[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] OS-discussion
- Subject: Re: [cobalt-developers] OS-discussion
- From: "Dale P. Smith" <dsmith@xxxxxxxxxxxxx>
- Date: Tue Mar 26 06:09:21 2002
- Organization: Altus Technologies Corporation
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
On Tue, 26 Mar 2002 12:14:19 -0800
Jeff Lasman <jblists@xxxxxxxxxxxxx> wrote:
> "E.B. Dreger" wrote:
>
> > OpenBSD 3.0's "pf" is nice. Building some firewall/VPN boxes
> > based on it for clients, as well as one for us. I'm waiting to
> > deploy ECN until broken firewalls are beaten back, but one has
> > that choice. Note that it can also use its own ISN generation to
> > help avoid spoofing attacks on machines with broken IP stacks.
> > Niiiiice. :-)
> >
> > If you want ipf and CBQ traffic shaping, FreeBSD with HZ=1000 and
> > ALTQ works nicely. AFAIK, OpenBSD and NetBSD don't allow one to
> > change HZ.
> >
> > NetBSD, which I've not yet played with, seems to be a favorite
> > for R&D experiments. Several good packages originate(d) there.
>
> Do these BSD firewalls work without NATting? NATting is NOT something
> our clients like. It's not something we like. So can we firwall, yet
> still maintain our public IP#s using these products? If so, can you
> direct me towards documentation or a how-to?
Yes, you can make packet filtering firewalls with OpenBSD using your own
ip addresses. You can configure obsd to be something like a filtering
bridge. No ip addresses at all. You can add a third interface with a
real ip for remote access if needed. See {can't find the url right now]
-Dale
--
Dale P. Smith
Treasurer, Cleveland Linux Users Group http://cleveland.lug.net
Senior Systems Consultant, Altus Technologies Corporation
dsmith@xxxxxxxxxxxxx
440-746-9000 x339