RE: Is anyone running Novells eDirectory on Freebsd
No answers I guess means either it is a stupid question or a definite NO. Thanks anyway -Original Message- From: Paul Hillen [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 1:57 PM To: [EMAIL PROTECTED] Subject: Is anyone running Novells eDirectory on Freebsd Hi everyone, I want to know if anyone out there is running Novell's eDirectory on FreeBSD and if so, what OS version. I am at moving from an NT Domain and would like to look into eDirectory, but I really don't like Linux as much as FreeBSD. I know FreeBSD has Linux compatibility, but I need to know if anyone is actually using it. Thanks in advance Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Is anyone running Novells eDirectory on Freebsd
Hi everyone, I want to know if anyone out there is running Novell's eDirectory on FreeBSD and if so, what OS version. I am at moving from an NT Domain and would like to look into eDirectory, but I really don't like Linux as much as FreeBSD. I know FreeBSD has Linux compatibility, but I need to know if anyone is actually using it. Thanks in advance Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Application level inspection - firewall?
Quick question, is there an Application Level firewall available to FreeBSD. I understand IPFilter is a stateful packet filter, but has it or any other packages moved to the next level - Application Level Inspection? Sorry I am all googled out on this one. Thanks Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall, OpenVPN and Squid question
Want to thank you guys for your help; I setup my first firewall last night. Granted it is basic, and have a lot of work to do yet, but it's a start. It is routing and letting my test machines access the web. Hopefully the last question (yeah right) I decided to use IPFILTER and appears to be easy enough - just have to get use to the syntax. Does anyone know if IPFILTER can pass/block based on MAC ADDRESS instead of just IP address. I can not find anything on Goggle unless I am simply doing an incorrect query. Thanks again Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firewall, OpenVPN and Squid question
Hi everyone, I am relatively new to the Unix world, have setup a couple TINYDNS server and a postfix relay server, so that is the extent of my FreeBSD knowledge. I have 2 Microsoft ISA servers in a BACK to BACK configuration providing a DMZ in-between that I would like to get rid of, way more trouble than what they are worth. They work well for about a month and then the performance goes south. There are 3 remote sites connecting to our network using GATEWAY to GATEWAY VPN and around 25 remote VPN users that must be dealt with also. Last item, there is a chance that I will have to connect 3 more remote sites into the picture within the next 6 months, so this needs to be scalable to handle the load.. My question is, what is the best way to set this up. Here are my thoughts, but not sure what is the best way. * Setup one FreeBSD box that contains FIREWALL, SQUID and OPENVPN or * Setup 3 separate boxes to break up the work load. Many thanks in advance for being patient with what I am sure is stupid beginner questions to most of you. When giving your choice of which setup, please point me in the direction of the best resource to put it all together and the hardware requirement you would recommend. I have a truck load of PII 300 - 450's due to upgrades, so if I can use them great, if not, time to go on a spending spree. Thanks again Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall, OpenVPN and Squid question
I have around 100 users at our site that would require the use of squid, we house are own webserver, mail server, public DNS servers in the DMZ and 2 private DNS servers on the internal network, used by both Internal and VPN users. Sites connecting Gateway to Gateway, there are apprx as follows; Site 1 - 25 users Site 2 - 5 users Site 3 - 12 users Our site VPN users are Apprx 25, and about 50% of them are connected at any given time. My first thought is to put up a Firewall box that can the load of publishing many internal boxes and publish a box with OpenVPN and another for SQUID and just keep them all separate. Will this setup put to much strain on the FIREWALL box or will it have no problem handling the NAT/ROUTING in this configuration. Thanks in advance Paul -Original Message- From: Steve Bertrand [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 2:10 PM To: Paul Hillen Cc: [EMAIL PROTECTED] Subject: Re: Firewall, OpenVPN and Squid question There are 3 