(This is a brief summary of the answers to my question I posted to
firewall mailing list and comp.sys.sun.* newsgroups. Unfortunately, I
forgot to ask the question to the probably most relevant newsgroup
namely, comp.unix.solaris! So I am sending this to who
have helped me write this brief summary as well as posting this to the
comp.unix.solaris newsgroup to obtain more info if possible.)
SUBJECT: Sumary to my question "Building a firewall gateway using Solaris 2.4 for x86."
My original question:
Has anyone built a two-homed (two network interfaces) host for
firewall/gateway application using Solaris 2.4 for x86 on
Intel CPU hardware?
How easy is it to compile
TIS Firewall Toolkit,
CERN httpd,
WU-FTP, and other tools?
Performance issues?
The summary of responses I got is as follows.
Yes: Some people have built a firewall using Solaris 2.4 for x86.
It worked great.
TIS Firewall toolkit:
Someone answered it compiled fine on Solaris 2.4 for x86 with
gcc.
CERN httpd: ? My guess is it will compile fine.
wu-ftp: ? My guess is it will compile fine.
chrootuid: ? My guess is it will compile fine.
Someone mentioned that since Solaris 2.4 for X86 uses the same
source code tree for Sparc, these should compile just fine.
(I compiled these on Solaris 2.4 on Sparcstation 5 and it went
without hitches. TIS Firewall toolkit requires sol2 patch.)
Commercial Package:
I have also learned that FIREWALL-1 commercial package is available
for Solaris 2.4 for x86 platform.
contact: info@CheckPoint.COM
http://www.checkpoint.com
General Recomendation:
Larger the memory, the better.
SCSI interface is better for Solaris (UNIX in general.)
I am advised that it is very important to stick to hardware
listed in Sun's hardware compatibility list. This list is available
from many sources including sending a mail To: x86hcg@sun.com
It is a good idea to choose a hardware item that was approved
six months ago than the one that was approved last week.
This way you can avoid subtle compatibility problems.
(I am not sure if the horror compatibility stories I read in
PC-related newsgroups are not experienced by Solaris x86 users
regarding IRQ/DMA/IO port assignment and such.)
[Any addtional tips are welcome. Please e-mail me. I will summarize in
return.]
-- Chiaki Ishikawa ishikawa@personal-media.co.jp Personal Media Corp. Shinagawa, Tokyo, Japan 141|It's reported that Canter & Siegel search for and archive all articles |that contain their names or "Green Card". This .sig is to help them.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:27 CDT