I can't speak to the advantages or disadvantages of each of those
options, but from other lists I get the sense the pf is the best option
out there. If you want something quick to setup, pfSense and m0n0wall
are prebuilt firewall packages based on FreeBSD that will do exactly
what you're looking for. pfSense uses pf and ALTQ, m0n0wall uses ipfw
and ipfilter.
http://m0n0.ch/wall/
http://www.pfsense.com/
We use redundant 5-port pfSense boxes for our firewall - works quite
well.
-j
On Fri, 2007-01-05 at 10:25 +1300, Brett Davidson wrote:
Before I start, I'm familiar with IPTables from Linux but am wanting to
use FreeBSD as a firewalling router after seeing it in action on a
heavily-loaded webserver. I like the efficiency of the TCP stack.
Upon reading the handbook I found that I can have my choice of three
firewalls; pf, iptables and ipfw.
What would be the most useful (and easiest) package to use given the
following scenario:
A FreeBSD router comprising of four physical interfaces -
Eth0 is the outside 10Mbyte/s cable connection to the Internet.
Eth1 is a 100Mbit DMZ housing a webserver.
Eth2 is a 100Mb DMZ housing a 802.11g Wireless Access Router.
(My normal preference is to isolate Wireless LANs from physical
LANS).
Eth3 is the inside LAN.
Software-based VPN connections out from both the Inside LAN and Wireless
DMZ are required. (Allowing VPN tunnels through the firewall; not
tunnels terminated at the firewall).
Against prudence, they wish to allow torrent connections to the inside
lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The
torrent and ICQ connections will need to be bandwidth-managed so that is
a major consideration for the choice of which firewall to use. Is there
an equivalent to HTB on FreeBSD?
I look forward to your answers...
Regards,
Brett.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
tradersmedia
Jeremy Jongsma
Director of Bits Bytes
p 312.386.1130 x221 | f 312.386.1263 | c 312.399.4513
e [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]