see how dumping IPFILTER would be a good thing. It is actively
supported by the developer and runs on Linux, Solaris, *BSD, etc.

Ken

>On Mon, Dec 28, 1998 at 04:04:16PM -0600, Phillip Salzman wrote:
>> > You can do that with natd.
>>
>> 	That is possible, but not logical.  Say you have 2000
>> dialup users attempting to access the web at the same time... all
>> coming from different IP addresses -- would you want the packet
>> scanning to go at the Cisco, or at the NATd?  Its simple to do
>> a transparent proxy from the cisco, and does not require too much on
>> the squid side (IPFILTER), with less on the router.
>
>I thought the issue was, given IPFILTER or IPFW, can we do everything with
>IPFW that IPFILTER and other kludges did?  So that we can start to phase
>out IPFILTER.
>
>Cisco's can't do transparent redirection at the present time.  The do speak
>WCCP however.  No, source routing is not an option.
>
>IMHO, we can argue all day long whether we want a FreeBSD or a Cisco in the
>datapath.  Knowing both network stacks quite well, I'd vote for a Cisco
>anytime.  But others may not feel the same way (for whatever reason) and
>want the FreeBSD box to do it.
>
>Anyone ever done any performance benchmarking on natd/IPFILTER/IPFW?
>
>Cheers,
>Chris
>
>--
>Frisbeetarianism, n.:
>    The belief that when you die, your soul goes up on the roof and gets
>stuck.
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-current" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04020a01b2adb5162400>