On Thu, 2010-03-11 at 11:00 -0500, Abdul Nazeer wrote:
iptables, but if anyone has any other suggestion, I'd love to hear it.
PFsense, (being freeBSD-based, comes under your "other" category) It uses the OpenBSD-based pf firewall, with a web-based GUI for almost everything (except maybe console resets). works for me in several locations, some `heavy and high`. One caveat for the current PFsense: traffic shaping in 1.2.3 release is somewhat borked (1.2.2 works much better) and it doesn't work with more than 2 interfaces, so 1 wan - 1 lan is OK. Check out the user forums for specifics scenario gotchas if any. There's a good (recent) book about it, covers 1.2.3 release, very good it is too, with lots of help for multi-wan, VLAN, IPsec, etc etc. Routes Gigabit nicely with "normal" (pci-e or pci-x) hardware. Check out the hardware sizing guide for examples. What I particularly like is the "alias" function, it makes working with huge groups of IPs easy. BGPd, etc are all available as packages - you can for example use minicom to get CLI via the console port into a cisco ADSL router or local SCADA kit Been stable for me for a couple of years now, several instances Oh, did I mention failover ? CARP Me like :) Gord -- rockin ze bedroom