On Tue, 26 Mar 2002 12:14:19 -0800 Jeff Lasman <[EMAIL PROTECTED]> wrote:
> "E.B. Dreger" wrote: > > > OpenBSD 3.0's "pf" is nice. Building some firewall/VPN boxes > > based on it for clients, as well as one for us. I'm waiting to > > deploy ECN until broken firewalls are beaten back, but one has > > that choice. Note that it can also use its own ISN generation to > > help avoid spoofing attacks on machines with broken IP stacks. > > Niiiiice. :-) > > > > If you want ipf and CBQ traffic shaping, FreeBSD with HZ=1000 and > > ALTQ works nicely. AFAIK, OpenBSD and NetBSD don't allow one to > > change HZ. > > > > NetBSD, which I've not yet played with, seems to be a favorite > > for R&D experiments. Several good packages originate(d) there. > > Do these BSD firewalls work without NATting? NATting is NOT something > our clients like. It's not something we like. So can we firwall, yet > still maintain our public IP#s using these products? If so, can you > direct me towards documentation or a how-to? Yes, you can make packet filtering firewalls with OpenBSD using your own ip addresses. You can configure obsd to be something like a filtering bridge. No ip addresses at all. You can add a third interface with a real ip for remote access if needed. See http://www.daemonnews.org/200109/network.html -Dale -- Dale P. Smith Treasurer, Cleveland Linux Users Group http://cleveland.lug.net Senior Systems Consultant, Altus Technologies Corporation [EMAIL PROTECTED] 440-746-9000 x339 _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
