Firewall, OpenVPN and Squid question
Steve Bertrand
iaccounts at ibctech.ca
Wed Jul 21 12:25:47 PDT 2004
>> I have around 100 users at our site that would require the use of squid,
> we
>> house are own webserver, mail server, public DNS servers in the DMZ and
>> 2
>> private DNS servers on the internal network, used by both Internal and
>> VPN
>> users.
>>
>> Sites connecting Gateway to Gateway, there are apprx as follows;
>> Site 1 - 25 users
>> Site 2 - 5 users
>> Site 3 - 12 users
>> Our site VPN users are Apprx 25, and about 50% of them are connected at
> any
>> given time.
>>
>> My first thought is to put up a Firewall box that can the load of
> publishing
>> many internal boxes and "publish" a box with OpenVPN and another for
>> SQUID
>> and just keep them all separate.
>>
>> Will this setup put to much strain on the FIREWALL box or will it have
>> no
>> problem handling the NAT/ROUTING in this configuration.
>>
>> Thanks in advance
>> Paul
>>
>
> Considering that many of the current hardware firewall solutions aren't
> much
> more than either a BSD or Linux kernel in a ROM chip, with a 486 or 586
> based cpu, memory, and a nice gui (Windows or Internal Web interface), I
> can't see why a similar system on a PC would be any different.
>
Yes, but take into consideration disk reads/writes. It is possible to
eliminate these tasks, and I have even done setups where everything was
flashed onto a CF card (ro) (obviously w/o logging capabilities). I did a
custom build, frequently referring to:
http://neon1.net/misc/minibsd.html
and put the system on an IDE->CF card converter.
Steve
> --
>
> Micheal Patterson
> TSG Network Administration
> 405-917-0600
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list