On 28/05/2010 12:31, Svein Skogen (Listmail Account) wrote:
On 27.05.2010 17:00, Kevin Wilcox wrote:
Hello everyone.
We're in the very early stages of considering [Free|Open]BSD on
commodity hardware to handle NAT *and* firewall duties for (what I
consider to be) a sizable deployment. Overall bandwidth is low, only a
gigabit connection, but we handle approximately fifteen thousand
devices. DHCP and DNS would be passed through to other servers, this
hardware would only be responsible for address translation and pf.
I've done this on a very, very small scale (small/home office, small
business) but I'm curious how many other folks are doing it on this
scale, the hardware they are running on and any "gotchas" they may
have faced. Does pf on FreeBSD take advantage of multiple cores/SMP?
Is it preferable, as with OpenBSD, to go for a very stout processor
without much consideration to cores? Would freebsd-net@ be a better
place to ask this?
I'm getting ready to start digging in to memory and other resources
needed based on available documentation but real-world usage is much
preferred to my academic assessment.
Actually, I'd find an answer from the FreeBSD Networking gurus useful as
well. My trusted Cisco 3640 is getting old (had it's
ten-years-of-service birthday a little while ago), so I guess I must be
prepared to replace it with something new. Preferrably something that
can do proper NAT port mapping to the inside servers in an
RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming
VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC
tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with
crypto for remote-sites, etc
If somebody has a good starting-point for documentation on these
features, I'm more than willing to "do a procject on it" to create a
mini-howto/handbook-section on "setting up FreeBSD as your border
gateway", provided I have someone to ask when the documentation is ...
flaky. ;)
This is possibly the wrong place to be saying this, but isn't OpenBSD
usually recommended for
routers? I believe the version of pf, for example, is normally kept more
up-to-date than than
in FreeBSD. The major downside I know of is that it's not nearly as
user-friendly; for example
my recollection of its installer is that you have to input sector
offsets manually in the partition editor!
--
Bruce Cran
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
