On 2007-Apr-28 07:08:18 -0500, Jack Barnett <[EMAIL PROTECTED]> wrote: >I plan on using NAT so both internal networks can get to the internets. > >In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, >IPFILTER and PF (BF?). I just need to do basic filtering and just a few >port forwards. Nothing to fancy. Which one would be recommended?
Basically any of them will do what you want. The major differences are: - IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland. - IPfilter is the most portable. - PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in userland. Userland NAT or proxies incur significantly higher overheads than in-kernel equivalents (because the packets have to cross the kernel/userland barrier twice). This may be an issue if you have a very fast Internet connection and an underpowered firewall. -- Peter Jeremy
pgpbSvXzIKzfB.pgp
Description: PGP signature
