Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!inquo!news.seinf.abb.se!nooft.abb.no!Norway.EU.net!nntp.uio.no!news.cais.net!newsfeed.internetmci.com!news.ac.net!news.bconnex.net!felix.junction.net!not-for-mail From: michael@memra.com (Michael Dillon) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: FreeBSD as Internet firewall Date: 1 Jul 1996 19:06:52 -0700 Organization: Memra Software Inc. - Internet consulting - http://www.memra.com Lines: 57 Message-ID: <4ra07s$su3@sidhe.memra.com> References: <4qphok$2lf@nadine.teleport.com> NNTP-Posting-Host: sidhe.memra.com In article <4qphok$2lf@nadine.teleport.com>, David Chamberlain <david.chamberlain@ibm.net> wrote: >The only machine I want on the Internet ethernet segment is the FreeBSD >machine (which I will call gateway). It will also have a NIC connected to >our internal network. I believe I have learned enough about firewalls to >decide that I want to implement an application level firewall, also called a >proxy gateway. If I understand it right, this means that no IP routing occurs >between the internet and my network. That's right. This is what I have as the firewall to my home network which runs entirely on RFC1918 addresses. I am running some parts of the TIS firewalls toolkit from ftp.tis.com to do plug-gw's for Compuserve and AOL clients. I also have the tn-gw and ftp-gw installed for telnet and ftp. I don't use their http-gw. Instead for many months I ran VERN httpd in proxy-only mode but a few weeks ago I switched to Squid caching server http://www.nlanr.net/Squid to be an http, ftp and gopher proxy. I also run RealAudio's raproxy. >FTP, HTTP, etc) exist for FreeBSD and, if so, how reliable is it? I believe I >can do DNS and SENDMAIL with the existing installed DNS and SENDMAIL daemons. DNS is OK but you may wish to run SMAPD from the TIS firewalls toolkit and then hand the mail to sendmail for delivery. >I don't have current plans for gateway to be a web or ftp server. Should I >still use SCSI drives or would IDE be OK. If I really need SCSI drives, what >SCSI adapter (either ISA or PCI) have the most reliable FreeBSD drivers. I would avoid IDE drives on any server class machine. They slow things down too much. Get an Adaptec 2940 card and use SCSI drives and you will be pleased at how well it runs. >I plan to use at least a Pentium 100. How much RAM should I use? The firewall functions do not demand a lot of RAM. A heavy mail volume would require more though, and if you install the Squid cache, you can allocate as many meagbytes as you want to RAM cache as well as the disk cache. 32 megs is reasonable, 64 megs is not outrageous given today's prices. >I would appreciate any suggestions anyone may offer. I am really new to this >Unix/Internet thing, as well as FreeBSD. I would like to do this with as >little hair pulling as possible. There is a searchable archive of the firewalls mailing list at http://www.greatcircle.com That will help you kep your hair. Also, note that when you pick up the TIS fwtk at ftp.tis.com it has no documentation in the archive. The documentation is in a separate file so make sure to pick that up as well. -- Michael Dillon ISP & Internet Consulting Memra Software Inc. Fax: +1-604-546-3049 http://www.memra.com E-mail: michael@memra.com