On Tue, 2005-11-01 at 02:42 +0100, Espen Johansen wrote: > Hi Peter, > > I'm sorry, but I for one have had quite enough emails from you by now. > You have clearly demonstrated that you do not understand enough about > firewalls, filtering, BSD etc. to use pfSense in it's current state.
Thank you. I guess that is the most "helpful" answer of all :) > And I have more then enough emails to read without this mailing list getting > filled up with unneeded info. It seems some devs has already tried to nicely > inform you that you are somewhat on the wrong track here. Wrong track with what ? Testing pfsense and reporting bugs ? > Like comparing a i386 generic OS and HW, with a Cisco PIIX, I mean come on, > what on earth are you thinking ? As I mentioned it my emails Firewalls may have hardware acceleration, which means direct comparison might not be possible. But so which hardware acceleration does PIX have ? Watchguard is even better case - as I remember it has very limited if any acceleration. You mentioned PIX had a trouble with 35K sessions on Celeron 300Mhz... well in this case I should say it has very limited acceleration. Few years ago I had software firewall on Linux with PIII-550 CPU and I had close to this number of states. And yes. number of states is not only criteria :) > A OS created to do routing and packet filtering running with ASICs is not > comparable to FreeBSD on I386 at all. There is certain actions you need to perform to route/filter the packet. You may assume how compute how many instructions efficient code would take and route the packet in fully software solution and use it ballpark. > I mean a Junpier M40 might have a PII 233Mhz processor and 256 MB RAM. It > does 40 million pps +++. So then I guess FreeBSD running on a 500Mhz with > 512MB ram should handle twice as much ?!? > Junos is even derived from freebsd so it _MUST_ be somewhat the same :p > Seriously in this case main CPU does not really do the main job, it is mainly for controlling the functions. I did not have Jupiter as an example - you did. If you want to look at Jupiter solutions take a look at Netscreen. The M40 is Router platform (which has some firewalling functions) this is not the product which would be functionally compared to pfSense. NetScreen, SonicWall, Watchguard - these would. Oh well even Linksys at lower end. Take a look at NetScreen 25. http://www.juniper.net/products/glance/nscn_25_50.html We have 32.000 of sessions advertised. I do not remember which CPU it has but it is some few hundreds Mhz. On my box I can get some 100.000 of sessions with simple firewall and traffic shaping. 40millions packets per seconds. I guess you must be kidding - I'm speaking about few thousands, which is well within what the box should be able to handle. Actually as serious expert in TCP/IP as you should probably know you can create very many active sessions with very limited number of packets per second :) > Seriously, you have clearly demonstrated that you do not have a clue about > what your doing, even suggesting to put the same IP on two interfaces > clearly shows me that you do not know the first thing about how things > works. Oh yeah. I did not like that one myself. Honestly. But it proved to be the best working configuration. Note I'm not routing the stuff between betwork - the interfaces are bridged and so the same IP is practically visible from both interfaces anyway. > > Even thinking about using pfsense in a datacenter to protect your boxes with > your kind of knowledge is at best a BAD move. You like to judge people do not you ? > > Now please sit down and read up on routing, TCP/IP and BSD in general. > Then learn how the things work from sitting in your own LAB and test things > (not with ab btw.). What do you have against ab ? Just curious ? Does it represent the real load - no, but it is good stress test. I would move one quickly if this one would work. > Then put what you have learned to good use (and NO, that > does not mean writing another 60 emails to this list). That means test, and > figure out the problem, and give us a fix/patch. Or at least a detailed > description of the problem, and how to repeat it. We already know that there > are many bugs in the system and that performance is not close to what it can > be. Knowing what the bugs exist is not the same as knowing what the bugs are. You probably would not argue most of the bugs are reported are real - well you may judge it as silly actions from me - probably but you're targeting SOHO market - do you guys expect to have Certified Cisco engineers to use it ? I mentioned that but I repeat it for you specially - I reported the bugs only because there was positive feedback from developers. If everyone would be as helpful as you I would probably used other solution or found workarounds to have it work for my case. > But the goal for 1.0 is to have something that works and gives users a nice > SOHO firewall solution. It's not to give you a system so that you can sell > your [insert project] with a minimal cost. I see you point. Even if this is your goal I hope you make it work well for wider set of cases - SOHO market has already number of tools developed (requirements in Most cases are simple) and hardware firewall solutions are cheap. > > Also remember this, each email you send to this list steals x minutes of > time from each developer. So your 60 plus emails has probably consumed at > least 300 minutes times 10 from the developers of this project. That amounts > to 3000 minutes, and each dev might have as much as 4-6 hours after a days > work, that is spent on this project. Now find your calc and see how many > days of development time you have "wasted". I guess I should be scared here and hide into my rat hole ? My only hope is you express your own position here (I would guess so because you're not replying to other pfsense users a lot as well). pfSense is OpenSource project, which needs community in order to reach success - you need people to test things and report their findings, you need people with various backgrounds and experience to try different use cases - otherwise you hardly can build solid product. Of course everyone likes perfect "community members" which only submit but free patches, but that is not going to happen. Bashing people contributing at their will and abilities does you no good. You try to save mail list traffic ? Well go ahead and visit mailing list for wide known successful projects, or their forums. Using your formula their developers would only be reading lists :) Anyway. I have good news for you. I had a week or so to make pfsense up and running for my needs or find other solution. I'm comfortable enough with results and now have shipped the box with data center. It may be trouble less or I may regret my move - we'll see. Anyway I'll not have it in my lab any more so I guess I'll not provide feedback that actively any more. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
