Firewall (Hardware/Software)

Firewall (Hardware/Software)

Post by Larry Jam » Tue, 08 Oct 1996 04:00:00



     Can someone give me a source/price for Firewall for BSD.  I would
like a recommendation on both Software and Hardware.

                                -- Larry
--
----------------------------------------------------------------------
Apollo III Communications    Consultant/Programmer   Buffalo, New York

 
 
 

Firewall (Hardware/Software)

Post by Brian Some » Wed, 09 Oct 1996 04:00:00




Quote:>      Can someone give me a source/price for Firewall for BSD.  I would
> like a recommendation on both Software and Hardware.

ipfw/0

The hardware depends on your requirements.

--

Don't _EVER_ lose your sense of humour....

 
 
 

Firewall (Hardware/Software)

Post by Dave Burge » Mon, 14 Oct 1996 04:00:00




>     Can someone give me a source/price for Firewall for BSD.  I would
>like a recommendation on both Software and Hardware.

There is a new product called 'Juniper' for FreeBSD, NetBSD, and several
other systems which provides several really cool features.  Firewalling
and transparent proxy (like Network Address Translation, but simpler in
that the firewall handles the translation) are two of the neatest features.

I think the address is 'www.obtuse.com'.  Price is reasonable and based
on your usage pattern.

--
Dave Burgess  (The man of a thousand E-Mail addresses)
*bsd FAQ Maintainer / SysAdmin for the NetBSD system in my spare bedroom
"Just because something is stupid doesn't mean there isn't someone that
doesn't want to do it...."

 
 
 

1. Gigabit redundant firewall questions (hardware and software)

    I'm trying to set up a redundant firewall configuration. We have two GE
links that redundantly (though both active) feed an array of servers. I'd
like to interrupt each GE link with a PC acting as a firewall.

    First of all, we can't easily do any stateful firewalling because
packets can take either link, and thus pass through either PC. That's fine.
Mostly what we want is to get detailed traffic statistics in as near real
time as possible and apply packet filters. They can be as coarse as 'block
this IP'.

    I have a lot of questions:

    1) I've heard that the Intel GE cards work the best with Linux because
of their NAPI support. Is this true? There are a lot of different Intel GE
cards with vastly different prices, do they perform much differently?

    2) I've heard that there are issues with SMP in high-speed packet
filters and we should prefer a fast single CPU machine. Is this true, or
rumor/outdated?

    3) Are there any good software firewall packages that will allow us to
see the traffic statistics on the inbound GEs in real time? A web interface
that could show us which IPs are generating/receiving the most traffic, for
example. Something to synchronize the config on the two boxes would be nice
too (though we can hack that up ourselves easily enough.)

    4) We'd like to be able to handle at least 500Mbps total (25% line
rate). (The line rate would be 4Gbps, 1Gbps in on each of the two ports,
1Gbps out on each of the two ports.) Is this realistic?

    5) I can't use GE ports built into motherboards because I need to
support fiber in the future. Will this hurt me a lot because I can't use
that new Intel thing where the GigE port connects directly to the MCH? Do I
need to look for motherboards with dual independent PCI-X busses? Do these
even exist?

    6) Any dual-GigE Linux success stories? What motherboards, processors,
and Ethernet cards did you use? How much bandwidth could you handle at what
kind of CPU load? How much were you able to do to the packets without
melting down? Any special kernel versions/options?

    In the past, we tried a dual-FE setup and had dismal results. Interrupt
storms slowed the system to a crawl at 200Mbps total or so. We expected full
line rate (400Mbps) to work. So we're asking a lot more questions this time.

    DS

2. Restart networking without rebooting

3. Firewall (Software/Hardware)

4. Urgent Info on ld on Solaris 2.3 reqd !!!!

5. Do I need a software firewall in addition to a NAT router/firewall?

6. firewall or proxy

7. Looking for software to LOG & SEARCH changes to hardware or software.

8. ultra160 for U5?

9. HARDWARE HARDWARE HARDWARE

10. Hardware Firewall needed?

11. question re: hardware requirements for linux router/firewall

12. What is the minimal hardware for a Firewall/Router?