The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Re: Which FW for MPLS VPN?
On Sat, Jan 29, 2005 at 10:09:05PM +0100, Garry Glendown wrote: > As Cisco doesn't seem to have a suitable firewall IOS for their PIX any > time soon, and the Lucent Brick we picked up doesn't seem to be anywhere > close to usable, what Firewall are you folks using to connect multiple > MPLS VPNs to the Internet? I use Linux with a *very* customized iptables script. Redundancy is taken care of by having dual boxes; all that is needed for one box to take the primary place is execution of the iptables script. None of the comfort of Netscreen or other solutions with nice graphical interfaces, but since the Pentium-II boxes I used were free, the solution cost only the eight hours I needed to cobble together a decidedly unholy iptables script (can you say 800 bash lines with subroutines and for loops. I should have used arrays for some things and I didn't). It does manage everything I've thrown at it so far (overlapping IP ranges, unauthorized public IP ranges, multiple inside FTP servers acessible from outside...) *Now* what I would like is to see if the same thing could work on an MPLS-enabled Linux box, to save me the VLAN link between fw and router. I think it would feel cleaner. A little. ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|