|
||||
In order to have PF protect your Linux server, you must route its traffic through the OpenBSD server. The Linux server must not be directly connected to the Internet.
{Internet} - [OpenBSD] - [Linux] There are two ways to route traffic to the Linux server: 1. They share the OpenBSD server's IP address. TCP/UDP traffic can be redirected by port number, also called Port Forwarding. PF's rdr-to is used. See the Traffic Redirection chapter of the PF User's Guide. 2. The OpenBSD server has multiple IP addresses on the public-facing NIC, and all traffic for one address is redirected to the Linux server. This is done with Bidirectional Mapping (also called bidirectional NAT, or "binat"). PF's binat-to is used. See the NAT chapter of the PF User's Guide |
|
||||
The speed is going to be very similar; packet redirection and Bidirectional NAT have similar paths through the OpenBSD kernel.
You must choose Bidirectional Mapping:
You may want to use Redirection if you do not have a requirement for Bidirectional Mapping and you wish to save money by using fewer Internet-facing IP addresses. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
FreeBSD FreeBSD: A Faster Platform For Linux Gaming Than Linux? | vermaden | News | 6 | 15th September 2011 03:45 AM |
Other Another Linux Security Breach (this time at Linux Foundation) | vermaden | News | 0 | 12th September 2011 07:00 AM |
linux streaming server | c0mrade | General software and network | 0 | 27th June 2009 11:36 PM |
linux compat and linux-only drivers | fbsduser | FreeBSD General | 9 | 22nd January 2009 05:42 PM |
Sun Java System Web Server - Active Server Pages (yes ASP) | hopla | FreeBSD General | 0 | 26th September 2008 08:22 AM |