Julian Elischer wrote:
Peter Jeremy wrote:
On 2007-Apr-28 07:08:18 -0500, Jack Barnett <[EMAIL PROTECTED]>
wrote:
I plan on using NAT so both internal networks can get to the internets.
In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL,
IPFILTER and PF (BF?). I just need to do basic filtering and just a
few
port forwards. Nothing to fancy. Which one would be recommended?
Basically any of them will do what you want. The major differences are:
- IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland.
though that is just fine for your average DSL link.. it is in kernel in 7.0
It is also just fine on a fast cable modem. I ran for several years with
a low speed cable modem, around 1.5 - 2 Mbps, using nothing more than a
90MHz Pentium, with IPFW and NAT.
Gary
- IPfilter is the most portable.
- PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in
userland.
Userland NAT or proxies incur significantly higher overheads than
in-kernel equivalents (because the packets have to cross the
kernel/userland barrier twice). This may be an issue if you have a
very fast Internet connection and an underpowered firewall.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
