What about NetBSD? I heard that NetBSD has the best network stack out there. Maybe NetBSD with pf is the best choice? >>> I can't find information is there linux or BSD distribution with effective >>> firewall that uses optimized algorithm to store hundreds of IPs and to >>> forward huge traffic. Any idea? >> >> Hundreds? >> >> http://www.openbsd.org/faq/pf/tables.html >> >> "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups >> against a table are very fast and consume less memory and processor time >> than lists. For this reason, a table is ideal for holding a large group of >> addresses as the lookup time on a table holding 50,000 addresses is only >> slightly more than for one holding 50 addresses. Tables can be used in the >> following ways: >> >> * source and/or destination address in filter, NAT, and redirection rules. >> * translation address in NAT rules. >> * redirection address in redirection rules. >> * destination address in route-to, reply-to, and dup-to filter rule >> options." >> >> nuff said ? >> >> I love linux, I've been using it for almost 15 years now, I absolutely >> hate iptables(and ipchains, and ipfwadm). By contrast I absolutely >> hate everything about OpenBSD except for pf(which I love, ipfw and >> ipf aren't too bad either, at least for the era), so I use OpenBSD >> for firewalls, and linux for everything else. > >I can back this; during 2009, I deployed a bunch of load balancers >running OpenBSD (using pf, carpd, and relayd). I used to be a super die >hard BSD guy, but through the years and having used/deployed/propagated >NetBSD, then FreeBSD, then OpenBSD, then NetBSD again, I took one of my >usual once-a-year looks at GNU/Linux (this time, it was CentOS, after >having worked with RHEL for some years), I got settled here. > >Long story short: I'd really recommend OpenBSD for your task. iptables >really sucks. I recently deployed some machines running several virtual >instances (however still the cheapest *proven* way to get several IP >stacks in Linux) doing L2 routing, I threw iptables off of that machines >because it just can't handle stuff at that rate. OpenBSD rocks, I even >have a setup running (active-active, load balanced) at about 40Mbps >using Alix boards [0] -- they rock, and they are no way busy. > >OpenBSDs documentation is the best out there, it's documentational >quality is what I really really badly miss in the Linux world. However, >the community is a bunch of (sorry in advance) assholes. But this is >well known throughout the internet, so: You have been warned. Great >product, totally lame vendor. ;) > >Timo > >[0] -- http://pcengines.ch/alix.htm > >> nate >_______________________________________________ >CentOS mailing list >CentOS at centos.org >http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091218/02c4d11e/attachment-0004.html>