RE: firewall on freebsd

• Previous message: Andrew L. Gould: "Re: Newbie question about ports."
• Maybe in reply to: Khanh Cao Van: "firewall on freebsd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 24 Jun 2005 15:09:11 -0500
To: "Khanh Cao Van" <cvkhanh@gmail.com>, "freebsd-questions" <freebsd-questions@freebsd.org>

I have been using ipfw for quite some time and I love it. The only
issues I have with it are on the NAT side. Without a tool to modify the
current nat rules, I can not change them dynamically without editing my
config file then doing something like...
killall -9 natd ; sleep 2 ; /sbin/natd -f /etc/natd.conf &
to reinitialize it. Also natd is resource intensive. I have a PII 266
(not exactly a monster) and natd chews up 20-30 percent of my cpu during
the day while nating about 3Mb/sec of traffic. I am planning on
switching to pf and implementing a load balanced pair of firewalls using
carp and pfsync. I hope that using an in-kernel nat will help
performance and give me better control while adding/removing rules.

-- Chad

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Khanh Cao Van
Sent: Friday, June 24, 2005 8:33 AM
To: freebsd-questions
Subject: firewall on freebsd

I'm going to learn about the freebsd firewall . In the handbook list
some of them and I could not find out what is the best . So I decided to
post here hoping to gain some of your opinion and experience .
I would like to know what firewall was the most wanted ? I have used
Linux several months and IP tables was a good statefull firewall .
What about in freeBSD ?

Thank for reading :)

--
----------------------------------
Cao Van Khanh
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Andrew L. Gould: "Re: Newbie question about ports."
• Maybe in reply to: Khanh Cao Van: "firewall on freebsd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: home network behind NAT and firewall ? ... >> real Firewall appliance with more than 20 systems at any given time. ... >> firewall provides for the ability to assign both public (not nat) and ... that would reset the router and allow remote control - it was noted ... >> LAN inside their network and it would never have to reach the ISP's ... (comp.security.firewalls) Re: NAT vs. True Firewalls ... not just mean packet filter. ... A firewall can be made up of one or more ... components that can block or filter protocol traffic between two networks. ... So a NAT can be as much part of a firewall implementation as the ... (comp.security.firewalls) Re: Seemingly obvious Linux / BSD firewall question ... FreeBSD has a number of firewall options, each if which as far as I know ... I had much more trouble getting NAT ... >> which is in turn connected to another router which is where we get our ... (Security-Basics) Re: 56k dial up on laptop 802.11G ? ... NAT is not FW software. ... > firewall is literally anything that defends your network against ... >>By comparing the way NAT functions between two networks, ... >>And I consider the FW appliance to out class the packet filtering NAT ... (alt.internet.wireless) Re: do i need a new router ... Standard SBS ... > uses IPSec, NAT and port forwarding, Premium SBS includes all that plus ... I've never had a firewall or an appliance ... public connection and always tucked them ... (comp.security.firewalls)