Firewall
Gary Corcoran
gcorcoran at rcn.com
Sun Apr 29 20:14:39 UTC 2007
Julian Elischer wrote:
> Peter Jeremy wrote:
>> On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett at gmail.com>
>> wrote:
>>> I plan on using NAT so both internal networks can get to the internets.
>>>
>>> In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL,
>>> IPFILTER and PF (BF?). I just need to do basic filtering and just a
>>> few
>>> port forwards. Nothing to fancy. Which one would be recommended?
>>
>> Basically any of them will do what you want. The major differences are:
>> - IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland.
>
> though that is just fine for your average DSL link.. it is in kernel in 7.0
It is also just fine on a fast cable modem. I ran for several years with
a low speed cable modem, around 1.5 - 2 Mbps, using nothing more than a
90MHz Pentium, with IPFW and NAT.
Gary
>
>> - IPfilter is the most portable.
>> - PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in
>> userland.
>>
>> Userland NAT or proxies incur significantly higher overheads than
>> in-kernel equivalents (because the packets have to cross the
>> kernel/userland barrier twice). This may be an issue if you have a
>> very fast Internet connection and an underpowered firewall.
>>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list