by I've been using Linux for Firewalls so far, but some BSD features are
leading me to experiment. For instance, my employer wants to start
using 2 ISPs since no one ISP has ever proven to be sufficiently
reliable - it's much easier to set up load balancing in BSD than in
Linux.
So I'm reading though books and man pages for BSD, and I'm confused at
the lack of references to different protocols as used with NAT. Under
Linux, each protocol besides TCP requires a module and must be
specifically enabled. Under BSD, I can't even find info on what
protocols are supported and if they must be specifically enabled or if
they're automatic.
With respect to NAT and PPTP, I know that the BSD-based GNATBox
firewall has full support for PPTP clients behind NAT, but all the
info I can find on how to set up NAT to handle PPTP clients describes
a method that only handles one user at a time (proprietary code?).
I'm also suspicious of the one-at-a-time approach because the last
router I set up that worked this way was really flakey, and it was
sometimes necessary to reboot the router to re-establish a PPTP
connection that was lost for any reason.
Any comments?