ML wrote:
I have a Comcast business circuit with 13 IP's. The gateway device they provide is a 'pass through' device. They sent traffic for all 13 IP's my way. It just allows traffic through. So if I put in a device to firewall (like Ipcop or Vyatta or something) in front, say it has 3 NICS, how do I do that?
If your just interested in firewalling (i.e. not NAT or something) then you can put the firewall in transparent bridging mode.
How fast does this device need to be?
Depends on your throughput, and conns/sec. I use a Soekris at home for my ~10-30Mbps comcast line, that has a 500Mhz AMD Geode, and usually sits at less than 1% cpu (though I don't use it too often). I have OpenBSD running on it in routed mode for firewall+NAT. I would wager anything in the last 5-6 years would be more than enough. A good NIC is important too.
Does linux's firewall support even have stuff like stateful failover these days? I've been using OpenBSD(vs linux at least) since 2004 for any firewalls that I deemed "serious", FreeBSD before that.
I hate *BSD user land stuff, but I do like pf.
nate