Le 03/05/2007 à 09:17:01-0700, [EMAIL PROTECTED] a écrit > Hi, > > I have some time to come up with a new firewall/router/vpn solution > for our datacentre, and I'm considering a shiny new server with > OpenBSD and pf instead of a costly PIX. On the part of our network > that I'm doing this for we might see maximum 20Mbit/s unencrypted > traffic. > > Is anyone using an OpenBSD/pf solution in a production environment > like this? What hardware are you using? How's it holding up? :-)
Until last year i'm using FreeBSD/ipfw with 3 networks interface two for two classrooms (120 PC & 80 PC) and the last connect to the Internet. The hardware is a single PC (PII 400 Mhz) with 3 NIC. There are no problem to make a ftp throught this router/firewall with 100Mbit/s Last year I'm re-install this old PC (6 years) by a new one (HP Proliant) with 4 nic for the same purpose. But I'm using FreeBSD/pf because it's more easy to use something like bruteforce (dynamicaly add some rule). Of course the performance is very good. I've some < 200 rules in my /etc/pf.conf. When I'm using FreeBSD/ipfw I'm use Qos too for limiting bandwith for some protocol. It's work very fine. Now I'm not need Qos then I can tell you what ALTQ (Qos for pf) work or not. I'm guess it's work perfectly. > combination and succeeded, and whether they've implemented hot > failover etc. I'm never use failover. I've one PC to do firewall/router and I've the 2 config file (/etc/rc.conf and /etc/pf.conf) in good place. If the server crash I need less thant 1 hour to make a new one in production. I'm never use VPN. > Thanks in advance, HTH. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Ven 4 mai 2007 15:39:54 CEST
