On Friday, September 21, 2012, Vieri wrote: > > --- On Fri, 9/21/12, Jostein Elvaker Haande <[email protected]<javascript:;>> > wrote: > > > > Hi, > > > > > > How "unstable" would it be to install a database server > > such as MySQL on pfSense? > > > Why would you not recommend installing MySQL on > > pfSense, supposing I'd want it to do more than firewalling > > (apart from the possible MySQL software "security" leaks). > > > > Hello Vieri, > > > > The whole point of a firewall is to add security to your > > infrastructure. The way pfSense acheives this, is by acting > > as a > > secure entry point for your network. One of the reasons > > pfSense is > > secure, is that it only runs a limited set of services, > > thus > > minimizing the risk of potential threats posed by flaws in > > the > > programs/services running on the pfSense machine. > > > > By introducing more programs/services on the pfSense machine > > that > > doesn't really have *anything* to do with a firewall, you > > add an extra > > unnecessary layer of potential threats that might be exposed > > if > > someone gains access to your pfSense box or machines sitting > > behind > > it. > > > > The simple rule of firewalling: don't run anything that > > isn't needed > > on your firewall, keep it simple, keep it safe, and you'll > > be able to > > sleep tight at night :) > > > > You'd do yourself a *huge* favour by ditching your plans of > > getting > > mysql to run on your pfSense, and run it on another machine > > on your > > network. > > Thanks, I got it. However, suppose I did install it (just for kicks). > Would the MySQL server installed on pfSense run just as stable as if it > were installed on a native FreeBSD system? (supposing for a moment that > "security" is not an issue - I'm referring to stability and performance) > > Vieri > > _______________________________________________ > List mailing list > [email protected] <javascript:;> > http://lists.pfsense.org/mailman/listinfo/list >
Yes, it should be stable. In testing, I have been able to run all kinds of other services on a pfSense box that I use for testing. The main issue will likely be network performance. As has been discussed many times on this list in the past, software routing is inherently slower than routing at a hardware level using purpose-built devices. Any additional services running on the firewall/router can usually only reduce network performance. That said, you can test easily to determine wether this will be an issue for you. If you do simultaneous database- and network- stress tests, you can compare the results to one-at-a-time tests of database and network independently. -- -- Moshe Katz -- [email protected] -- +1(301)867-3732
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
