[geeks] Firewalls...

Clay Mellender geeks at sunhelp.org
Thu Mar 22 22:15:08 CST 2001 

You dont always need 5 or 6 nics either. Multiple IP addresses per card
work just fine, if your network layout will permit logical seperations
as opposed to physical. Heirarchical firewall/routers often solve
multiple subnet situations as well.
If you need to support a large number of physical/logical networks or
subnets you will be better off with a cisco pix or comparable hardware
based firewall. The prices arent that bad, the failover features work
well, and in my opinion (As well as a great number of other people's)
Pix  boxen are the creme de la creme of hardware based firewalls.
As usual, YMMV.

Clay



Chris Byrne wrote:
> 
> David,
> 
> As long as you don't put more than 5 pci cards in you are generally OK. Some
> motherboards can handle six reliably, some cant. Of course it depends on
> your MoBo and the overall composition of your hardware and software.
> 
> That's the thing about PC hardware that makes it so difficult to properly
> support. There are so many variables, different configuations of hardware
> and software etc... that knowing all of the possible issues is essentially
> impossible.
> 
> And then of course we also get back inot the PCI bus bandwidth inadequacies
> issue.
> 
> Chris Byrne
> 
> -----Original Message-----
> From: geeks-admin at sunhelp.org [mailto:geeks-admin at sunhelp.org]On Behalf
> Of David Cantrell
> Sent: Thursday, March 22, 2001 17:02
> To: geeks at sunhelp.org
> Subject: Re: [geeks] Firewalls...
> 
> On Thu, Mar 22, 2001 at 12:49:56PM -0600, Clay Mellender wrote:
> 
> > Actually, the IP Chains and IP masquerading built into linux is very
> > robust. I have been using it for years, and it performs very well, even
> > on a 486 with 20 Mb of ram. Ping times are very good, and with some of
> > the package enhancements there are some very powerfull features.
> 
> I'm not denying that - in fact, I do the same.  But I am wary about trying
> to run too many interfaces on Linux, simply because PC hardware is a bit
> crap.
> 
> --
> David Cantrell | root at alphacomplex.org | http://www.cantrell.org.uk/david/
> 
>     This is a signature.  There are many like it but this one is mine.
> 
> ** I read encrypted mail first, so encrypt if your message is important **
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks
> 
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks

More information about the geeks mailing list