Hi Tony,

I have a /24 public subnet for a school district running behind an old pail
of proliant dual CPU (single core) opteron box, 2GB ram each. It is
ridiculous overkill with my 100Mbit pipe and ~10,000 simultaneous sessions.
I used to run squid on it, but moved that elsewhere as it made it just that
much simpler.

I moved from IPCop and have never looked back. pfSense is a way better
platform for this kind of task compared to any linux solution.

It is a bit hardware picky IMHO, so make sure to check the BSD HCL before
you jump.

Cheers,


On Wed, Feb 9, 2011 at 2:41 PM, Tony Zakula <tonyzak...@gmail.com> wrote:

> Hi,
>
> I have been using a Linux distribution router/firewall for a number of
> years for a small company.  I have been aware of Pfsense for a few
> years, but have never switched.  I am now in the position that we are
> going beyond a few servers and will be running web and email servers
> for third parties.  I am going to do a hardware upgrade and so I have
> a chance to switch.  A couple of questions to try to get a sense of
> the differences.
>
> Our layout, I would plan to install pfsense as the main router at the
> end of the ISP line.  We have lots of public ip addresses which will
> be mapped to VPS servers behind this machine.  I currently NAT all
> traffic, but was considering assigning the public ips to the VPSs
> themselves to simplify things.  Ranges of ip addresses have different
> subnets and gateways.
>
> IDS and updates is provided for a fee for us right now.  In a setup
> like this, is IDS a good idea?  Or will it probably cause headaches
> locking some clients out accidentally?  I would assume PFS is hardened
> to withstand attacks against it.  We have multiple wans, but we run
> all traffic on one pipe and lan traffic on the other which has another
> firewall to separate it from the servers.
>
> Would running a firewall on PFS in this situation be a good idea?  Or
> just run it as a router?
>
> The fail over sounds great, especially for a production environment.
> If I start with one machine now, can I add a second one later while
> things are running?
>
> We have a 5mb line, is a quad core processor with 4gb of ram overkill?
>  I will want to do ip accounting.
>
> Thanks for any info from the experts!
>
> TonyZ
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
> For additional commands, e-mail: discussion-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

Reply via email to