Replace Cisco IOS/CBOS with freebsd - possible?

Chris H chris# at 1command.com
Thu Jan 29 15:09:58 PST 2009 

Hello, and thank you for your reply.

Quoting Chris Peterson <chris at lameness.info>:

> Pfsense sounds like exactly what you're looking for. It's a stripped  
> down freeBSD

Don't get me wrong, I think pfSense goes a long way to my intended
goal - not the least of which, is pfDNS. I haven't written it off
by any means.

> with a fancy web interface (well, not too fancy,

To be honest - the first thing I'd do, is strip the (any) GUI stuff
out. I have no issue with opening a terminal shell via cu - tip(1).
In fact, for security reasons, I'd prefer to insure that the only
access available is over a serial port (local). Not to mention the
size/space savings gains. :)

> it's been incredibly stable for me). I've deployed it a couple times 
> in  pseudo production environments and it's been holding up well for 
> the  last 1.5years+.
>
> You can also check out 
> http://www.netgate.com/product_info.php?cPath=60_84&products_id=492  
> for a nice PIX-sized chasis for pfsense if you need a small box.

Looks intriguing. The only real advantage I see here, would be the
amount of ram available. The 837 I propose to use, only supports 64Mb.

Thanks again for your infoamative response.

--Chris

>
> On Jan 29, 2009, at 6:02 AM, Chris H wrote:
>
>> Hello, and thank you for your reply.
>>
>> Quoting Michael Grant <mg-fbsd3 at grant.org>:
>>
>>> On Thu, Jan 29, 2009 at 2:15 PM, Chris H <chris#@1command.com> wrote:
>>>> Hello, and thank you for your reply.
>>>>
>>>> While it's not /exactly/ what I was looking for - it's close. :)
>>>> The "filtering" capability is my biggest gripe on the Cisco
>>>> *DSL products. They're just not as /capable/ as is offered in
>>>> FBSD. DNS is another plus (pfDNS). But I don't think I'd be
>>>> modify pfDNS to accomodate BIND, or unbound. Although tinydns
>>>> might be able to fit the bill. Oh well, it's close - thanks
>>>> for the pointer. :)
>>>
>>> You can run iptables on openwrt.
>>
>> Actually, I was thinking more along the lines of pf(4). I think it's
>> more efficient - especially combined with all the network tuning that
>> has been done recently by Robert Watson, John Baldwin, Mohan  Srinivasan,
>> Peter Wemm, and others. Another reason I'm so inclined to be FBSD  centric
>> on this. :)
>>
>>> You can compile most anything for
>>> it, you're only limited by it's memory and cpu.  I'm not familiar  with
>>> pfDNS.  But if it runs on freebsd, it probably can be made to run on
>>> openwrt as well.
>>
>> Indeed, it's running a FreeBSD base. But like you said; CPU, and  Memory
>> are the only boundries here. Will need to do more research to compare
>> limits against a /desired/ install base.
>>
>> Thanks again for the reply.
>>
>> --Chris
>>
>>>
>>> Michael
>>>
>>
>>
>>
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org "
>
>

More information about the freebsd-stable mailing list