hi i have an ipfilter/ipnat box, that i'm using to protect an apache webserver. the machine is 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #1: Mon Aug 11 18:27:06 CDT 2003. the machine is a dell optiplex gx260 Intel(R) Pentium(R) 4 CPU 2.40GHz 512 mb of ram. it's been doing a fine job.
i'd like to get extra nics for this machine and stick additional servers, such as our win2k domain controllers, and a mysql box, possibly more, behind the firewall/nat. i wanted to ask - for a firewall/nat that would potentially be protecting multiple production machines, is ipfilter's performance comparable to production firewall appliances and software such as netscreen and symantec firewall? i'm the only unix person where i work, and sometimes it's hard to get projects green lighted when a) i'm the only one on staff who knows the technology and b) it probably seems hard to believe to windows admins that a little pentium3 box with 2 nic cards and hand written firewall rules can do the same thing as an appliance that some companies are charging tens of thousands of dollars for. i'd like to be able to present a case to my employers - that the ipfilter/ipnat box that i set up would be able to provide the performance of commercial firewall solutions, and was wondering if anyone knows of any benchmarks/reviews/etc. that i can cite. any comments welcome thanks as always redmond -- FreeBSD 5.1-RELEASE-p2 FreeBSD 5.1-RELEASE-p2 #0: Thu Aug 28 12:42:04 CDT 2003 2:45PM up 8 days, 1:42, 1 user, load averages: 0.73, 0.23, 0.13 "You should, without hesitation, pound your typewriter into a plowshare, your paper into fertilizer, and enter agriculture." -- Business Professor, University of Georgia
Description: PGP signature