On Fri, 14 Feb 2003 16:29:29 -0500
<fernando@rxp.com> wrote:

> Ok, me again. :-)
> 
> Thank you ALL very much for such great advice on this issue. I now feel
> much better equipped to ask better questions and making more informed
> decisions.
> 
> While all the comments were coming in, I decided to go ahead and download
> the NetBSD Firewall project from http://www.dubbele.com to see how easy it
> would be. After wasting about 3 hours because of bad hardware and Road
> Runner giving me the wrong IP addresses :-| I finally saw how truly easy
> it was to set up such a thing. Long live BSD...Microsoft routing be
> damned! :-D
> 
> New questions: (sorry)
> 
> Someone mentioned OpenBSD is more secure. Should I use that for the
> firewall instead?
> 

If the firewall machine is only performing that function, I don't believe
there is any reason to prefer openbsd to netbsd. If you choose to have your
firewall perform other functions as well, one could make a hypotheticl case
for openbsd. My experience has been very good using netbsd with ipfilter.

> I see lots of posts in groups (and I think here once) saying that FreeBSD
> is faster. Should that be a workstation?
> 

Credible people have told me that freebsd is slightly faster in some cases
because of the use of more i386 specific assembler code. Given some of the
fantastic work on netbsd over the last few years [just look at the chnages
over the last three years], I would not expect to see a significant
difference in real world performance. In some areas, netbsd might even be
faster. Like many such questions it's kind of meaningless unless you define
all the conditions and goals for the tests.


> Is NetBSD a good web server? Email server? The "Net" part of the name has
> me wondering.
>

The short answer is yes, my customers seem to like it. 

The long answer is probably. It is possible that you may need some kind
of third part software that is not available for netbsd. If you can't run it
under emulation, your life can become miserable. Emulation also won't let
you do things like link to non-netbsd libs when adding modules to PHP. 
It is a hassle sometimes, but it's usually worth it.
 
> What's the difference between the firewall and a proxy server? They seem
> to serve the same purpose (or, maybe they just coincidentally provide some
> of the same services).
> 

I wouldn't say that they provide the sames services at all. There are lots
of reasons to use a proxy that have nothing to do with security, e.g. squid.
A proxy server can be used to provide services that a firewall might
intentionally disallow so it can be a complement to a firewall.


-- 
Harry Waddell
Caravan Electronic Publishing
-----------

"Never interrupt your enemy when he is making a mistake." -- Napoleon
Bonaparte (1769-1821)