I run a filtering bridge on my home system between the DSL and the DMZ. It runs FreeBSD 4.5 on a 486 DX2/66 with 32MB RAM and two ancient GeniusLAN NIC cards (10-BaseT, they've even got the old coax connectors on the back). With that setup I can run my "public" servers (mail and web, mostly) and run NAT through another firewall for my internal stuff. Makes for a pretty secure setup, assuming all is maintained properly.
It works great. The setup was pretty simple, once I got my head around how ipfw worked. As far as throughput goes, it works pretty well on my 768K DSL line, and I would think I could probably handle a T1 on it with little difficulty. After all, even a T1 is only about 15% of the bandwidth available on a 10 Mbit/s ethernet. I haven't run any scientific tests, but I get good ping times and my use of all the same stuff I used before I set it up seems unaffected (i.e., I saw no change in performance). The real point is that I assembled this box out of the boneyard that most of us have kicking around- an old 540MB IDE drive, a few old 8M SIMMs that I never got around to throwing out, and two ISA NIC cards which probably couldn't be given away, and I've got a pretty decent little bridging firewall. Make it headless and it's even better; saves room on the desktop and a port on the KVM. ;-) It can be done on the dirt-cheap, if you're willing to put some effort into it. Corey M. Snow- [EMAIL PROTECTED] I don't speak for my employer. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:26 AM > To: Jeff Aufderheide > Cc: [EMAIL PROTECTED] > Subject: Re: Cracking a server without services > <snippity> > > And while I'm on the air, for those interested in reducing exposure to > thier packet filtering or proxy firewall might be interested > in setting up > a bridged firewall. More info is available here: > > http://freebsd.topsecret.net/doc/en_US.ISO8859-1/articles/filt ering-bridges/index.html and feel free to contact me offlist with any questions. :) -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --gill | Tatu Ylonen, SSH 1.2.12 README: "Beware that the most effective | way for someone to decrypt your data may be with a rubber hose." ######################################################### The information contained in this e-mail and subsequent attachments may be privileged, confidential and protected from disclosure. This transmission is intended for the sole use of the individual and entity to whom it is addressed. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this message in error, please e-mail the sender at the above e-mail address. #########################################################