remote sites connecting to our network using GATEWAY to GATEWAY VPN and around 25 remote VPN users that must be dealt with also. Last item, there is a chance that I will have to connect 3 more remote sites into the picture within the next 6 months, so this needs to be scalable to handle the load.. My question is, what is the best way to set this up. Here are my thoughts, but not sure what is the best way. * Setup one FreeBSD box that contains FIREWALL, SQUID and OPENVPN or * Setup 3 separate boxes to break up the work load. What will the load requirements be? (How many users will require the use of squid). I have a FBSD PIII 800 w/256M RAM as a firewall for one of our clients, with 3 OpenVPN instances running simultaneously (Two are site-site, and one is an XP-client-site). The box is also performing NAT (ipfw/natd) for the internal users, which when all are accounted for equal ~120, and I find it works great. There are about 30 users through the VPN's, though usually never on all at the same time. Depending on caching requirements though, you might be better off splitting that off onto it's own box, especially if you have the hardware readily available as you suggest. YMMV. Steve Many thanks in advance for being patient with what I am sure is stupid beginner questions to most of you. When giving your choice of which setup, please point me in the direction of the best resource to put it all together and the hardware requirement you would recommend. I have a truck load of PII 300 - 450's due to upgrades, so if I can use them great, if not, time to go on a spending spree. Thanks again Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall, OpenVPN and Squid question
From: Steve Bertrand [mailto:[EMAIL PROTECTED] I have around 100 users at our site that would require the use of squid, we house are own webserver, mail server, public DNS servers in the DMZ and 2 private DNS servers on the internal network, used by both Internal and VPN users. Sites connecting Gateway to Gateway, there are apprx as follows; Site 1 - 25 users Site 2 - 5 users Site 3 - 12 users Our site VPN users are Apprx 25, and about 50% of them are connected at any given time. My first thought is to put up a Firewall box that can the load of publishing many internal boxes and publish a box with OpenVPN and another for SQUID and just keep them all separate. Will this setup put to much strain on the FIREWALL box or will it have no problem handling the NAT/ROUTING in this configuration. Thanks in advance Paul Considering that many of the current hardware firewall solutions aren't much more than either a BSD or Linux kernel in a ROM chip, with a 486 or 586 based cpu, memory, and a nice gui (Windows or Internal Web nterface), I can't see why a similar system on a PC would be any different. I would have to guess if a hardware firewall like Watchguard that offers VPN also, that it would have to be beefer than that. Steve going back to your initial response about the PIII 800MHz network, are you using a proxy for the internal users or are they connecting directly to the firewall as their only means of getting out? It seems most hardware firewalls do not include a proxy server, just NAT/VPN, which in this case the proxy would be on a separate internal machine anyway. Comment about the ISA Server setup, which I actually like and not sure if I can pull off the same type of setup with FreeBSD. The setup is like this: External ISA Server (not actual ips)ISP / 10.10.10.6 | |- Postfix Relay Server10.10.10.5 |- TinyDNS for internet publishing 10.10.10.4 |- TinyDNS for internet publishing 10.10.10.3 |- Webserver 10.10.10.2 | |- Internal ISA Server 10.10.10.1 / 10.0.0.1 | |- Exchange Server 10.0.0.2 |- TinyDNS internal publishing 10.0.0.3 |- TinyDNS internal publishing 10.0.0.4 |- Rest of internal servers and network etc... External sites are actually creating a VPN tunnel with a VPN tunnel and it works good, but the ISA Server gets to flaky after about a month of use. I have rebuilt them more than ever thought I would. At this point I will be happy to just get the firewall and VPN to work, but I like the additional layer someone would have to break through in the above scenario. Yes, but take into consideration disk reads/writes. It is possible to eliminate these tasks, and I have even done setups where everything was flashed onto a CF card (ro) (obviously w/o logging capabilities). I did a custom build, frequently referring to: http://neon1.net/misc/minibsd.html and put the system on an IDE-CF card converter. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]