[SunRescue] Finally got DSL
Gregory Leblanc
rescue at sunhelp.org
Tue Jan 2 12:45:41 CST 2001
On 01 Jan 2001 21:23:30 -0500, Kurt Mosiejczuk wrote:
> On Mon, 1 Jan 2001, Reagen Ward wrote:
>
> > I know too many folks who have overwhelmed Netscreens with just a few hundred
> > machines. The Nokia IP Firewals are Intel (celeron), and are OK, and the PIX
> > aren't bad, but I still like nice SPARCs running FW-1 for most enterprise
> > firewall needs. I run a SPARC20 with IPFilter as a firewall most of the time,
> > but have been stuck with needing IPSec too often.
>
> Why not use the IPSec in OpenBSD? I've gotten it to interact with our
> corporate firewall (which is FW-1) as a proof-of-concept and now I'm
> convincing some of the harder heads to use it instead of Red Hat (Dead
> Rat) with the FreeS/WAN patches.
>
> It works quite well. It may not have been blazing, but then again I was
> using it on a 32meg SS10 with an SM41.
Personally I haven't found my SPARCs to be terribly good at encryption
things. I've got a LOOOOOONG wait for ssh'ing into my SS2 running
OpenBSD and 3des, and a fairly long wait connecting to metalab.unc.edu,
which is a E3500 or something, with a quad proc config, running ssh
2.something. My lowly 486-50 running OpenSSH portable on Linux was
faster at generating DSA and RSA host keys than the SS2, although I
didn't do any benchmarks directly against the UNC machine.
I do, however, really like OpenBSD as a firewall OS. It's safe, fairly
easy to update, and has a really quick and dirty setup procedure.
(although the kernel is stupid and can't deal with the first slice being
non-root).
Greg
More information about the rescue
mailing list