[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall: linux vs. freebsd

<quote who="timothy bauscher">

> I love Linux, but I believe in
> finding the best solution for a
> problem. My question is not which OS
> is better for a firewall, but which
> one you would use (or do use).

depends. is this a TRUE firewall or is
it a FAKE firewall bywhich it does NAT ?

if its a TRUE firewall, then i would
probably use freebsd because of the
good bridging support. I only started
playing with bridging back in november
of last year, and its great. IPFW in
freebsd works on bridged interfaces,
DUMMYNET works on bridged interfaces
which allows VERY EASY traffic shaping..

i haven't heard much on people using
linux to do bridged stuff, so i didn't
investigate it when i made the decision,
i knew a lot of folks who used free/open
bsd for bridged networking.

Bridged networking, incase you don't know,
runs the NIC cards in IP-less mode, so
they pass traffic between the 2 interfaces,
but have no IP address, so you cannot
connect to the interfaces. Makes for
much more security. At the same time,
because they are transparent, you
don't have to change any routing, just
plug it in and it goes. thats one
of the biggest advantages. at the
company where i work at I run freebsd
servers with 4 port NICs to sniff
traffic on the t1s, if i need to
take the machine down for some reason,
i unplug the routers from them and
plug them into the switch, within
seconds the network is available again
and i don't have to touch a thing in
the routing tables on any machine.

Now if your a linux newbie then
freebsd may not be the best thing,
it is much more complicated to use,
and to maintain compared to debian
in my experience thus far. less
hardware is supported, compiling
a kernel is harder due to lack
of documentation on available kernel
options, and you have to do manual
dependency checks on the kernel config,
unlike menuconfig on linux.

that said, i like freebsd for it's
kernel-level features like bridging,
high speed networking, but i
really hate the distribution. i don't
like ports, i don't like the fact
if i want to install a package via
sysinstall that it has to redownload
the INDEX file and parse it(which takes
a long time even on  a t1 with a 1Ghz
P3). there are several other complaints
i have about the freebsd distribution,
so i'd kill for a debian freebsd.

if your building a NAT box, and if
its ONLY a NAT box i would use freebsd
too for the reasons(networking) outlined
above. but if its more then a NAT box
(my home NAT runs dozens of services and
has a gig of ram in it), i would use

oh and i would rather use freebsd,
then use linux kernel 2.4 at this point,
if you need the "features" of 2.4.


Reply to: