RE: *bsd firewall appliance?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DW Posted At: Thursday, July 13, 2006 2:06 PM Posted To: FreeBSD-Questions Conversation: *bsd firewall appliance? Subject: Re: *bsd firewall appliance? Philippe Lang wrote: [EMAIL PROTECTED] wrote: Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. Hi, Maybe a good start for you would be to have a look at http://www.m0n0.ch/wall/. WOW!! This is exactly what I was looking for and more! Can't wait to start trying it out! Thanks! Cheers, --- Philippe Lang Attik System ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi, If you like m0nowall also take a look at pfSense (www.pfsense.com)! Maybe worth your while. Regards, Lars. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
*bsd firewall appliance?
Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. Cheers, DW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *bsd firewall appliance?
DW [EMAIL PROTECTED] wrote: Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? Keep in mind that PC hardware does not make good switching/routing hardware for high loads. The way PCs are designed, you really can't put more than 2 network cards in and expect any kind of performance. If your PIX are serving simple gateway/firewall roles, then replacing with *BSD on a PC is possible. If they have many interfaces, you'll find that the PC hardware just can't switch packets at line speed, no matter what OS you put on it. 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. No. Proactive is the way to go. People who wait around for things to break are always fixing broken things. -- Bill Moran If you take sexual advantage of her, you're going to burn in a very special level of hell. A level they reserve for child molesters and people who talk at the theater. Shepherd Book ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: *bsd firewall appliance?
[EMAIL PROTECTED] wrote: Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. Hi, Maybe a good start for you would be to have a look at http://www.m0n0.ch/wall/. Cheers, --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
Re: *bsd firewall appliance?
Philippe Lang wrote: [EMAIL PROTECTED] wrote: Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. Hi, Maybe a good start for you would be to have a look at http://www.m0n0.ch/wall/. WOW!! This is exactly what I was looking for and more! Can't wait to start trying it out! Thanks! Cheers, --- Philippe Lang Attik System ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *bsd firewall appliance?
You clowns with your diskless servers just crack me up. Everyone brags about their years of uptime on their servers, yet you just can't put up a firewall or router without a disk. What, are you still using mfm drives or something? --- DW [EMAIL PROTECTED] wrote: Philippe Lang wrote: [EMAIL PROTECTED] wrote: Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. Hi, Maybe a good start for you would be to have a look at http://www.m0n0.ch/wall/. WOW!! This is exactly what I was looking for and more! Can't wait to start trying it out! Thanks! Cheers, --- Philippe Lang Attik System ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *bsd firewall appliance?
Danial Thom wrote: You clowns with your diskless servers just crack me up. Everyone brags about their years of uptime on their servers, yet you just can't put up a firewall or router without a disk. What, are you still using mfm drives or something? My motives have nothing to do with reliability; I am not philosophically opposed to disks or moving parts. I'm just reaching the point more often lately where I'm looking at: 1) Form factor (there are organizations where real estate holds almost as much premium as department funds). 2) Heat output (I just had 2 more 2-ton mini-split A.C. units installed -- that'll hold me for a while, but at the rate we're expanding, I don't want to be faced with a situation again where I'm looking at a box doing a small job like running BIND spitting out 1,000 BTU's/hour) 3) Power consumption (why draw more than necessary?) It seems that more and more my bottlenecks have nothing to do with performance or reliability, but rather physical facility management. It all adds up. --- DW [EMAIL PROTECTED] wrote: Philippe Lang wrote: [EMAIL PROTECTED] wrote: Hi all, Just doing some early morning brainstorming, and my crazy thought of the day is this: My life would be so much easier if I could just get rid of my stupid PIX firewalls, and replace them what I know and love: FreeBSD. It's not that the PIX's have been causing me problems or anything like that, it's just that I believe in streamlining whenever possible, and since we've already exterminated Microsoft in my server room for at least 3 years, the only thing left that's not running FreeBSD are my appliances (firewalls and switches) and 2 leftover legacy servers still running Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a one-man shop, and I can survive using the PIX IOS when I have to, but would just as soon use BSD if I could. Questions: 1) If I did this, I would probably only do it if I could figure out how to rack up some diskless servers to my 2-post communications rack. Any thoughts on hardware candidates, etc.? 2) If I did this, maybe it would be wiser to go with OpenBSD instead, since it is known for security? 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? 4) Any other considerations? 5) Am I just being stupid and should I just keep my PIX's going? I know, I know, if it ain't broke, don't fix it. Hi, Maybe a good start for you would be to have a look at http://www.m0n0.ch/wall/. WOW!! This is exactly what I was looking for and more! Can't wait to start trying it out! Thanks! Cheers, --- Philippe Lang Attik System ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *bsd firewall appliance?
--- DW [EMAIL PROTECTED] wrote: Danial Thom wrote: You clowns with your diskless servers just crack me up. Everyone brags about their years of uptime on their servers, yet you just can't put up a firewall or router without a disk. What, are you still using mfm drives or something? My motives have nothing to do with reliability; I am not philosophically opposed to disks or moving parts. I'm just reaching the point more often lately where I'm looking at: 1) Form factor (there are organizations where real estate holds almost as much premium as department funds). 2) Heat output (I just had 2 more 2-ton mini-split A.C. units installed -- that'll hold me for a while, but at the rate we're expanding, I don't want to be faced with a situation again where I'm looking at a box doing a small job like running BIND spitting out 1,000 BTU's/hour) 3) Power consumption (why draw more than necessary?) It seems that more and more my bottlenecks have nothing to do with performance or reliability, but rather physical facility management. It all adds up. Interesting that you have all of these practical issues, yet you want to do something totally impractical, such as replace your pix with a freebsd box. Why not use one of your existing freebsd servers as a firewall? then you have zero additional real estate or power consumption. DT __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
